by Paul Rudo on 19/08/10 at 8:40 am
Google is a favorite snooping tool for hackers and unscrupulous people wanting access to your personal information.
Take a look at this search to see what I mean: This document is CONFIDENTIAL
Of course, many of these listings are perfectly harmless. Also, Google does a pretty good job of scrubbing out inappropriate content from the search results.
Most of the documents fall under one of the following categories:
- Simply blank forms that have the words “This document is CONFIDENTIAL” in the legal fine print.
- Documents containing the term “This document is CONFIDENTIAL” in a different context… such as “Nothing in this document is confidential. Please feel free to share.”
- Courtroom documents that later became public after the trial.
But after playing with the search criteria and browsing around for a while, I WAS able to find many sensitive documents from smaller companies and individuals. I was even able to find a few from very large Fortune 500 and the Government.
I haven’t found any major bombshells so far, but it’s still interesting to see how others are snooping around for information about your company.
I think this illustrates an important point about the need to control the flow of information in your company. Once sensitive information gets out onto the internet, it can be difficult – or even impossible – to have it removed afterwards.
Don’t Let You Employees “Mac Guyver” Their Own Solutions
So how do internal documents like this get published on the web? Most of the time, it’s not malicious at all. Employees are simply being creative and coming up with their own quick solutions to common business problems.
- Talking about work on social networks with poor privacy protection. (ex: Facebook)
- Sending a file via FTP, because it’s too large to send as an email attachment.
- Setting up an online message board or other PHP script as an online project collaboration tool. These applications often save uploaded documents to unprotected public folders. They also require frequent updates and become less secure as they get older.
- Using a web server as a backup device or remote storage. (It’s actually much more common than you think)
- Management sharing information on the private intranet…. which is actually hosted on a public server.
Whenever possible, give your employees the tools they need to do their jobs properly and securely. This will eliminate the need to create improvised solutions.
Also, lay out some explicit internal guidelines about how information should be handled, and make sure all employees understand the proper procedures.
This way, you can keep sensitive company information away from the prying eyes of malicious people.