Security Starts At Home

from the nobody-knows-nothing... dept

With all of the well hyped security breaches of the last month, politicians are springing into action with all sorts of regulations and ideas -- most of which won't do much good, but should get their name in the paper a few times. Unfortunately most of the legislation they're talking about deals with the "after-the-fact" impact of security breaches, rather than encouraging better data protection at companies. A new survey of security professionals shows where part of the problem is. It turns out that many security professionals have no clue about the state of their own company's data security. 27% claimed they didn't know if the company's security had been breached. 16% of those responding said they knew their company had security holes, but they hadn't had a chance to go looking for them yet. You can certainly poke holes in the study (just because you're a security professional doesn't mean you need to know all aspects of the company's security, for example), but it really does sound like there are a lot of companies out there who just don't take the security of the private data they hold very seriously. Fixing this won't stop security breaches, of course. And even if you build the Fort Knox of data security, someone will figure out a social engineering way to get around it -- but that doesn't mean these companies shouldn't be doing a much better job of protecting our data. Considering these companies are storing our data, why couldn't people pull a poor man's Transparent Society and demand a security audit at some of these companies to make sure their own data was safe?