Corporate data slips out via Google Calendar
Some users appear to be sharing calendar information without realizing it
IDG News Service - It's not clear what gets discussed during McKinsey & Co.'s weekly internal communication meeting, but the dial-in number and passcode for the event can be easily found by searching with Google.
The data is out there thanks to Google Calendar, a feature added to Google's Web-based calendar service last November. Google bills it as a cool way to discover interesting events, but a few quick searches show that it can also be used to turn up sensitive corporate information that was inadvertently made public using Google Calendar.
Launched last year as part of Google's effort to develop a series of Web-based productivity applications, Google Calendar gives users the choice of keeping calendar entries private or publishing them for the world to see, but some Google Calendar users appear to be sharing their calendar information without realizing it.
The McKinsey dial-in information, for example, was posted by a person who had shared a number of calendar events including project status meetings and call-in numbers for the company's "McKwiki Weekly" project.
McKinsey spokesman Mitch Kent confirmed that the name on the Google Calendar matched that of a McKinsey employee in the company's IT department. McKinsey employees do not "use Google Calendar on a regular basis," he added.
Further searching revealed that quite a few corporate calendars can be found on Google Calendar, yielding such tidbits as the date and time of vendor meetings and names of projects in the works. Dial information could also be seen Tuesday on other calendars for calls on topics such as "Deloitte's V2 Status Meeting - Updated" and "Compliance Overview."
Details for several JPMorgan Chase & Co. conference calls relating to the company's storage systems, including a dial-in number and passcode for a May 3 call to discuss a "SAN Security Remediation Project," also could be seen publicly. The Google Calendar user who posted the JPMorgan information could not be reached for comment.
"This is pretty much exactly the kind of recon necessary to start doing industrial espionage," wrote Robert Hansen, the CEO of Sectheory.com, when he first blogged about this issue today. "Weekly meetings that discuss key internal information? Not looking good. Sometimes you see major leaks in the least likely places."
This kind of data leakage is a growing problem for corporations whose employees are adopting a new generation of Web-based productivity tools without necessarily understanding the security implications, said Marv Goldschmitt, vice president of business development with data auditing appliance vendor Tizor Systems Inc. "People may not understand what it means to put their information on a public service."
Google Calendar gives users three ways of publishing calendar entries: "default," "private" and "public." But the company needs to make it clear to users when they are posting information to the public, or face the risk of being blamed for its users' mistakes.
This could happen if news of a corporate acquisition were leaked via Google Calendar, he said. "That would have been a case of misuse by the user, but is the public going to read it as that, or are they going to read it as now they don't trust Google?"
Google representatives did not immediately respond to requests for comment.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Web Apps White Papers | Webcasts