There was an interesting article in our local Puget Sound Business Journal, which you can find here.
The article discussed what sounded like a very innocent but unfortunate case of bad decision-making on the part of a Boeing employee. The gentleman in question had been having trouble with the formatting of an Excel spreadsheet back in November, so he decided to send the uncooperative document to his wife to ask for help.
“What’s so bad about that?” you may ask. Well, it turns out that the spreadsheet in question contained employee names, ID numbers and accounting codes in visible columns, and birth dates and social security numbers in hidden columns for 36,000 Boeing employees. Yikes. To make matters worse, this gentleman sent the sensitive file to his wife’s personal email account, because she was not a Boeing employee. As you can imagine, as soon as this breach in protocol was discovered, alarm bells were raised and the company was compelled by law to send a letter to Washington Attorney General Bob Ferguson, informing him of the breach and its possible impact on 7,288 Boeing employees here in this state.
It was a stupid move. A bad decision. A dumb thing to do. But I can’t help thinking to myself that it could have been me. I’d like to think that I would know better than to risk violating the privacy of thousands of colleagues, but who knows?
And that’s the real problem. Corporate security is 50 percent firewalls, 30 percent common sense, 15 percent preventive training and five percent unicorn tears. I clearly remember almost being sucked into one of those “Nigerian Prince needs your help” email scams in 1995 (that story still pulls on my heartstrings). To this day I don’t know how that prince got my email address…
But I digress. Security awareness or training is so important and doesn’t get talked about enough. Employees need to be aware that a lot of the things they do make it easier for hackers to steal proprietary data. They need to learn how to identify and avoid suspicious links, sites, and content, and they need to know the dos and don’ts of cyber security etiquette.
I don’t want to be the guy who jeopardizes the privacy and security of my colleagues or employer. I don’t want to have my house raided and laptops confiscated because I did something stupid. And I certainly don’t want to get fired for a lapse in judgment. Like I always say, common sense may not be so common after all.
With that in mind, let’s not make life for hackers any easier. If you haven’t read any simple security tips in a while, why not take some time to skim through some of the articles linked below. Trust me, your company and your colleagues will thank you. Best of all, you won’t be that guy.
Stay Safe Online (National Cyber Security Alliance) – Train Your Employees
Symantec – Training Your Employees on Information Security Awareness
Sophos – IT DOs and DON’Ts