The biggest no-no ever
Tanium, a reputed cybersecurity firm, is in hot water for showing live demonstrations involving a client’s network without their permission.
Semantics aside, can you think of a time you’ve done something similar with your clients’ work?
#Oops
As far as colossal mess-ups go, publicly exposing problems with a client’s network ranks pretty highly on the “oops” list—especially when you’re a cybersecurity firm and you don’t have permission to do so.
Oh, and the aforementioned client is Santa Clara’s El Camino Hospital.
While Tanium’s demonstrations didn’t compromise any sensitive patient data, they did showcase weaknesses in El Camino’s security network, thereby potentially opening these vulnerabilities up to attack.
Apples to Apples
Most rational people might think that showing a live demonstration of anyone’s private data without permission is an egregious offense, to say nothing of doing so with a hospital’s data. To those people, I would say “You’re not wrong.”
As always, however, there’s a lesson to be learned here:
you are not privy to other people’s property without their permission, period
Even if they’re using a product of yours in conjunction with their information. Again, you might (justifiably) say “Duh” and roll your eyes, but it’s shockingly easy to overlook this philosophy.
Here’s an example: if you edit a client’s work or create a visual presentation for them based on existing graphics, you may be tempted to show off your work—and rightly so, since you spent the last 20 hours pouring your heart and soul into this project (or doing the bare minimum—I won’t presume to know how you work).
Naturally, you might think that you have a claim over the content, since a lot of what’s on the page—or, in this case, in the video—technically is your work, and thus, yours to share. Put simply: it isn’t.
Easy Mistake, Hard Consequences
This confusing area makes it challenging to weed out instances of malicious intent from what is likely a myriad of people eager to show off their work without first obtaining permission.
[clickToTweet tweet=”You should always ask for permission to share work, even if you did a majority of the work.” quote=”As a rule of thumb, though, you should always ask for permission, even if you own every character, pixel, and embarrassing statistic on the page.”]
Worst-case scenario, the client declines but respects you more for asking.
#NotSoSecure
Pingback: Security of client information is important, so change the process.