Educause Security Discussion mailing list archives
Re: Staff Directory on Web
From: randy <marchany () VT EDU>
Date: Thu, 24 Jun 2021 14:59:25 -0400
I don't like having staff directories behind a login page. For example, I was trying to contact my counterpart at another EDU about a security issue but didn't have their contact info. Couldn't go to their directory because it was behind a portal. We forget sometimes the directory is not so much for internal people as it is for external. Having said that, if you tell your faculty/staff their work contact info is available to the web, you'll find people being more careful in small ways, because they know they could be the target of a phish/scam. City dwellers are less trusting than country dwellers. :-). Thinking you're safe from scammers because your staff directory is private is a false assumption. Anyone who's done a talk at a seminar, webcast, conference, etc. who put up a contact info slide in your deck has made their work info public :-) -Randy Marchany VA Tech IT Security Office and Lab On Thu, Jun 24, 2021 at 1:56 PM Barton, Robert W. <bartonrt () lewisu edu> wrote:
Afternoon, There is a little debate going here on IF our directory of employees (name, number, email, department) should be available to the web. One side looks at it as we are being transparent, and it is good "marketing". The other side is looking at it like we are releasing to much information (making it easier for a hacker to find targets) and making it easy for SPAMers. Has anybody had this conversation before? Anybody have an article that says one or the other? As I search around, I'm seeing colleges/universities that go both ways. Robert W. Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Staff Directory on Web Barton, Robert W. (Jun 24)
- Re: Staff Directory on Web Jeremy Livingston (Jun 24)
- Re: Staff Directory on Web Sidharth Nandury (Jun 24)
- Re: Staff Directory on Web Blake Brown (Jun 24)
- Re: Staff Directory on Web James Monek (Jun 24)
- Re: Staff Directory on Web Lovaas,Steven (Jun 24)
- Re: Staff Directory on Web Telfer, Will (Jun 24)
- Re: Staff Directory on Web Barton, Robert W. (Jun 24)
- Re: Staff Directory on Web Foss, Henry L. (Jun 24)
- Re: Staff Directory on Web Lovaas,Steven (Jun 24)
- Re: Staff Directory on Web randy (Jun 24)