Digital clutter as business cyberthreat

[harlan4096]

Digital clutter as business cyberthreat

Given the opportunity to decouple our clutter from the physical world, we have allowed it to spread to computers and networking resources and even as far as cloud services. Recently, online polling agency OnePoll did research comparing attitudes toward maintaining order in refrigerators versus keeping order in digital resources at work. Or rather, OnePoll’s research compared the levels of disorder.

I don’t know why they chose a refrigerator — probably because the inside of a fridge is concealed from view just like the clutter that reigns in the digital space — but I read the report with great interest, learning, for example, that more than one-third of respondents had stumbled onto their colleagues’ confidential data at work. And another third were still able to access files from their previous employers. These discoveries prompted me to recall three real-world cases from my own experience. They do well illustrating the danger of digital clutter, so I decided to share them here.

1. The remote workstation

A few years ago, I worked for a small system-integration company, where one of my tasks was writing about the company’s prerelease software products. To spare my workstation the unnecessary load of repeated program installation and removal cycles, I asked for a virtual machine. A virtual machine is easily reset to a clean system state. Using a virtual machine also appears to be a reasonable security measure — if it’s well-configured, of course.

My request was fulfilled — in part. The company did provide a VM, but only one for the whole team to share. Worse, it was connected to the corporate network; we occasionally had to share screenshots. But that is not the actual problem.

The problem is that I left the company more than five years ago, but the virtual machine is still up and running. It is still available at the same address, and it admits users with the same login and password as before. Being security-minded — more so than the company’s IT department, apparently — I signed in. I was able to see the files people were working on, and of course I immediately fired off a recommendation, which I sent to a shared printer inside the company: Change the VM password! And while you’re at it, also isolate the virtual machine from the corporate network!

2. Orphaned Google docs

Some time ago, as a freelance author, I worked with a company that was seriously concerned about its physical security. To gain admission, I had to notify one of its staffers, who would leave an admittance slip with my passport data (passports are the main form of ID in Russia) at the front desk.

At some point, I had my passport replaced with a new one. I messaged the editor about it, suggesting I could dictate the new passport data, to which he responded, “No time, do it yourself,” and gave me a link to a Google document with a list of their authors, complete with dates of birth and passport data. I tried to convey my thoughts about the matter to the man, but he was still too busy.

The problem is, the file is still there. It is still available to anyone who has that link. No one can delete any information from it, so anyone can view the editing history and see every change made to the file. The account owner cannot do anything about it, either, having long since forgotten his password and changed his e-mail address.

Continue Reading