Home / Blog
Written by: 3/7/2011 7:01 AM
Two years ago, a Massachusetts hospital employee took some work home and accidentally left it on the subway train.
Oops.
And now, this week, the company is paying out $1 million bucks to settle a lawsuit with two patients whose sensitive health data was lost.
Whoa. BIG oops.
This is really unfortunate for everyone involved: for the company that has to pay, for the patients who feel personally compromised, and especially for the poor guy who just left his briefcase on the seat. These situations somehow feel worse, because there was no slick Dastardly Dan working in a smoky backroom, late into the night, to hack into the company’s database. It was just an oversight—but an expensive one.
And so, as always, there are lessons to be learned.
1) Take work home if you must—but be very careful. This tip does not apply to everyone. If I leave my blogging notes or a TO DO list on the counter at Starbucks, it hurts no one but me. But I don’t work with sensitive data. If you work for a company that demands privacy for sensitive client or customer data, then take extra care. Don’t put those notes down.
2) Be aware of your surroundings. Often, people don’t leave physical copies of data lying around, but they may be dropping all kinds of breadcrumbs when they open their laptop computer in a crowded restaurant or have a loud business conversation over their cell phone. People are listening and people are watching—and they may be dangerous.
3) If you make a mistake, own up quick. This may be the hardest part. No one likes to admit to a mistake, but it may save your job. Then again, it may not, depending on how egregious the error is. But hey— at least you’ll be covering your bases, right?
While some of this is tongue-in-cheek, we really cannot stress enough the importance of care when it comes to having sensitive data out in public. We know—because we use everything to our advantage when performing social engineering penetration tests for the companies that hire us. So take it from the professionals: sometimes you need to leave work at work.
Read more about it here:
http://www.darkreading.com/insider-threat/167801100/security/privacy/229219606/index.html
0 comment(s) so far...