Technology presents many risks that we discuss on a regular basis. There are many threats out there . . . . hackers, scammers, fraudsters, even divorcees trying to gather financial information on their ex-spouse!
But there is one threat that we often overlook. This threat seems to sneak up on us at least once a year. We usually suffer through the exploits of this threat with embarrassment and sometimes an open checkbook.
This threat is us. You and me. Those who create/order/purchase the new technology, those who use the new technology, and even those who see the new technology in use.
Or, you could say the threat is the technology itself. The way we USE technology . . . . especially new technology . . . . can damage our reputation. Try to think of some examples in your own experience where the use of a new technology caused problems. Okay, if you don’t want to relive that pain, let me give you a couple of examples that illustrate my point.
Take the university that sent 1099’s to their contract employees using a fancy new envelope stuffer. They forgot to tell the stuffer that the 1099’s were printed two per page. Imagine the embarrassment of those involved when half the contractors called looking for their 1099’s while the other half called wanting to know why they had somebody else’s 1099 on the bottom of theirs!
Or take the medical processing company that decided to put patient account numbers for their client on the outside of envelopes. The account number had an interesting format . . . . XXX-XX-XXXX!
Surely somebody in the university’s accounting process knew that 1099’s were printed two up. It would be hard to imagine that somebody in the mailing department at the medical processing company didn’t notice the social security numbers on the outside of the envelope. Why didn’t they say anything? Could it be that they assumed that somebody knew what was going on? Or could it be that they figured they could get into trouble if they held up the mailing deadline?
Whenever we use a new technology, no matter who we are in the organization, we need to think it through. Let’s try to encourage a culture where everybody is allowed to point out what they see happening in the use of that technology that could be embarrassing or worse. Of course we should try to think things through in advance of the new technology, but let’s encourage the front line to warn us of anything they see going bad in the use of new technology!
Click here for more information about User Awareness Training!
The purpose of Vigilize is to respond to ISOs’ complaints that users never read ISO’s “ongoing security awareness training reminders.” Our tweets are designed to be copied into the subject line of your awareness reminder, with the language on these pages put into the body. The goal is that the user will have to read the subject line to know to delete the message, and if they understand the subject line the reminder is communicated. If not, they will go into the message and read the reminder.
Feel free to use Vigilize in your own Security Awareness Program. Let us know if you have any ideas, suggested tweets, or ways to improve this FREE service.