Sunday, May 22, 2016

Check your browser tabs (and stop watching porn at work)

On behalf of forensics professionals everywhere, I implore you to stop watching porn at work.  And by at work, I don't just mean within the confines of your place of business.  With our new "always on" working environments, lets just agree that looking at porn on any digital devices you use for business is a REALLY bad idea.

If you're a politician, you've made a conscious choice to live in the public eye.  In this case, your whole life is an open book - for better or worse (usually worse).  This means you don't really get any separation between work and personal computing - especially if you post to social media.

Don't look at those other "research" tabs

I've seen other examples of embarrassing browser tabs and other embarrassing filenames on remote virtual meetings and even sales presentations.  But I've honestly never seen a politician post a screenshot like this - showing porn in two other tabs.  I'm not judging and I'm definitely not victim shaming.  But I will simply point out that mistakes like this can't happen if you don't look at the objectionable material on your work machine the first place.

But it was research....
If I had a dollar for every time I've heard this, I'd be sipping Mojitos on my own private island in the Bahamas.  But I must admit that Webb's explanation for the type of research is a first heard for me.  Something to the effect of checking for malware that might be preventing him from filing his candidacy.  That's oddly specific (and unlikely to be targeting politicians through porn sites).  Later Webb clarified that he really meant he had been battling malware for weeks on his computer and those tabs were opened from links on his Internet dating site.

Separate work and play
This incident points to a bigger issue and there's a lesson to be learned here.  Separate work from play.  Period.  In other words, use separate machines for work and play.  For those of us who are always on the road, this is harder to do since it means traveling with a minimum of two devices.  But at Rendition Infosec, we regularly find that when work and play mix (particularly on corporate machines) it's the business that suffers.

Play can be anything from online college classes to running a side business to Internet dating.  Whatever it is, if it's not business, employees should refrain from doing it on their business machines.       An employee infected when mom sends that stupid powerpoint slide show with jokes can't lose confidential information if it's their personal laptop they infect.  Policy will take you far in this regard, but technical controls preventing human stupidity trump policy every time.

In healthcare (some Rendition's biggest customers) we keep seeing people losing PHI.  You can't lose the PHI that isn't on your personal computer.  IT security has a hard enough job worrying about your work machine.  If they have to worry about your home machine (which is probably administered by geek squad or your teenage kid) that just compounds problems.

So before you fire up that inappropriate website on your work computer, take a trip to Best Buy and get a machine for your own personal use (I bought my kid a laptop to learn to program on for $200). With a personal machine in hand,  you can do all of that freaky deeky doo stuff that you want to do without risking the business's data or reputation.

What about Webb's malware problems?
I got all ranty and almost forgot about Webb.  If Webb is being sincere (as many people believe he is) then he needs some information security help.  I hope he funds information security spending in congress if he gets elected.  But as for now, I'd recommend some professional help with his computer.  If Webb needs help and can't find a trusted source for help, I'll happily offer up someone from Rendition to nuke and reimage his computer (the only real solution for a malware infestation).  We'll even check for malware along the way.

3 comments:

  1. HEH.. So I had to do an exit briefing for a pentester who had been watching porn the night before on his Macbook. DAs he was getting ready to start his opening marks for his presentation of findings to the customer's C-Suite, he opened his laptop and sounds from the night before erupted the silence in the board room...

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. I'm using Kaspersky security for many years, I would recommend this product to everyone.

    ReplyDelete

Note: Only a member of this blog may post a comment.