Each Of Us Has An Obligation
added: 02.18.2014, by Mike Spinney
Last week CFO Magazine ran an article that posed a good question with the headline, "How Exposed is Your Data?" With stories of data breaches affecting tens of millions of people at a swipe, it’s a fair question to ask but make no mistake: data security is not just for retailers. Data security is everyone’s concern, no matter if you are an individual operating as a contractor/consultant, a startup with only a handful of people, or a multi-billion dollar public corporation operating across the globe. “How exposed is your data?” is a question that should be asked every day.
Yet, despite the constant reminders it seems that some organizations aren’t taking the question seriously or have apparently given up, regarding money and effort spent as wasted in a futile fight to thwart both the bad guys and the careless. In a New York Times profile, security expert Brian Krebs said that while Target and Neiman Marcus have gotten most of the attention, other companies have been hit by major data breaches at the hands of the same cybercriminals but have yet to disclose the events.
An earlier article in CFO raised another problem confronting companies combating the data breach problem: passing the buck. No one wants to take responsibility for the problem. Executives assign titles and budgets, but regard themselves as above the rules (even though the information they have access to is among the most important and potentially damaging if exposed); IT departments implement the tools they are given to their best ability, knowing full well they’ll take the blame when a weakness is exploited or a trust violated; and lower-level employees are asked—directly or indirectly—to be more productive in environments that are ill-prepared to keep information secure while on the move.
And we’re all guilty to some degree.
A quick show of hands: Who out there has emailed information to a personal account in order to catch up on work from home or the road? Who out there has moved files to a USB thumb drive or mobile device in order to catch up on work from home or the road? Who out there has accidentally hit “reply all” or failed to notice when auto-complete filled in the wrong email address on a confidential email? Who out there has left a computer on in an open area of the workplace to grab a quick cup of coffee? Who out there has left their email alert on while projecting a PowerPoint presentation from their laptop?
Need I go on?
We can wag our fingers and utter a tsk tsk when the next Target happens, and we can point fingers or complain about our circumstances, but that won’t help when it’s our turn at the data breach wheel. What will help is choosing today to better choices and take better care of those things within our control.
Even it we can’t eliminate the risks of a data breach, we can minimize them. And each of us has an obligation to do that much.