Where is Your Data?

Sitting down for lunch this last week with a colleague in LA, I noticed three young ladies at a table nearby.  Typical of many people today, besides the constant chatter back and forth, all three were texting away and checking email, etc. on their iPhones.

One of the ladies was a smoker and through the course of the visit, kept getting up to go outside to indulge.  (I noticed by the pack of cigarettes and lighter she would leave on the table upon her return.)  Not wanting to pause the conversation, the other two companions would join their smoker friend and head outside.

So what does this have to do with data? Continue reading

A Wonderful Public Service

Social Engineering  …  People are often the weakest link.

While away on a business trip recently, I called home to my wife in the evening and she had an interesting story about her day.

She was expecting a call from her veterinarian so when the phone rang with an unidentified caller id, she answered it.  The caller was someone with a deep  accent who explained to her that he was offering a public service, because his company had found that there were many “junk files” on people’s PCs out there and the situation was “worse than viruses.”  Because of his concern, he was calling as many people as possible to help them “delete the junk files.” Continue reading

Some things are just too basic

One day last week, I happened to visit a lawyer’s office to consult on a business matter.  Nothing was really out of the ordinary and the place was a typical small law firm with plenty of boxes and files piled around all the desks.

There was one thing a bit off.  One of the young ladies in the reception area faced the exterior wall and her monitor was visible and readable to me as I stood there in the reception area.  As I sat down and waited for my appointment, her monitor was still visible and very much readable.

Now it must have been lunch time because the young lady was surfing Facebook.  But what if information governed by attorney/client privilege was on her screen?  Or, confidential personal information about a client?  All of the technical security solutions and investments would be of little value preventing such a breach, but the fix remains easy.

Most aspects of good security boil down to people, process, technology and environment.  This example is a case of addressing the people aspect by awareness training, altering the environment by perhaps relocating the desk and screen, or even a simple technology fix such as an inexpensive screen filter.

How are your employees protecting your sensitive information?