Many companies are not fixing security problems.
We have recently done security scans around the Los Angeles area and found something that is really shocking. There are still many companies that have gaping security holes. Probably most people don’t find that shocking, so here is the shocking part. When we contact them to tell them about the problem, they don’t want to talk with us. Some hang up the phone, they don’t respond to letters, or tell us that they don’t handle security. This probably speaks to why they have a security problem.
With all the news stories and recriminations about computer systems being hacked and data being stolen or corrupted you would think that people would be more aware and take more precautions. While many people have taken precautions, there are still many that have done nothing. Their networks are accessible with no passwords, or firewalls in the way. This is something that everyone should be aware of since it affects everyone’s lives when they choose to do business with these companies.
Here are some examples, keep in mind there was no special software used, no passwords, no tricky phone calls, or hanging from a skylight. These networks are simply exposed to the world.
- A Mexican restaurant in Torrance has the network that hosts their Point Of Sale systems exposed. This would be something to think about when you hand over your credit card at the end of the meal. They did not return our contact.
- A major auto dealer had their internal network exposed. In buying a car you give them all your credit information.
- A major health care provider made a similar mistake. They did close the hole after being contacted, but we are not aware of any other follow up.
- A beauty shop, hung up on us when contacted. They still have the problem
- Several government related offices and branches have had problems. Those holes are still there despite recent news articles about data theft from them.
- A law firm was notified that they were using weak, and unencrypted passwords, yet did nothing to correct it.
There are many more, again there were no exotic means and no system breakins to get this information. They simply made the information public through improper system design. For obvious reasons, the identity and locations of these companies has been omitted, nor have we revealed the specifics of their security problems in manner that could make them targets. There is no doubt that somebody will find and exploit them though.
We are available to help them fix these holes, but the part that is harder than finding the problems is getting someone to talk with us about it. People want to believe that there is no problem, or they just shrug because it is not their job. In reality it should be a concern to every business owner, employee, and customer since it is your information stored in and being transmitted by these systems. Whether the system was done DIY, or by professional IT staff, both have made mistakes, and systems should be audited to make sure they are secure.<o:p> Security is not something to be left unrepaired until there is a problem, nor is it something to wait for someone else to do.
For a consultation please call us at 310-310-320-5708 or contact us