My Dad tells a fantastic story…
…about a security breach that we can all learn from. He was told the story at a security briefing on the proper disposal of classified materials.
While conducting an audit, a security officer noted that some classified material had been thrown away without being shredded first.
This was bad. Very bad. So the security officer gave the HBIC a real tongue lashing. The HBIC said he would take care of it.
And he did.
The HBIC promptly issued a memorandum instructing all personnel to properly dispose of classified materials by placing them face down in the trashcan.
This is not a joke.
Even if you don’t work in the classified arena this idea seems comical. How could anyone assume that if you put a classified document face down in the trashcan that no one will come along, lift it up, turn it over and read it?
In spite of all appearances, these people were not dumb. Quite the contrary.
Yet, I have seen—and continue to see—a similar naivety when it comes to posting confidential documents online.
Here’s the scenario:
- A hardworking, intelligent person is just trying to get her job done.
- She has a confidential document she needs to share electronically. She does not want to share it by email because she knows email is not secure.
- Thankfully she has the ability to easily post documents to the company website. So she posts the confidential document.
- She knows how things end up in Google. Search engines follow links. She doesn’t want this document showing up in Google so she does not link to the confidential document.
- Successfully posted, she shares the link to the confidential document with only a few select people. She reminds them: Do NOT share this link with anyone! It’s confidential!
Inevitably security by obscurity is compromised.
In the best case scenario the document is removed before serious damage occurs. In the worst case, the technical team uses every personal connection they have at Google to try and get them to remove it from their index immediately.
Will this be the fantastic story my child remembers me telling?
I hope not.
I hope we’re able to educate these smart, well meaning people before they post their confidential documents “face down” on their company websites.