Is your organization failing to use even basic security techniques to keep information confidential?
Fifty percent of employees surveyed by Radicati did not know or say if their employers publish an email policy, according to a Nov 28, 2006 article, “The Offbeat E-Mail Horror Stories,” in InformationWeek Daily online. This half of the employee population obviously can not follow any policy designed to keep email information confidential. In addition, the article did not indicate if the survey found that the other half even knew about and followed a company email policy.
Years ago a co-worker handed me a document from a local high technology company labeled “Corporate Strategy Considerations.” She found it on the side of the road while pushing her baby in a stroller. Aside from a few water stains, it was quite interesting. However, at least, the company had put “Confidential” on the front page so I destroyed it.
The Boston SCIP chapter’s June 2006 speaker, Dr. Kevin Desouza, told of having been hired to test the security at a large Chicago firm. He bought a manila envelope for $1.39, wrote the president’s name on it, and showed up at his client’s headquarters to “deliver the important document personally.” It only took him 45 minutes to get from the front door to the president’s office.
Unfortunately, as Dr. Desouza mentioned, organizations are loath to spend time and money on information security because the ROI is impossible to assess. How do you include the costs of the disasters that you prevented in your calculations? You can not, but you should create and implement basic security plans for your important information before one of these security breaches occurs.