Yesterday, it was reported that…
“Oregon Department of Revenue officials thought they were tightly secured against data theft. ”
Then they went on to say that
Â ”an employee from using an office computer to surf porn sites and download a Trojan horse, a hidden spyware program not yet known to intrusion-detection software. The Trojan installed itself Jan. 5 and for the next four months secretly captured and relayed data to the hackers who created it.”
Well I think there’s some liability here on the part of the State of Oregon. This is ridiculous.
First, many companies prevent independant usersÂ from having full administrative access for exactly this reason – to prevent casual web surfing, time wasting, and installation of any unauthorized software. Our tax dollars at work.Â
Second, a spokesman for the Dept of Revenue said “There are so many new sites, we couldn’t keep up with them,”Â However, if the computer was reallyÂ protected, then there would have been monitoring software installed. This would give an alert that came up when the offending program was installed. Something like WinPatrol, or the Microsoft Free AntiÂ SpywareÂ program would have detected an unknown sactivity immediately, regardless of how new or undiscovered it was.
Third, if routine maintennance, like spyware and virus scanningÂ wereÂ done on a regular weekly or monthly basis as it should be, then there’s no way it could have run undetected for four solid months. Â Â
Bottom line, in my opinion, the Oregon Department of Revenue did not take the necessary reasonable precautions to protect our data, andÂ that shouldÂ be obvious to even the mostÂ inexperienced ITÂ professionals.