Jeff over at HIPAA Blog gets all the best comments. Right now he is involved in a dialog with Diva of Disgruntled that points up a number of issues. From what I can tell, there is plenty of wrong to spread around, and some foolishness and poor judgment on both sides. The situation makes a good example of what can happen when an employer (in this case Kaiser) exposes themselves to an unhappy ex-employee. Some important points here:
Your biggest threat is from within. We spend tons of time building defenses against the uber hacker when most of the time he really isn't all that interested in us. These defenses are important, though because part of why he isn't interested in us is that we are hard to crack, and there are so many other easy targets out there. Anyone who wants to understand how most hackers work should read a good history of the campaigns of Caesar Borgia, Lucretia's older brother, and the man that Machiavelli based The Prince on. Borgia conquered most of Italy in a very short time, mostly by not conquering it. If a city was a hard nut to crack, he bypassed it, knowing that there were plenty of easier targets. If he really wanted a city, and the defenses were strong, he bribed someone inside to let him in.
Think about it. Who knows your defenses and systems? The folks who work with them, or in this case someone who used to work with them. And who is most likely to want to do you harm? Some joyriding script-kiddy out to show his buddies how good his kung fu is, or someone who feels they have been done wrong, and who has little to lose?
So what do you do to minimize your exposure here? Like everything else it is way better to prevent fires than to be a fireman. Screen your employees carefully. Treat them well. Monitor their activities. And make sure that you terminate them with dignity. Fighting with someone over a few dollars of unemployment insurance may save you some pennies in the short term, but you will make an enemy of someone who has the keys to the postern gate, a map to the stronghold, and the secret password that opens the citadel.
1 comment:
So this is from the better to light a candle department. Rather than complain about no commnets, I'll make one.
For those who actually are interested in Borgia, I can recommend Banner of the Bull by Raphael Sabatini, the guy who, along with Alexandre Dumas, pretty much invented the swashbuckler. It is fast paced, lurid, and reads like, well, any other Sabatini book like Captain Blood, The Sea Hawk, or Scaramouche, which opens with my favorite narrative hook: "He was born with the gift of laughter and a sense that the world was mad."
Post a Comment