According to a study performed by a company called Cyber-Ark, one out of every three Information Technology (IT) professionals surveyed (total surveyed equaled 300 people) admitted to using their high security log in accounts and passwords to access confidential employee information (such as private e-mails, salary information, and board-meeting minutes).

What this means is that if this survey is truly representative of IT employees (and one has to be very cautious here as only 300 people were surveyed), your personal information at your place of employment may very well be being accessed by people who have no real reason to do so.

You can find the original story here: http://www.msnbc.msn.com/id/25263009/.

The Paladin finds this to be a terrifying statistic (again keeping in mind that only 300 people were surveyed…not a scientific sample by any stretch of the imagination). What this means is that at your place of work you must consider that anything you do electronically is not private at all.

Now, the Paladin has worked for companies in the past that indicated in their employee manual the following:

• That absolutely NOTHING the employee does on company computer equipment should ever have an expectation of privacy.
• That the employee should assume that all phone calls are being monitored.

Now, this was somewhat surprising because the company that the Paladin worked for HAD NOTHING TO DO WITH NATIONAL DEFENSE!

In fact, he worked for a major automotive supplier!

Anyway, the point being that personal privacy at your work is rapidly disintegrated, but the worst part about this report, if it is confirmed for a majority of IT professionals, is that you may be being spied upon without your knowledge.

Perhaps the moral of this story should be that unless you are using your own equipment on your own network, you should always assume that your communication may not be private (and even then, you cannot be sure your communication is private once the data leaves your own network).

We keep hearing about this over and over again in the news. Some large corporation suffers a security breach, putting people’s personal information (social security numbers, credit card numbers, bank account numbers, etc.) at risk. With the growing illegal business of identity theft, we are likely going to see more and more of this.

As the Paladin has repeatedly alluded to, computer defense and data security are every bit as much tied to human knowledge and actions as they are to good antivirus and other protective software packages.

Read the rest of this entry »

Many technical news nets were buzzing with the comment made by Cicso’s Chief Security Officer (CSO) John Stewart at a computer security conference in Australia a few days ago. Apparently Mr. Stewart made the following statement:

“If patching and antivirus is where I spend my money, and I’m still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user’s data and I still have to reinstall it, the entire cost equation of that is a waste. It’s completely wasted money.”

This statement garnered a lot of attention because the press, always ones to report with as little bias as possible (sarcasm intended), shortened the quote to the following headline: “‘Antivirus is completely wasted money’: Cisco CSO” (Click here to see one such article with a headline of this type).

Read the rest of this entry »