26 Jun 2007

Information Security - its for Small Businesses too!


I am (about) number 30 in the Business section on Amatomu. For those of you who don't know what it is - it is a list of South African blogs, ranked and indexed.

I have read some of the blogs and am impressed at the quality of them and most of them (the business ones) seem to be aimed at small businesses, which is great.

But I am an Information Security blogger and from what I have seen - small businesses don't seem to take Information Security seriously.

For example, I went to a business the other day and they have me listed on their database. But they had my password on their system in plain text. Thank goodness I use a different password for each online service I use but I know some people that use their pin number as a password and some use the same password for every service. Sorry friend, your password is no longer secure.

When you sign up for a movie contract, where does the information go? Who has access to it? Are your credit card details listed, your ID number? If you have to fill in a piece of paper first, where does that go? You probably fill in enough stuff when taking out a movie contract to allow the young kid behind the counter to be able to impersonate you and mess you around.

When you had over your credit card in a restaurant, does the waiter take down all the numbers? More to the point - is this something the manager will look out for?

Does your lawyer, who works from home, keep all your information on his laptop? Or any of it? Is it encrypted? What if the laptop gets stolen? What if all the documents he is busy with for you get wiped out in a fire/virus attack/mistake? Does he do backups? Do you?

Its not like me to sow some fear, uncertainty and doubt but I think that small businesses need to play along.

For their clients and for themselves.


I am (about) number 30 in the Business section on Amatomu. For those of you who don't know what it is - it is a list of South African blogs, ranked and indexed.

I have read some of the blogs and am impressed at the quality of them and most of them (the business ones) seem to be aimed at small businesses, which is great.

But I am an Information Security blogger and from what I have seen - small businesses don't seem to take Information Security seriously.

For example, I went to a business the other day and they have me listed on their database. But they had my password on their system in plain text. Thank goodness I use a different password for each online service I use but I know some people that use their pin number as a password and some use the same password for every service. Sorry friend, your password is no longer secure.

When you sign up for a movie contract, where does the information go? Who has access to it? Are your credit card details listed, your ID number? If you have to fill in a piece of paper first, where does that go? You probably fill in enough stuff when taking out a movie contract to allow the young kid behind the counter to be able to impersonate you and mess you around.

When you had over your credit card in a restaurant, does the waiter take down all the numbers? More to the point - is this something the manager will look out for?

Does your lawyer, who works from home, keep all your information on his laptop? Or any of it? Is it encrypted? What if the laptop gets stolen? What if all the documents he is busy with for you get wiped out in a fire/virus attack/mistake? Does he do backups? Do you?

Its not like me to sow some fear, uncertainty and doubt but I think that small businesses need to play along.

For their clients and for themselves.