One downfall to the endless possibilities of the Internet is the existence of identity theft. Just under 9,000 current and former Indiana state employees had their social security numbers posted to a public website leaving many vulnerable. Though the breach was quickly corrected, one has to wonder how such a mistake could have occurred in the first place.
According to the Indy Star, the accidental slip-up was caught just a tad too late:
Mark Everson, commissioner of the Indiana Department of Administration, said in a news release that the numbers were erroneously included in a contract solicitation file posted on the department’s procurement Website. They were immediately removed after a department employee noticed them. By then, though, four entities had already accessed the information.
It’s tempting to imagine two files on a state employee’s computer desktop—one reading “public contract information”, the other reading “top secret employee SSN data”—being “dragged and dropped” in a momentary distraction. Though this is probably not what actually caused the mishap, it does seem odd that sensitive information could be so easily manipulated and posted.
Whether it is customer lists, protected health information (PHI), financial records or personnel files, virtually all organizations deal with sensitive data. Securing this data with appropriate software tools, strong passwords, steel deadbolts and surveillance cameras is essential, but how robust are the procedures and workflow that shuttle this data around an office?
If your company or organization has great security policies but is concerned about how well those policies are actually followed or implemented, contact business process design experts at AccelaWork. We diagnose workplace operations, and can not only help you to understand what you are doing today, but find ways to work smarter and more securely in the future.