IS worries about browser-stored data on hard drives

IS mamagers are starting to face up to the fact that users who venture out onto the World Wide Web may not be doing enough to protect information about who they are and where they've been.

IS mamagers are starting to face up to the fact that users who venture out onto the World Wide Web may not be doing enough to protect information about who they are and where they've been. Browsers such as Netscape's Navigator and Microsoft's Internet Explorer store information from Internet and intranet documents on the user's hard drive to speed up network performance, but some IS managers are worried that users aren't savvy enough to clear out sensitive data.

"We're concerned about disk-caching all of a sudden for the first time because we have sensitive information that's being stored permanently on the hard drive, and it's not being deleted," says Pat Leary, senior technical staff member at Sandia National Laboratories, a US Department of Energy research facility based in Livermore, California, which has more than 6000 Netscape Navigator users.

The browsers store aspects of Web activity such as URLs and text and graphics from HTML documents, as well as from other word-processing and spreadsheet documents inside an intranet that are viewed through the browser via plug-ins. Disk-caching of information makes downloading previously viewed data more efficient. But many users don't realise that Navigator and Internet Explorer keep that information even after the session is completed.

Protective measures do exist. Documents that are secured with the Secure Sockets Layer (SSL), such as those containing credit card information, are not automatically disk cached, and network administrators can tag server documents they don't want to be stored on the user's hard disk so that they vanish completely once they are no longer on the screen, according to Netscape officials.

In addition, users can set the disk cache to 0 so nothing is stored, but that would slow down the performance. Or they can manually clear out the disk cache before shutting down the browser each time by going through several pull-down menus. But a consultant who also manages his firm's intranet says users should be told that their browser is automatically storing data on their hard drive and make it easy to delete.

Browser vendors "should give the end user an option, and it shouldn't be just through preferences. Most business users don't know what that means," says Aron Dutta, a principal at Booz, Allen & Hamilton, a management and technology consulting firm in New York with about 7000 Netscape Navigator users. Dutta suggests a pop-up screen that informs users when they may have sensitive data residing on the hard drive and asking them whether they want to delete it before logging off.

"Smart users can just go in and erase their caches," says Benjamin Janis, a systems specialist at Genentech, a bio-tech company based in San Francisco that has more than 3000 Netscape Navigator users. But, he says, "I think that managers need to become more sensitive to security. They need to drill it into their employees' heads."

See NSClean

Join the newsletter!

Error: Please check your email address.
Show Comments
[]