In June this year, I was appalled to realise that colleagues in Sri Lanka mindlessly wrote sensitive information on public information boards.
At a meeting today on the 21st level of the UN Secretariat in New York, ironically discussing ways to break down firewalls – technical, processual, managerial etc – that prevent information sharing within and between UN agencies, I was very surprised to discover computers and shared folders on hard disk drives, accessible freely over the UN’s open wifi network, that contained highly confidential personal and institutional information.
This screenshot, with sensitive and personal identity markers blocked out, shows bank records, agency audit reports, internal documents and other confidential information belonging to a well known UN figure and a UN agency. The drive in the screenshot above is an Apple Time Capsule, clearly used as a backup hard drive.
You can also see the range of other computers and hard drives available over the open wifi network that one could browse at will. Frighteningly, this particular Time Capsule even allowed Guests to delete files.
Given that anyone who enters or in fact is close to the Secretariat (e.g. from 1st Avenue) can access the UN’s powerful public and unsecured wifi signal, this is a significant problem and speaks that even institutions that only know too well the risks associated with information leaks unable to address the fact key members of staff have little or no understanding of information security.
InfoShare’s significant experience in the design and deployment of highly secure ICT solutions for peacebuilding / human rights protection suggests that network intrusions and data leaks are often the result of the monumental carelessness and oversight of end users rather than any sophisticating remote hacking by a third party. Sustained user education on security is vital and the design of information systems with multiple safeguards against this sort of bad practice.