This past week there was an announcement from a local university that they exposed the private information of 18,931 employees from 2002 had been published for “at least three years.” They caught it by total accident when a current worker found the file online and quickly moved to remove the data.
They are tight-lipped about how this happened saying they believed it wasn’t from malicious intent. We’ll have to wait and see if the details are ever released, but the real question I’m concerned with is how do we prevent this from happening in the first place?
The first rule, and the most important one in my opinion, is don’t put anything on a web server you don’t want to see on the front page of the local newspaper. The second rule, and nearly as equally important, is to restrict user access to those people who understand rule number one.
~Geof “stolen identity” Franklin