Data Dumpster Diving, Anyone?
Do you know where your paper customer records are? Better yet, does the state attorney general's office know? As both <a href="http://www.informationweek.com/showArticle.jhtml?articleID=198702184">RadioShack</a> and <a href="http://www.informationweek.com/news/showArticle.jhtml?articleID=199101637">CVS/Caremark Corp.</a> have found out this year, being in control of the former situation is <i>so</i> much better than ceding control in the latter.
Do you know where your paper customer records are? Better yet, does the state attorney general's office know? As both RadioShack and CVS/Caremark Corp. have found out this year, being in control of the former situation is so much better than ceding control in the latter.Both companies -- most recently CVS/Caremark -- are facing potential lawsuits, costly fines, and negative publicity after Texas authorities discovered that customer records had been improperly, illegally -- and just plain incredibly -- dumped into the trash behind one of their stores. In the case of CVS, the dumped data is said to have included hundreds of active debit and credit card numbers, complete with expiration dates.
It only took the actions of one store in each chain to trigger an embarrassing mess. In each case, store employees violated company policy. You might think that today, only someone living under a rock would be unacquainted with the perils of identity theft, and that most people -- certainly your employees -- would have a grasp of at least the rudimentary ways in which identity theft can be abetted -- and avoided. Even if these workers hadn't read the company data retention and privacy policies, surely they've heard of shredders?
In any case, the lesson here for corporate America, its security czars, and IT departments is both clear and simple: People are the weakest link in your security armor, and education has never been more crucial. After all, who needs Trojans, stealth code, stolen passwords, and encryption keys when you can count on one blockhead to just hand over a mountain of data on a silver platter?
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024