A hideous discovery
Still not scared? Here's a wicked story that is sure to give you nightmares. A typical full security assessment of an organization includes the facility as well as the data center; this means checking all policies, personnel, cyber security, and physical security. It was 11 p.m., haunting hours, the ideal time to test out the physical security of a building. Creeping through the dark to make sure the doors were locked, a horrific discovery was made. A door in the back by the loading docks (which just happens to be next to the data center) was unlocked. As if that wasn't frightening enough, right next to the door, along the edge of the wall and out of reach of the motion detector, was all of the company's taped storage! PII and PHI were easily available for any ghoul to take. Because this was a major exposure, someone within the organization had to be alerted immediately, otherwise, walking away knowing there was exposure could result in liability. Thinking this nightmare could not get any worse, the closest person within the organization to the office was the company's CFO who arrived to re-secure and lock the building in flannel, footy pajamas (how about that for a creepy image?).
So what can we learn from these terrifying tales? First, don't assume that processes, procedures and policies are being followed. Verify and check to make sure they are. Second, common sense doesn't prevail in most environments, so don't assume people will make the right decisions. Ensure that employees have the data to support all decisions, so that they are making them in a proper and correct manner.
Sign up for CIO Asia eNewsletters.