Corporate Security Practices: Can Verizon Handle Yahoo?
This post describes a specific situation I encountered with Verizon but has some general implications for how individuals should remember to protect their own personal digital security. And how companies should protect customer data.
I start with what prompted me to think about security. I have a an iPhone 7, which like all others, is brand new. This weekend I used mine traveling from DC to NYC and back by train. LTE service dropped regularly and failed automatically to re-connect. This sometimes happened on my prior iPhone but is chronic on the 7. For every LTE drop, I had to go in and out of airplane mode to get LTE back. A coda on this problem is at the end
I had little spare time in NYC so raised this issue with Verizon via the one remaining asynchronous channel, social media, @VZWSupport. Other support channels are synchronous, so more time consuming.
When I posed the problem to VZWSupport, it asked for my “Mobile Number Account PIN”, an access code for Verizon voice support. I was unhappy. I pointed out – as I did in a June 2015 interaction – that while I am not a security expert, asking for passwords is a bad practice. Indeed, many companies routinely say “We never ask for passwords”.
Having my PIN in plain text on a shared Twitter account strikes me as risky. A bad employee might troll direct messages to seek personal information for nefarious purposes.
The lesson for everyone is to remain hyper vigilant in remembering security hygiene. Don’t assume big companies follow best practices. In my opinion, Verizon Wireless engages in a bad security practice.
The lesson for Verizon and Yahoo investors is to consider, if my assessment above is correct, does this signal deeper Verizon security practice problems. And, if so, can Verizon address the massive Yahoo data breach. Having just had to change my Yahoo password and delete security questions and now seeing Verizon ask for a password, I have doubts.
Coda: Had @VZWSupport been properly informed, they would not have needed to access my account. It turns out LTE dropping is a known iPhone 7 issue, explained in this Reddit discussion. Moreover, when I I connected with Verizon by phone and chat, they knew about the issue. So I draw two other lessons: (1) search the web before seeking help from a big company and (2) beware that social media teams may exist more to make nice than to provide real help.
- Alternative Legal Provider (44)
- Artificial Intelligence (AI) (56)
- Bar Regulation (13)
- Best Practices (39)
- Big Data and Data Science (13)
- Blockchain (10)
- Bloomberg Biz of Law Summit – Live (6)
- Business Intelligence (21)
- Contract Management (21)
- Cool Legal Conferences (13)
- COVID-19 (11)
- Design (5)
- Do Less Law (40)
- eDiscovery and Litigation Support (165)
- Experience Management (11)
- Extranets (11)
- General (194)
- Innovation and Change Management (185)
- Interesting Technology (102)
- Knowledge Management (228)
- Law Department Management (19)
- Law Departments / Client Service (120)
- Law Factory v. Bet the Farm (30)
- Law Firm Service Delivery (124)
- Law Firm Staffing (27)
- Law Libraries (6)
- Legal market survey featured (5)
- Legal Process Improvement (27)
- Legal Project Management (26)
- Legal Secretaries – Their Future (17)
- Legal Tech Start-Ups (18)
- Litigation Finance (5)
- Low Cost Law Firm Centers (22)
- Management and Technology (179)
- Notices re this Blog (10)
- Online Legal Services (64)
- Outsourcing (141)
- Personal Productivity (40)
- Roundup (58)
- Structure of Legal Business (2)
- Supplier News (13)
- Visual Intelligence (14)