You won’t believe it, guys! I know this firm, which would like to become a first class player in the system integration business, trying to aggressively approach the marketplace; some techies, a couple of geeks, mid/high level prices and (fortunately) a lot of cash flow generated by the other (still) biggest business line. They are committed to the bs7799 best practices, lately iso 27001; so do their most important customers. ‘Outside outsider’, I’d say, but an internal (extremely) poor sense of security, joint by a no existent security policy and a very low level of IT expertise gets to:
no wifi network card installed on laptops; try to guess: they pay people to remove the built-in ones!
curious and unsafe erp authentication procedure: password is equal to login name; no expiration
email system password = email software’s name; (unfortunately) one of the most widely used
extremely unsafe internet corporate portal, which could be accessed by everyone;
ridiculous ras and vpn setups;
self-made crm system, self-made document management system, self-made procurement system, self-made erp, self-made everything: no common platform, no common database, no common anything; a mess
customers’ data (uncrypted) published on the internet; sql database dumps freely available to everyone
dangerous http/https tunnelling paths to corporate private resources
and so on…
So what? You’re saying. Nothing, just jokin’…
Scopri di più da Luca Bonesini
Abbonati per ricevere gli ultimi articoli inviati alla tua e-mail.