Wednesday, July 15, 2009

Users Don't Value Their Own Data prt 2

There must be chemicals in the coffee telling people not to protect their data. A few weeks back I talked about the guy who applied for a credit card over the phone while in the middle of a busy Caribou (that's a coffee house for those not living in the Midwest). Needless to say, I learned his whole life story and all PII possible.

Well, today I walked into my local caribou and was a bit irked that one woman had spread out all sorts of papers over the single large table. Normally reserved for large groups or shared by several people, she had taken the whole thing. Didn't even order a drink. Anyways, out of curiousity I glanced at the paperwork and noticed it appeared to be financial records of some sorts - invoices, investement statements, bank statements, etc. Based on the sheer quantity of documents I assume she works in the financial industry and these are the records of her clients.

So whats the security concern? Maybe someone could look over her shoulder and see the documents? True, but that's not what prompted me to tell the story. After just a few minutes of sitting here I notice the women stand up, walk over to the trash and just dump a bunch of records in the trash can! From what I could tell, they were statements from a Fidelity investment account.

Once again, despite our best efforts to protect users, we can never protect them from their own stupidity and sheer carelessness for security.

-Michael Coates

2 comments:

  1. Should have "spilled coffee" all over them.

    ReplyDelete
  2. I have debated about giving the security awareness talk. You know, just a casual FYI about the risks. But I always imagine that it would either not be well received, they'd get defensive or somehow they would think to call the police.

    ReplyDelete

Note: Only a member of this blog may post a comment.