Harry & Mae's

This week, I'll discuss some aspects of the Harry & Mae's case study that I noted.

First off, I was concerned with Tom Pierce's attitude about security in his organization.  After a data breach affecting 25,000 customers credit data, I'd like to think he'd be very concerned about tightening IT security.

Case in point, the password policy--or should I say lack thereof.  The very lax policy was pushed from the top down by Mr. Pierce.  We will definitely have to tread carefully here and let Mr. Pierce know that there must be a strong password policy put in place and endorsed by senior leadership in the organization.  It would be very easy for an insider with bad intentions to find a password near a user's PC, login, and start doing their dirty work.

I am also concerned about the employment of the security appliances used by Harry & Mae's.  Mr. Pierce seems to think they are not working.  I think he does not really know that they are actually not being used properly.  Examples of this are the Sonic Wall firewalls allowing all traffic through and the Barracuda Spam & Firewall appliances running without activated subscriptions.  This area will also call for a frank discussion with Mr. Pierce.

Also of concern is the same Web server hosting both internal and external data.  This is definitely not a good decision.  The internal and external data should be managed by separate servers.

Lastly, something must be done to protect the point-of-sale systems.  They must be locked down to prevent casual web surfing by employees.

My biggest assumption with this case is that Mr. Pierce has Harry & Mae's best interests at heart and will see the reason in tightening IT security in his organization.  Another data breach could spell the end of Harry & Mae's!