I visited a law firm last week and opened up my sweet little Macbook Air while I waited in the lobby. I found the firm’s wireless network and connected. Because I’m nosy, I opened Finder (the Mac version of Windows Explorer) and noticed two computers on the network. Click, click, click, and I stumbled upon a load of billing data and client files. The firm’s QuickBooks data was right there as well.
Of course, I didn’t open anything, and when I went back to meet with the attorney I had come to visit, I explained that the firm’s files were all visible to anyone nearby.
There was no password required for me to get on the network. There was no barrier between me and the data. It was all accessible to anyone with a computer or smartphone—no hacking required.
What’s ironic about this story is that I had come by office to talk to one of the attorneys about the security of data stored in the cloud. He wanted to learn more about how safe the firm’s data would be on Dropbox or Clio or one of the other cloud-based services specializing in handling client data.
We chatted about the security at his firm. The firm contracts with a local IT guy. The IT guy, theoretically, handles all of the security needs, including providing virus protection, firewall software and hardware, and other measures. Of course, it’s not working. Incredibly, no one knew it wasn’t working until I did my unsophisticated security check. Oops.
Is your data security dependent on an IT guy bending over your server with his butt crack hanging out?
I love the debate about cloud data security. Are we better off with data in our offices on our servers or stored somewhere on servers on the Internet? Which is more secure? Companies like Google, Salesforce, and Dropbox compete to hire the best software engineers in the universe. They are constantly recruiting the best and the brightest to add to their teams.
Are you getting the best and the brightest? Is your IT guy trying to decide whether to work for you or for Google? Or, more realistically, is he begging you for the business?
Do you really think your IT guy can secure your data better than these well-funded ventures? Do you really think you have the capacity to interview and select a qualified IT provider?
Certainly, the big firms suffer security lapses. Those lapses get well publicized, and the vendors lose customers when it happens.
But you suffer security lapses right there in your office regularly. It just doesn’t get publicized. Most of the time, you don’t even realize it happened.
Where is your data more secure? In your office or in the cloud? I’m keeping my data up there where it’s safe.