Just when you’ve thought you’ve heard it all we read about the Macy’s Thanksgiving Day Parade confetti containing confidential information from the Nassau County Police Department. Not only did the confetti contain social security numbers and arrest records but partial information on President Obama’s and Mitt Romney’s recent motorcade through Manhattan.
Such a lack of control of confidential paper documents should not shock anyone these days. Case in point is an article published in The Kansas City Star “Personal data face low-tech peril” that highlights another security blind spot that just about everyone is vulnerable to at some point.
The article says that an Overland Park man had applied for a mortgage loan using the traditional mortgage origination process. The completed mortgage file and two years of tax returns were subsequently stolen from the Pulaski Bank loan officers’ car while he was parked at a local gymnasium. Other examples such as loss of paper based patient records by “Meals on Wheels”, physicians transporting patient files and the list goes on. The potential liability and damage to the organization’s brand are difficult to measure. But in the end it is about the person whose information is now in the wrong hands!
As these “blind spots” are discovered companies tend to be very proactive to correct the areas that were responsible for the breach. In the case of the Nassau County Police Department a complete review of the chain of custody of their paper documents was probably the first reaction. Another “simple” solution would be to use a newer cross cut shredder! You would think they would have had that one figured out!
It is unfortunate but we routinely see two consistent themes in the area of IT security consulting:
- Organizations that wait until a data breach occurs before they get serious about doing something to reduce their risk.
- General lack of knowledge on the part of Senior Management as to Data Security best practices. To quote the article Lies we Tell Our CEO’s About Database Security, “when senior executives of any public or private organizations don’t understand industry best practices or what really constitutes a sophisticated attack, they’ll probably fail to properly fund protection measures against securing sensitive databases.”
Don’t wait to be the next headline before you discover your security blind spots! People, process and technology are the key components to locking down your confidential information.
Photo credit WPIX