Lesson about Passwords after Theft of 16,000+ UCLA Patient Records
Nov. 6, 2011
The personal information of 16,288 patients at UCLA’s network of hospitals and clinics are in the wrong hands following a burglary of a doctor. The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (U.C.L.A. Health System Warns About Stolen Records).
Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July of this year.
The possible good news: The personal medical data was encrypted.
But the alarming news: A piece of paper containing the password was missing from the doctor’s home.
“Rule 1 is never write down passwords,” warns nationally known security expert Dr. Stan Stahl, of Citadel Information Group in Los Angeles.
“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds.
“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.”
You can get more of Dr. Stahl’s insights on his security blog and his Web site.
(Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)
From the Coach’s Corner, here are additional cybersecurity tips:
Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study
Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?
Security Precautions to Take Following Citibank’s Second Reported Online Breach
Our Mobile-Banking Warnings about Security Prove Prophetic
“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”
-White House Cybersecurity Advisor, Richard Clarke
__________
Columnist Terry Corbell is also a business-performance consultant and profit professional. Click here to see his management services (many are available online). For a complimentary chat about your business situation or to schedule Terry Corbell as a speaker, why don’t you contact him today?
How China-Google Controversy Might Affect Business, Government Security
Updated 6:50 p.m. April 20, 2010
The security issue between China and Google appears to be taking on new ramifications – threatening proprietary information for business and government agencies, if they do business with the giant search engine.
When Google was hacked last year by cybercriminals in China, they stole a computer program that managed access to Google’s programs, according to a New York Times article Monday. In the past, Google has denied hackers were able to access personal information from Gmail accounts, but the search engine did not respond to The New York Times report.
“As the story makes clear, businesses considering cloud services like those offered by Google, Amazon and others must ‘look before they leap’,” warns Internet security expert Stan Stahl, Ph.D., Citadel Information Group, Inc. (www.citadel-information.com).
“While it’s probably obvious to look at the security provided by the cloud provider, less obvious is that the business needs to also look at that part of security that will still be its responsibility, the part of security that the cloud service provider isn’t providing,” says Dr. Stahl, as the go-to security authority.
“Security can never be a matter of looking at ‘this’ or ‘that.’ Security must always be about looking at ‘this’ and ‘that’,” he adds.
As a management consultant, I wonder about two other questions: What about the privacy of Google’s services and business and government agencies? Is the threat to Google’s business model more severe than first thought?
Google’s services for the private and public sectors are not limited to the following but they include:
- AdSense is a platform for publishers to generate income by displaying a bevy of click-through advertisements, but Google requires sensitive information in order for publishers to receive payment. Google’s AdSense automatically inserts display and text ads, which are frequently changed.
- Google Analytics is a service that helps Web site owners to understand how they’re faring with visitors , such as how they reach your Web site and what they visit.
- AdWords is a sponsored links section. It’s the largest service of its kind and Google has the No. 1 market share.
- Merchant Center uploads product listings in for use in a variety of ways. They include AdWords ads, Google Search, Google Product Search, and Google Commerce Search.
- Checkout helps businesses increase sales by selling online.
- Website Optimizer, with access to sites, tests content in order for publishers to optimize the conversion rates of their visitors.
There are other Google services, but you get the idea.
The news article provided more alleged details that include Google’s “Gaia.” That’s Google’s stolen password system. Gaia is the Greek mythological goddess of earth. Gaia managed the entry to its services for the private and public sectors.
For more of the report’s details, see: Cyberattack on Google Said to Hit Password System
If The New York Times article is accurate, and my Biz Coach sense is that it is, businesses and public agencies doing business with Google might want to consider a security-needs assessment by a qualified expert. This is also a bigger threat to Google’s business model than we first believed. Google deserves support on this security issue.
(Disclosure: This site published Google public service messages.)
From the Coach’s Corner, in a new related development, BusinessWeek reports government criticism of Google in this article: Google Is Neglecting Online Privacy, Authorities Say
Also, worth reviewing are two Biz Coach columns regarding Internet security:
How to Protect Yourself from the Internet Crime Wave
Business 101 Lessons: Google vs. China’s Censors, Cybercriminals
