There’s been some interesting reaction to last week’s story about the security risks of blogging on mobile company devices. Some readers weren’t convinced that this poses a real threat, and one person even called the whole thing a bunch of FUD.
Don Ulsch, technology risk management director in the Boston office of Jefferson Wells, told security executives during a lunchtime presentation on emerging threats in Newton, Mass., Wednesday that “many people blog from work and mobile platforms and that’s very bad.” Blogs, he said, are one of the bad guys’ tools.
He noted there are approximately 100 million blogs across cyberspace and many of them are used by organized criminal outfits to push gambling and pornography. When an employee does personal blogging on a company machine and corporate email account, blog databases are able to suck in a wealth of email data. Digital miscreants can then use sophisticated data mining software to scan the blogs for proprietary information that may be sitting in some of those stored messages, he said.
One of the most vocal critics of this notion is Alan Shimel, chief strategy officer for StillSecure, who wrote in his blog that Ulsch should “keep his FUD to himself.”
He was particularly annoyed that Ulsch used the Gary Min-DuPont case as an example of the threat. “The funny thing here is the DuPont case has nothing to do with blogging at all,” Shimel wrote. “A disgruntled employee downloaded and stole trade secrets. What does that have to do with blogging?”
A few points are in order here.
First, Shimel is right that the DuPont case has nothing to do with blogging. But in Ulsch’s defense, the presentation he gave was about the larger topic of emerging threats, particularly the dangers posed by malicious or careless company insiders. Blogging on mobile company devices was one of several examples he offered, and he brought up the DuPont case not as an example of the blogging threat, but of the consequences a company can suffer when it doesn’t pay attention to what its employees are doing. He argued that DuPont was asleep at the wheel as Min stole trade secrets. In the case of blogging, he cautioned companies not to be lax when employees mix business and personal pursuits on their work machines.
I didn’t see the blogging example as FUD, but as a potential problem worth further discussion.