Your data is at risk - from everything

Chilling evidence of corporate vulnerability

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

The recent revelation that the Ministry of Defence has banned the use of iPods on its premises highlights the growing perceived threat from portable data-capturing devices.

The MoD is not alone in suffering a bout of Cold-War-style security paranoia. SecureWave recently warned that USB memory sticks represented a real menace to the future of western civilisation. Websense, meanwhile, votes work-based personal storage sites as the thing most likely to succeed in bringing your organisation crashing down around your ears.

We all know what's to blame - "USB-friendly" Windows XP. In the old days, you had to stick a floppy in a machine to nick data. Later you had to burn the data onto a CD. Now, though, you can just plug a USB memory stick into a machine and walk of with your employer's financial records. Chilling stuff.

We at The Register, however, believe that there are even greater threats to corporate data integrity - some using methods so simple that they will freeze solid the blood of any right-minded CEO.

For example, one Vulture Central hack recently copied an email address from the screen of his PC and walked out of the office with it before the sophisticated CCTV system had a chance to react. He used what is known in the hacking community as a "pencil" which - when deployed in conjunction with "paper" can be used to record huge amounts of confidential data. The "paper" can then be folded into a bundle small enough to be easily concealed in the pocket.

We have also been alerted to the existence of "photography". Our sources suggest that miniature "cameras" can quickly capture essential information. The preferred method of industrial espionage is to place a document on a flat surface - a desk is ideal - illuminate it with an anglepoise lamp and "photograph" it.

When downloaded to a PC via - you guessed it - a USB cable, the resulting images can be emailed to millions in a matter of minutes.

Terrifying stuff. There is, nonetheless, another vector via which your company's data-blood can be sucked from your corporate neck - people.

Disturbingly, your staff have access to huge confidential resources every working day. Their brains can store a virtually limitless number of sensitive facts - facts which can then be transferred orally to third parties, often after administration of the truth serum "beer".

The drug is administered in "pubs" - squalid places of social interaction where staff will gather daily to exchange reminiscences of the day's events. It only takes one slip of the tongue and the lid is blown off your top-secret plan to outsource the entire IT department to Kyrgyzstan. Think about it.

In the light of this multi-pronged attack on your vital organs, we at The Register have formulated a five-point plan which guarantees the absolute integrity of your data. We have called it "From paperless to dataless - a new security paradigm for a threatening age". You must:

  • Prohibit staff use of iPods, USB memory sticks, floppy disks, CDs, pencils, pens, paper, telephones of any description and signalling devices including flags and morse-code lamps.
  • Restrict staff access to computers, preferably completely. Ideally, remove your company's entire IT infrastucture and seal the servers in concrete-filled oildrums and dump them into the Atlantic.
  • Put all hard copies of every document in your organisation through the shredder. Then burn the remains.
  • Restrict numbers of staff who have access to mission-critical data by sacking the lot of 'em. Outsource their jobs to a callcentre in Bangalore and use the savings to buy more shredders or have your servers dumped further out into the Atlantic.
  • Above all - don't panic. Despite recent scare stories in the press, security experts confirm that a healthy 11 per cent of all confidential data will not be stolen this year and offered on the Internet to the highest bidder.

Related resources

"From paperless to dataless - a new security paradigm for a threatening age" will be available for download in an unshredded PDF format from 15 July. It costs £12,470 + VAT.

Related stories

UK military bans iPods - some places
Computer Security: a handbook for the ordinary user
iPods are the latest security risk
Memory sticks are the latest security risk
Personal storage sites are the latest 'security risk'

Security for virtualized datacentres

More from The Register

next story
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story


Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.