Information (in)security at the United Nations, New York

In June this year, I was appalled to realise that colleagues in Sri Lanka mindlessly wrote sensitive information on public information boards

At a meeting today on the 21st level of the UN Secretariat in New York, ironically discussing ways to break down firewalls – technical, processual, managerial etc – that prevent information sharing within and between UN agencies, I was very surprised to discover computers and shared folders on hard disk drives, accessible freely over the UN’s open wifi network, that contained highly confidential personal and institutional information.

un3

 

This screenshot, with sensitive and personal identity markers blocked out, shows bank records, agency audit reports, internal documents and other confidential information belonging to a well known UN figure and a UN agency. The drive in the screenshot above is an Apple Time Capsule, clearly used as a backup hard drive. 

You can also see the range of other computers and hard drives available over the open wifi network that one could browse at will. Frighteningly, this particular Time Capsule even allowed Guests to delete files. 

Given that anyone who enters or in fact is close to the Secretariat (e.g. from 1st Avenue) can access the UN’s powerful public and unsecured wifi signal, this is a significant problem and speaks that even institutions that only know too well the risks associated with information leaks unable to address the fact key members of staff have little or no understanding of information security.

As I noted in my earlier post,

InfoShare’s significant experience in the design and deployment of highly secure ICT solutions for peacebuilding / human rights protection suggests that network intrusions and data leaks are often the result of the monumental carelessness and oversight of end users rather than any sophisticating remote hacking by a third party. Sustained user education on security is vital and the design of information systems with multiple safeguards against this sort of bad practice.

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 123 other followers

%d bloggers like this: