You can't secure what you don't acknowledge.SM

Tuesday, September 23, 2008

Big target for the bad guys

I just heard an ad on my local radio station about MedsFile.com....Knowing what's going on out there on the Web combined with the silly and careless Web application vulnerabilities I see in my work I cringed when I heard about what this company does. They store all of your medical records online in one convenient location. It's actually a great idea but there's certainly some room for abuse.

I'm not picking on MedsFile.com...After all they do have a decent privacy policy - something I've written about before. Surely they're testing their app for vulnerabilities.

My point is to do your own due diligence before giving up all of your personal information with the online businesses you deal with. A privacy policy is easy to post. It's just a written statement that may or very well may not be enforced by the people who placed it there.

Sure, no security is guaranteed but you at least want to do business with organizations that take it seriously and are actually testing their Web sites/applications the right way.

No comments:

Post a Comment