Interesting news lately!  It seems a hacker has leaked some confidential information on some of the employees over at Twitter (not good press) and some news sources (namely TechCrunch) have said they’ll publish some of it!  Now there’s a bit of a debate over whether or not it would be good practice or even legal to publish “stolen” information.  I’ll let the lawyers work that out (you can still comment on the issue if you want).

Its interesting to note that Twitter does not lay blame to the security of Google Apps (apparently where information was held).  It’s also apparent that it wasn’t the fault of Twitter’s technical security technology.  The hacker actually weased his way in via an emplyee’s private email account!  This isn’t the first time a high-profile personal email has been hacked into (remember Sarah Palin?).  He then used his access to that account to find access to the company documents.

Here’s the interesting thing.  I’ve read articles using this case as a case against cloud computing, at least where it is today.  Its true that SaaS (software as a service) and cloud computing has some improving to do, especially in the area of security, but I don’t see this as much of an example of it.  Let me explain where I think the leak could have been avoided.

In this modern age of computing and Internet use, many company security policies are in dire need of updating.  For instance, one security standard that should have been upheld is the avoidance of the use of personal email for the access of company information (that goes from documents to network access).  The company should have full control over the security of services such as email.  If there was a breach in the security of the company’s email, it would be the fault of IT and hopefully it would be kept up to date and monitored so there is very little chance of such a leak actually happening.

For a personal tip (one I must also take advantage of), you probably have username and password information for various services throughout your email inbox.  For instance, do you remember that time you signed up for such and such service, or that other time you lost your password for that other service so a new one was emailed to you?  Just stop for a moment and think about how many of your accounts throughout the web can and probably will be compromised if someone got a hold of your email password.  Perhaps it’s time to search those out, write down or otherwise securely save those passwords, and delete the email messages containing them.  Also, you SHOULD be periodically changing those passwords in case they become compromised without your knowledge (check out this article about making strong passwords that you can remember).

I’ve taken the liberty to link to some sources that should help with company securtiy as it would relate to the Internet, mobile work forces, and personal equipment used for work.  Check these out and see how you can keep yourself, and/or your company, secure from nightmares such as Twitter is now dealing with.

1. Securing Our Clients’ Data While on The Road
2. Wireless Insecurity
3. Managing the Security and Privacy of Electronic Data in a Law Office – Part 1
4. Managing the Security and Privacy of Electronic Data in a Law Office – Part 2
5. 5 things you should know about wireless security
6. You should have a data security policy.
7. Email Best Practices – Email Policies in an Organization
8. Email Best Practices – Personal Email Management

These are just a few of many links and sites dedicated to helping other secure their data.  in encourage, nay IMPLORE you to do some research and get yourself secure.  Your livelihood could depend on it!