Three articles from Darkreading.com recently caught my attention and made me wonder, why don’t we think anymore? I mean, I know we all “think“, but serious cognitive thought about situations seems to be a lost art.

For example, Kelly Higgins describes a situation where bank records involving customers in stock option programs as well as other banking activity were lost. Now that is somewhat understandable when you use a third-party to store the tapes as I have in the past. But this is the part of the article that caught my attention, “The unencrypted storage tapes…” (Higgins, 2008, ¶ 2). WAIT!!!  Unencrypted?!?! Why would you want to risk the exposure of sensitive personal information by not encrypting the backup tapes? In my job I deal with personal health information (PHI), A.K.A. HIPAA governed information. I would NEVER send data across the Internet to our external backup site or do a tape backup without encrypting the data I’m putting on the tape. I’ve had 2 people fired for transmitting PHI via e-mail to an employee working from home.

Then the article by John Sawyer about a microSD card he found on the street and what was on it. Word and Excel documents…okay. Probably information the company wouldn’t want to be released, but it’s probably low-risk and low-threat type data. But porn movies? And not only that, but homemade porn movies also? I mean seriously! Do people really want to risk their jobs with porn on their phones? And hopefully not a company supplied phone.

And then this gem by Tom Wilson. How did the virus get on the computers in the Space Station? Yep, a virus made it to outerspace folks. Someone is suggesting it probably made it there on a USB thumb drive. Probably. But they do transmit e-mail via KU band transmissions back and forth to the station. I guess now we’re going to have to start frisking astronauts before they get on the rocket to make sure they don’t have any undeclared thumb drives.

So, the common thread on these stories is why don’t people think? When you look back over the past couple of years of breach reports, you’ll see stories about someone leaving a CD full of unencrypted PHI in the backseat pocket of an airplane. Consultants and employees having their laptops stolen from cars and restaurants, and the data stored on the notebook is not secured. And now 12 million people have had their personal financial information exposed because someone didn’t encrypt a backup tape. These are easy to prevent situations, but why don’t we think? Are we naive enough to think that “it won’t happen to me?” I think that has been disproved enough times. Which is why the number of computers reported as being a member of a botnet has quadrupled over the past few months!

It seems to be to be a pretty simple situation. “I have health related data on my notebook, or on the CD, so I better make sure it’s either encrypted, or I need to be EXTREMELY careful with it.” Isn’t that the thought that should be going through your mind? Wouldn’t you want someone who was working with your personal information to exercise the same restraint and concern to make sure your data is secured? Of course you would. You’d be the first to scream when your data was released. But why don’t we show that same respect toward others? Why don’t we think?

— Higgins, Kelly Jackson. (2008, August 29). Bank’s Lost Backup Tapes Contained IDs of 12 Million Clients. Dark Reading. http://www.darkreading.com/document.asp?doc_id=162651.

— Sawyer, John H. (2008, August 29). Dangers of Mixing Business and Pleasure. Dark Reading. http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=162653.

— Wilson, Tom. (2008, August 29). Who Infected the International Space Station? Dark Reading. http://www.darkreading.com/document.asp?doc_id=162654.

Advertisements