Do Your Employees Respect Sensitive Data?


Earlier this month, a TSA manual was posted to the Internet. It listed sensitive information on how passengers are targeted for secondary screening. TSA officials said the document was an old version, and that the manual had been revised many times since that one, but the truth, is the damage was done.


The TSA incident was a good reminder that no matter how secure you think your data is, it is one misstep away from being compromised. Since so much of our information is stored digitally, we are lulled into thinking that breached data is a result of a breakdown in IT protection. But it could be something much more simple than that. In a Microsoft document on protecting sensitive materials, the very first piece of advice listed is this:


"Destroy hard copies. If you print out confidential documents to circulate at meetings, collect them afterwards and shred them or ask the participants to do so."


It's such a simple, old-school piece of advice, but those hard copies with sensitive corporate information on them can easily be scanned and made public by a disgruntled employee.


A good first step to securing sensitive data from being accidentally released is an employee background check. Identity theft expert John Sileo writes:


"Insider theft, where one of your employees facilitates the breach, is a common source of this crime. And your risk doesn't go away when your employees do. Over 60% of employees keep sensitive data after they have been terminated and nearly 80% of them stated that they knew it was against company policy. This includes everything from email lists and customer information to financial business information."