You won’t believe it, guys! I know this firm, which would like to become a first class player in the system integration business, trying to aggressively approach the marketplace; some techies, a couple of geeks, mid/high level prices and (fortunately) a lot of cash flow generated by the other (still) biggest business line. They are committed to the bs7799 best practices, lately iso 27001; so do their most important customers. ‘Outside outsider’, I’d say, but an internal (extremely) poor sense of security, joint by a no existent security policy and a very low level of IT expertise gets to:
no wifi network card installed on laptops; try to guess: they pay people to remove the built-in ones!
curious and unsafe erp authentication procedure: password is equal to login name; no expiration
email system password = email software’s name; (unfortunately) one of the most widely used
extremely unsafe internet corporate portal, which could be accessed by everyone;
ridiculous ras and vpn setups;
self-made crm system, self-made document management system, self-made procurement system, self-made erp, self-made everything: no common platform, no common database, no common anything; a mess
customers’ data (uncrypted) published on the internet; sql database dumps freely available to everyone
dangerous http/https tunnelling paths to corporate private resources
and so on…
So what? You’re saying. Nothing, just jokin’…