What do you say to the boss who has been robbed blind by the outsourcers?
- Thread starter gremlinz273
- Start date
- 11,085
- 41,950
OK,
First, what everybody else has said : DOCUMENT THE LIVING FUCK OUT OF THIS AND HOW YOU FOUND IT AND PROOF THAT YOU'RE REPORTING IT.
Second, Report to your direct boss. Print copies of all emails in that chain and document well.
If your boss ignores it then you have a choice of cover your ass and look for something else to do, or find out what kind of database and information is in it. If it falls under the rules of anything that says "PCI" (credit card info), "SOX"(banking/stock info), or "HIPAA"(health and personal information) ask if your company has a compliance and regulatory department and report to them.
You're either going to be a goddamn hero, or your company will try to pin it on you. Good luck and godsspeed.
disclaimer : I work for a company that does network and information security and auditing, and you will be shocked how often this type of things is either ignored and/or swept under the rug until shit blows up. Be careful.
First, what everybody else has said : DOCUMENT THE LIVING FUCK OUT OF THIS AND HOW YOU FOUND IT AND PROOF THAT YOU'RE REPORTING IT.
Second, Report to your direct boss. Print copies of all emails in that chain and document well.
If your boss ignores it then you have a choice of cover your ass and look for something else to do, or find out what kind of database and information is in it. If it falls under the rules of anything that says "PCI" (credit card info), "SOX"(banking/stock info), or "HIPAA"(health and personal information) ask if your company has a compliance and regulatory department and report to them.
You're either going to be a goddamn hero, or your company will try to pin it on you. Good luck and godsspeed.
disclaimer : I work for a company that does network and information security and auditing, and you will be shocked how often this type of things is either ignored and/or swept under the rug until shit blows up. Be careful.
Big Phoenix
Pronouns: zie/zhem/zer
- 44,701
- 93,417
When your time is up at the company id just send a copy of all communications to the ceo or whatever.
- 684
- 786
NSA director defends plan to maintain 'backdoors' into technology companies | US news | The Guardian
Such a good idea, until these backdoors become semi-public knowledge.
Such a good idea, until these backdoors become semi-public knowledge.
Lendarios
Trump's Staff
- 19,360
- -17,424
It is not your data, it is not your code, it is not your time. You were hired to do something else. As a contractor you are never liable for work you didn't do. The same way there is no law requiring you to report it to the authorities. If you wish to be a whistle blower and throw the company under to bus, to the FBI/Hippa/ PCI agencies do it after you leave. Who knows they may even hire u back to fix it.
- 684
- 786
Like, you can't tell me what to do man.
Also, they dragged me into meeting to go over how secure they were and how I should just approve it as being secure for the next project because they were using 'best practices'.
Also, they dragged me into meeting to go over how secure they were and how I should just approve it as being secure for the next project because they were using 'best practices'.
- 684
- 786
If it's my personally identifiable information that's at risk because of this company's poor security, doesn't that make it my data?
Lendarios
Trump's Staff
- 19,360
- -17,424
Do what you want. If you want to be a whistle-blower, be a whistle-blower, but be prepared to the potential professional blow-back. If they ask you to certify the process as secure, you tell them: "no, in my professional opinion it is not secure, and i cant certify it". Why are you sweating it?
If they are looking for your jonhy hackock to cover their asses, dont give it to them.
As long as you document the problem in writing and verbally, if they want to fix it it is up to them. If they don't want to fix it, it is their problem.
- 684
- 786
Which part of, 'we are talking about something that already happened', don't you get?
This thread was a public service announcement/amusement thread.
Besides, your solution seems like you are assuming sane actors, this episode was something out of Paranoia.
This thread was a public service announcement/amusement thread.
Besides, your solution seems like you are assuming sane actors, this episode was something out of Paranoia.