We have all been reminded over the years of the perils of making assumptions, and how it “makes an ass out of you and me” to ASS/U/ME. Yet when it comes to security education and awareness for our employees and colleagues, we assume that because they are the most talented accountant, doctor, lawyer, engineer, writer, marketing guru, or executive, they have that same prowess in keeping company data secure as they do in their specialty.
And with this assumption, we watch breach after breach occur as data goes missing, is stolen, or otherwise is left in an unsecure manner.
Not by a long shot.
Security is not always convenient, yet convenience trumps security with great regularity.
Another Breach! Read All About It!
For the past 20 years, the security industry has been preaching trade secret protection. The challenge from foreign governments and unscrupulous competitors scraping the internet for your company’s trade secrets was a reality then, as it is today. More than one super-sized company has seen their trade secret protection evaporated because an employee spoke of their “super-secret” work in a public presentation, or posted it on a social network.
In fact, Naomi Fine, CEO of Pro-Tec Data, was quoted way back in 1997 advising companies that “someone should review all speeches and public pronouncements, especially ones made by scientists or others aglow with the pride of discovery. Press releases should be screened by product managers.”
Golden advice in 1997, priceless advice in 2017.
And then the dawn of social media came and illuminated all industries. We’ve seen private or secret groups formed on various social media networks to facilitate (for example) the internal coordination or processing of healthcare claims, because internal tools were inadequate or antiquated. Third party collaboration tools brought into play by employees without (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Christopher Burgess. Read the original post at: https://threatmatrix.cylance.com/en_us/home/security-awareness-dont-be-an-ass-and-assume.html