There is a slide that I use in my Cybersecurity Best Practices for PII training that causes people to question me. No one would ever be that irresponsible, they say. No one would ever make that many mistakes at once. Here it is.
Now, I took this photo myself, and I staged a coffee shop with my own computer, my son’s phone, a notebook, my ID card sitting in the computer, all in my dining room. It could be that no one would ever leave a computer this open and available in public. But the fact is, I staged this based on the dozens of times I saw the same thing happen at coffee shops around the Washington, DC area.
For some reason, the coffee shop work culture has led people to believe that turning to a complete stranger and saying “keep an eye on my stuff” is enough to keep bad actors at bay. People with work to do are grateful for the free wi-fi, not appreciating the risk to their data. These are not uneducated people; they are people in a hurry, who may need to pick up their order or use the rest room, or take a phone call. But when smart people are in a hurry they lose their vigilance.
A week after I took this photo, I was at a rest stop McDonald’s and saw a similar scene: a computer without a lock screen, with a note book, sitting alone at a table, with no one anywhere near it for the entire time I was eating my lunch. I walked past and saw that the notebook appeared to be a list of employees or potential ones, with additional PII next to the names. My husband got onto his phone and saw that the computer was on the open wi-fi and kindly left it alone, while I went to the counter and found the manager to tell him to come get his computer before someone with fewer scruples broke into it.
Extracting a bad actor from the mess they can make of your life from a simple mistake like this one takes time and money that no one wants to spend. Your security infrastructure only works if your people know how to keep things secure on their end. If you know of a company where employees handle private information but are not cybersecurity-savvy, contact us to talk about a Best Practices training. We’ll design one just for you and help keep mistakes like this from costing what you can’t afford.