This real-life example demonstrates the failure of numerous employees throughout the company to create, impose and maintain a security-conscious environment. You can only imagine how the employee, IT and executives felt bearing some level of responsibility for all that went wrong here. And, not to mention the damage or potential damage to the thousands of hospital patients who had their personal health information and identities floating out there.
Hopefully, this story makes personal data security not just some theoretical lofty goal to achieve, but something that should be top of mind for every employee in every business that interacts with sensitive information. And the best system of security is much more than just "doing as you're told," or just following a "to do list," but is something that must be fully ingrained in the heart and soul of every part of an organization. The following skill sets, at a minimum, should be top of mind for every employee.
Understand security and what needs to be secured - At its most granular level, fully understand what each security step is supposed to accomplish, how it accomplishes it, and why that step is important to follow. Further, whether it is protected health information, Social Security numbers, or intellectual property, all employees should have a sense of what information within their organization has value.
Accept the fanatical need for security - It becomes tempting to make security a secondary priority when it seems to slow down the speed at which one's work can be accomplished. While it is not always easy to foresee the potential scale of damage and financial loss, employees should recognize that security policies and procedures are in place to avoid the example above.
Keep an eye out for security gaps wherever you are and speak up - The more minds working the problem, the fewer the problems. It is important to develop a culture that doesn't look down on the squeaky wheel.
A carrot works better than a stick - Reward employees who demonstrate a high level of daily security awareness as well as those who catch the missed security gap.
Security threats weigh heavily on IT and security professionals, and it is a responsibility that they should not bear alone. We all need to do our part to uphold the safeguarding of sensitive data.
Sign up for CIO Asia eNewsletters.