Exactly. LinkedIn goes way beyond "online resume site." Oh, and don't forget about authentication to other sites.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jun 7, 2012 at 11:32 AM, Ziots, Edward <[email protected]> wrote: > Actually the emails and passwords in linked in, and the information you > have posted about yourself has a lot of value (spear-phishing attacks, > company reputation hit ( use your accounts to spread stuff on linked in > about your company or other companies in a negative light) I could go on > with the scenario but you definitely don’t want to be a target on that. > (Grounds for termination, etc)**** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, June 07, 2012 11:14 AM > > *To:* NT System Admin Issues > *Subject:* FW: To notify, or not notify (LinkedIn)**** > > ** ** > > Here’s the discussion this morning with one of our Service Desk guys.**** > > **** > > _____________________________________________ > > *Sent:* Thursday, June 07, 2012 7:48 AM > *To:* David Lum > *Subject:* RE: To notify, or not notify (LinkedIn)**** > > **** > > David, this is *EXACTLY* what I was looking for. Thank you very much!**** > > **** > > No more comments from the peanut gallery here. J**** > > _____________________________________________ > *From:* David Lum > *Sent:* Thursday, June 07, 2012 7:45 AM > *Subject:* RE: To notify, or not notify (LinkedIn)**** > > **** > > Good questions!**** > > **** > > - How do we make the decision about what gets set out and what doesn’t* > *** > > Experience – it’s part of why our wages are a far more than minimum-wage - > we’re paid to think, not just fill in checkboxes. For something more > concrete: “if it's business-oriented and heavily used by said business then > a notification should go out, if not, then no”. If in doubt: Ask. There was > discussion between three departments that happened before the LinkedIn > notice was sent out, for example.**** > > **** > > - Do we have a clearly defined idea of where it ends**** > > I do, see above.**** > > **** > > - Several users are utilizing Dropbox and putting company > property/product on that site. If it was hacked, that would be a lot worse > than losing your “online resume” from LinkedIn, in my opinion. **** > > If so then I would hope that if you heard about Dropbox passwords being > posted on the Internet that you would want to send out a note to the org, > right? On the other hand this is one reason we DON’T want users using > Google, Dropbox, etc for corporate business – we don’t have control of the > security. This is one area that most employees seem to grasp…**** > > **** > > - Is Service Desk expected to field calls regarding non-NWEA items > (LinkedIn for example)**** > > If it’s about communications **we** send out, then yes. If we know what > we’re doing (and we do) it should be trivial to respond to these. It’s our > job to support our staff, even if some things are beyond our direct control. > **** > > **** > > - Do we need to survey the Org and find a “list” of all the business > related apps/sites and actively monitor them?**** > > No, we’re paid to understand and know our environment. If we don’t know > the majority of what’s on users’ machines and what websites are commonly > used by our staff then we’re not doing our job. Do we know EVERY site they > use? No. The key phrase is “commonly used”.**** > > **** > > Dave**** > > _____________________________________________ > > *Sent:* Thursday, June 07, 2012 7:23 AM > *To:* David Lum > *Subject:* RE: To notify, or not notify (LinkedIn)**** > > **** > > **** > > David,**** > > Thank you for your follow up and feeling concerned about our reaction. > Let me state, I wasn’t upset with the decision, I think what you did was a > good thing. Here’s the angle I am coming from:**** > > **** > > - How do we make the decision about what gets set out and what doesn’t* > *** > - Is Service Desk expected to field calls regarding non-NWEA items > (LinkedIn for example)**** > > **** > > I am not trying to knock the fact we sent it out, even if I was acting in > a joking manor yesterday. What I am trying to do is play the other side > and ask questions that I feel really do need to be asked. Where do we > stop? Yesterday when we were all talking, Dropbox was tossed out and it > didn’t seem to get the same response as LinkedIn. Several users are > utilizing Dropbox and putting company property/product on that site. If it > was hacked, that would be a lot worse than losing your “online resume” from > LinkedIn, in my opinion. **** > > > So what I am trying to drill down to is; how do we make these decisions, > how do we support this when they happen and do we need to survey the Org > and find a “list” of all the business related apps/sites and actively > monitor them?**** > > **** > > And if all this is “above my pay grade” , then disregard my 7:00 am > rambling J**** > > **** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
