Data Security SNAFUs that Make You Cringe
The end-of-year ?Best of?? articles are flowing into our inboxes, and we are deleting most of them. A few are catching our eye, however, including this subject line:
The worst security SNAFUs of 2013
What struck us most about the article: So many snafus are still caused by employee error, which is a permanent training issue for IT departments. Here are just two examples from the article:
Virginia Polytechnic Institute and State University had a server in the human resources department illegally accessed, which held information on 114,963 individuals who had applied for jobs there. Associate vice president for university relations, Larry Hinckler, said, ?The issue is someone on our staff goofed.?
An unencrypted laptop was stolen from a Republic Services? employee?s home, which had personal information on about 82,160 current and former employees at the Phoenix-based waste management company.
(Have you ever taken company data home on a laptop? Have you taken extra precautions with it while traveling and in the house? Or does it fall into your normal routine?)
Data security is hard enough to ensure without employees opening the carefully closed gates! IT departments everywhere have to commit to another round of training employees on good security habits in 2014. Plus, giving secure access to data so that it need not travel home can minimize the risk. Document encryption can help, too.
A fourth incident triggered a massive overreaction, which is a different lesson for all of us: Get the facts right before taking expensive corrective action. Speed is of the essence when fighting malware and virus corruption, but sometimes you need a rifle to kill a virus, not a shotgun:
?The U.S. Department of Commerce?s Economic Development Administration destroyed about $170,000 worth of IT equipment including computers, printers, keyboards and computer mice last year on the mistaken belief that the systems were irreparably compromised by malware.??Just before the EDA was to destroy about $3 million-worth of additional equipment, the Inspector General stepped in to let them know that the malware causing ?irreparable? damage actually was ?a common malware infection on six computers that could have been erased with anti-malware tools and other steps.?
The bottom line in IT security: Get professional help. Work with pros to install strongly secure software, and train employees constantly on the various ways hackers are trying to break into organizational systems.
Have you been involved with a security breach? Conversely, do you feel the security protocols in your organization get in the way of productivity? Is the right balance being struck?