I'll use a recent real example, and in this case the
misdirected post was for yet another optometrist. Seriously, what is it with optometrists and
security failure? It has never been more
true that there are none so blind as those who will not see.
There are three different failure conditions, all with a
cost and an impact.
#1 The sender
doesn't know the receiver didn't get the message. They are spending money posting paper that
never gets delivered.
#2 The receiver
doesn't know anything about the message at all.
They are paying for the message to be sent, but are getting no value
from it.
#3 The sender has
included enough information on the outside of the envelope to allow anyone who
sees it to steal the identity of the receiver.
They've assumed that the communication is private and can't be
intercepted.
It's #3 that is the most troubling. The name, address, account number, contact
details and a number of other pieces of interesting information were on the
outside. This is sufficient to be able
to reset the password of the legitimate receiver at the organisation of the
sender. After that, identity theft
becomes very easy.
We know that information is being snooped off our
networks, but we forget that every piece of physical mail is scanned and
photographed to allow automated delivery.
Those photos are metadata, and almost certainly end up with the security
services.
It isn't enough to keep our identities secure online, we
have to remember to keep them secure offline as well.
Phil Kernick @philkernick
No comments:
Post a Comment