A title to an article in SmartMoney caught my attention because it read “Dingbat Data Leaks”.
I think it caught my attention because over the last 27+ years or so, I have worked with my share of IT and IS department managers, as well spending many years working with end-users and I am not sure I understand who the author is referring to as the “dingbats”?
The author mentions absurd incidents and common blunder incidents….so:
Are the people that throw away sensitive records in the trash the dingbats?
Are the people that lose flash drives and laptops the dingbats?
Is the gas station attendant who refilled the receipt printer with a used roll that had prior customers’ credit card data printed on the back a dingbat?
I get the impression from the article that yes, they are the dingbats. The article closes with an interesting bright side revelation from a Ponemon researcher that only 2 percent of all data breaches result in ID fraud. And the conclusion of the article cites that cluelessness works both ways and says “just as it takes human stupidity to produce a leak, even accidental recipients with criminal tendencies are usually too dense to realize what they’ve received.”
Everyone has their own view, however I see some great Lessons Learned in this article for business leaders.
Isn’t it the responsibility of business leaders (and their managers) to ensure all appropriate personnel understand which records can and can’t be thrown away and which need to be shredded?
Isn’t it the responsibility of business leaders (and their managers) to ensure all appropriate personnel understand how to handle and protect information that is in transit or on mobile devices?
Isn’t it the responsibility of the business leaders to ensure their technology and business devices are compliant with today’s security and privacy regulations?
Is it possible the source of these common problems is the business leaders not implementing situational awareness, regulatory requirements, legal due diligence and accountability for their employees?
After 27+ years experience and research, I know People are very capable and most want to help. I also know People can be an organization’s first layer and best layer of defense in protecting against data leaks, but only if business leaders understand the problem and take steps to implement and enforce simple and reasonable processes and procedures at the individual level.