But with more and more information about people’s credit cards, browsing histories and identities sloshing around online, I wonder whether this will do. A few months ago, I nervously created my first Facebook page with the minimum necessary information to view pictures posted by old friends.
I returned to the page a few days later to discover that somehow it had found out both the name of my college and my graduation class, displaying them under my name. I have not returned since. In the back of my mind, I fear a 28-year-old hacker and a couple of Russians have gathered two more facts about me that I would rather they didn’t have. And it’s way too late to take my life offline.This opinion piece is a good companion to the excellent article on the Conficker virus in yesterday's Times. For even more background, look to the upper right of this blog and click on the "search the archive" link. Put in "dangerous" or something like that and you can find earlier advice, observations, and maybe a few examples.
Why am I writing this in a PCI blog? Because this is what your students, faculty, and staff are doing. This is where they are surfing on your school's systems. This is where they are collecting malware (like I seem to collect parking lot dings on my car...). And this is why you don't want cardholder data anywhere on your systems. If the data aren't there, they can't be compromised and you can't be in the headlines for reasons you'd prefer not to be.
So... be careful! Spread the word.