Wednesday 24 August 2011

RBS and HAYS contractor rates snafu

So, Hays recruitment "distributed an email disclosing the remuneration of thousands of contractors working for the state-backed Royal Bank of Scotland". Details are unclear, but a few questions from an Information Security perspective.
  • Why is this type of information lying around in an attachment?
  • Was the email attachment encrypted?
  • Why is there not some sort of Data Leakage Prevention (DLP) in place? A "Little Britain" type computer program which looks at the email recipients (800) plus attachment (3000 names) and replies "Computer says: Are you Sure?"
  • etc.
Can your organisation learn any lessons, before it's too late? Here's an opportunity to get some extra security budget.

Maybe our old friend the Data Flow Diagram (DFD) could have we go again.

Useful Links:

Social: DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

No comments:

Post a Comment