northshoredad By Brian Dann
In 2001, a network administrator who I worked with at one of the largest, most prestigious law firms in the United States, and whose headquarters was located in Chicago decided to do a search of all of the employee folders on one of the main servers where each employee saved their “personal” files, for any file that ended in JPG, MOV, or AVI, or in other words, any photo or video files. He was not looking for anything in particular, but instead just to see what types of things the partners and associates at this firm were looking at. Like almost every employee in that I.T. department he had full access to every file, every piece of information, no matter how mundane or sensitive that information was to the person or the firm. Major case files, major pieces of discovery, major evidence that could easily be copied on to a DVD and passed along to the opposing council, were all available to every person in that I.T. Department, completely unrestricted in any way. The only thing stopping anyone in that department from stealing any data they wanted to and passing it along to anyone they wanted to was the confidentiality agreement each employee signed, and a certain level of blind trust, not any real network security or restrictions to data, just trust. What was most interesting about what that network administrator found that day, when he searched for every photo or video file that was in the home folders of some of the highest paid partners and associates at this firm, was not the amount of sensitive legal evidence that could have been stolen and passed to council or the press, yes that was there, but instead the amount of pornography, racist or offensive “humor”, or even illegal materials that could ruin the careers of any one of those lawyers. And it wasn’t just a handful of photos and videos that were found, it was thousands. One attorney’s folder actually contained a video of a woman having intercourse with a horse. This law firm was lucky. Nothing was ever done with what was found, no one was turned in for having inappropriate materials, although they could have and probably should have, and the I.T. Department had a good laugh at the attorney’s expense, which I’m sure is some kind of HR violation right there. The files that were found were all copied for safe keeping and deleted from the attorney’s folders with certain confidence that no one would be coming to us to complain, “Where is my video of a woman screwing a horse?!” And even if that video was evidence in a case, it was not the proper place for evidence to be stored.
If you think I am trying to make some point here about what is appropriate or not appropriate to save on your work computer, or any type of commentary on the morality of attorneys, then you are wrong. Personally, having worked in Information Technology, I always find it amazing the types of things I find on the computers that people use for work. A work computer is the property of the company you work for and so is everything on it, so keep that in mind next time you are thinking about checking out barelylegal.com on your company laptop. The point I am making here is simple. What just happened to the U.S. Government with the release of tens of thousands of documents, that supposedly were considered secure but instead were easily obtainable by anyone of the 600,000 persons with security clearance to those electronic network based files, was a WikiLeaks accident just waiting to happen, and if you think the data at your own company is secure for even just one heartbeat, you are wrong. The data at your own company not only can be stolen but I will go so far to say, to some degree, it has been. Keep in mind, the U.S. government was not hacked into by international foreign spies, or by operatives working for Al Qeada. The information obtained, stolen, and given to WikiLeaks was done so by a U.S. soldier working internally inside the I.T. structure of the supposedly secure computer network of the U.S. military and government. The files leaked to the world were simply copied off a server and on to one or more DVD disks, and no one knew about it until it became international news, and a nightmare not just for the Obama administration but also governments and individuals around the world. The biggest threat to any organization whether private or public is not external threats but internal ones. Employees today have far too much access to the information stored on company networks and any person who has worked in any I.T. department for any decent amount of time will tell you that the WikiLeaks indecent doesn’t surprise them at all, in fact they will tell you that they are surprised it didn’t happen sooner. With USB flash drives available up to 64 gigabytes a person could easily walk out of a company with millions of confidential and damaging documents without ever being noticed. And to complicate things further, the trend towards outsourcing the administration of company servers and data farms to third party firms that have no vested interest in the data they are administering is like handing the keys to your house to a group of strangers and hoping they don’t steal your jewelry. According to Perimeter E-Security, a security firm based in Milford, CT, who each year publishes their list of the Top 10 Threats to Information Security, “Malicious Insiders” are the number two threat for 2010, only to be beaten by “Malware”, and… (To read more click here)
