How 15 minutes of shame can save your company
The Wall of Sheep is a tradition at the annual Defcon computer-security conference. Hackers at the event post information that other attendees have accidentally placed unsecured onto the conference's network. Passwords and porn are the best examples. Organizers at last week's Black Hat conference set one up, too. It's a fun prank, but here's a serious idea: Why not run a Wall of Sheep at your own company? There are two good reasons:First, a company wall would remind employees daily that their private details are available to anyone on the network who's installed Kismet and Wireshark. It's not the whiz kids from Black Hat you should worry about. It's the coworker looking to sell a list of sales leads to pay off a gambling debt. A company Wall of Sheep would be run by one or two in-house sysadmins. They would use network-snooping tools to check for unprotected data on the network. They'd publish carefully redacted versions of anything they caught onto an in-house webpage. If you neglect to set the SSL options on your mail client, just the fact that you've sent 37 emails to Carolyne at the front desk will be the day's watercooler talk. What could be more motivational? Second, a Wall of Sheep forgives no one. Not the CEO, not the star salesman, not the hotshot in Professional Services. Showing up on the wall because you didn't follow company security rules is like showing up late for work: Everyone sees it, even if they don't dare call you on it. When it comes to changing human behavior, embarrassment is far more effective than an error message. (Photo by RobotSkirts)