Communicating data between entities always opens the door to opportunities for mistakes, and that is what has happened for the State of Texas Comptroller. Today we are learning that 3.5 million state employees, teachers, and retirees personal information has been available on a publicly accessible server for up to a year.
It is an example of having good policy, but not having it followed and it has resulted in those involved being fired. The difference between what your policy says and what your employees do is one of the greatest data breach vulnerabilities for your organization. This is a prime example.
The policy said that when data is transfered between the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas that the data must be encrypted, and kept on a protected server. Smart policy, poor execution, and now names, addresses, social security numbers, and for some drivers license numbers and dates of birth were made available for anyone to find.
Are your employees doing what that policy, so neatly tucked up on a shelf, says they should do? Do they have a proper awareness of the issues a data breach causes the organization, and the impact for those that have their information lost or stolen? If not maybe they are also taking shortcuts, not taking the extra precaution they should be, and not worrying much about it.
After all the Texas Comptroller possibly like your organization has never had a breach before, is it really a big deal?
A great question for those that just got pink slips, and now have 3.5 Million folks prepared to ring their neck!
Posts
No comments:
Post a Comment