Home BMW Membership information safety issues (from elsewhere)

Membership information safety issues (from elsewhere)

0
Membership information safety issues (from elsewhere)

[ad_1]


I’ve tried asking this query elsewhere and obtained roundly dissed and blown off by OM, so I am escalating this for visibility. He is not keen to offer a solution, so I am hopeful that somebody will deal squarely with me and reply my inquiries.

Quote Initially Posted by Omega Man
View Post

v6, their present model, is what we wish, not 5. 5 was launched in 2013 and obtained sunsetted final month.

Furthermore, please do not dismiss me; it is insulting and unprofessional. I’ll preserve bringing it up as a result of I am not getting responses to my query apart from “we’ll get proper on that”, delivered with sarcasm by Henzilla after I requested about updates, or the dismissive response you simply served up. In case you are not keen to answer the membership’s questions, possibly being a part of membership management is not for you. You, as a part of management, are accountable to the membership and it’s anticipated that you’ll deal earnestly with member questions and feedback. This put up doesn’t meet that normal of respect and obligation to the membership in my view. As I used to be repeatedly reminded whereas serving the membership “officers work for the members, not the opposite method round”.

I began by questioning why we do not have a like button, however some investigation reveals that we aren’t on probably the most safe model of our discussion board software program. It is virtually 7 years since v4.2.5 model was discontinued by vB. For these not following alongside, that implies that we possible have not had a safety patch since then, at the newest. Would you belief your financial institution to be sitting on safety they put in place again then?

I am a membership member and an IT skilled. IT safety means retaining software program updated and making use of all patches needs to be our normal course of. We’re on a model that was EOL’d in 2017. Is that good IT hygiene? No. It isn’t. Is there a two issue authentication choice to guard my credentials and stop them from being poached? No, there may be not. Do we’ve Okta integration like different boards I am on? No we do not.

If there have been a breach, these gaps can be what torpedoes us and exposes us to extremely avoidable lawsuits. Now we have not achieved due diligence to guard member information, so far as I can see, so we can be discovered accountable in any authorized motion ensuing from an information breach or loss. I hope I am unsuitable, however I consider that I’m not, having seen our state of affairs play out for the more serious with a few of my purchasers. If you happen to wind up in court docket and the plaintiff factors out that the group is utilizing a software program product that is ten years outdated and has identified safety gaps, we can be held accountable for the members’ lack of privateness. It won’t be low cost when plaintiffs reveal that we knew we had been utilizing previous software program and did not remediate an apparent threat vector.

My largest concern is that 4.x is susceptible to code injection, which implies that of us can achieve direct entry to the info tables on vB, amongst different gadgets, together with consumer credentialing and PII. I’ve supported different SQL primarily based internet enabled merchandise which were topic to this potential exploit, however not in virtually ten years as a result of everybody has shut the door on that sort of hack. Can we need to get ransomewared? As a result of that is how we get ransomewared. Can we need to expose our membership to id theft? As a result of that is how we try this, too.

I work for a corporation that responds to information breaches and you do not need to reveal this group to even the tactical price of remediating this sort of occasion, a lot much less the litigation publicity. Each doc or report probably uncovered is usually analyzed for PII manually, by a room filled with attorneys, and those that’ve had their PII uncovered get a discover that this has occurred. Is that monetary and reputational threat one thing we needs to be exposing this group to?

Do we’ve the cash to purchase each member a yr’s membership in LifeLock as soon as their information is breached? I count on that we would not have the monetary wherewithal to try this if we’ve a breach and it might destroy the membership if we’re not insured for such an incidence. Civil litigation from information breaches is an actual factor. I work in that sphere the place IT and the legislation intersect.

So. Can I please get a responsive and informative reply to my query? I am not violating any discussion board guidelines and have been unfailingly well mannered. I count on a solution in variety.

Right here it’s once more: Why have not we up to date our discussion board software program?

Be at liberty to escalate to one of many admins, presuming you are a mod, or somebody on the BoD, if applicable, and I am blissful to have a dialog by way of PMs if that is useful. As a paying member, I consider I’ve a proper to a full and correct reply to my question.

Now we have a fiduciary accountability to proactively defend the info our members entrust us with. I believe that as a part of that belief obligation, it is truthful to ask questions on how we deal with, handle and defend member information. Not getting a response feels such as you’re not responding in good religion to an easy and essential query.

I’ll preserve asking about this till we’re supplied a coherent, clear reply to why we’re thus far behind on updates. I apologize if that feels antagonistic, however blowing me off actually pisses me off after I ask an sincere, good religion query. I ought to, at minimal, be capable to count on a response in variety. I’ve sat within the Massive Seat and it was my obligation and obligation to reply in good religion to questions from the membership.

Thanks.

Dave

Dave Swider

teamkbasa@comcast.internet

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here