Sometimes you just wonder about the decision making process. The SEC told the New York Stock Exchange that computers which have sensitive information about its Trading and Markets Division were left open to cyber attacks. It gets worse. The people who have those computers brought them unprotected to a Black Hat conference, a convention that computer hacking experts love to attend to learn about the latest trends.
What an invitation to hack! The SEC claims there is no evidence that data was compromised, but we've heard that before, usually followed by a company's promising free credit monitoring for a year to its customers. Just to be sure, the SEC spent at least $200K and hired a third-party firm to conduct an exhaustive analysis to determine if any data was indeed compromised.
What I can't wrap my head around is that this is government. There are policies. Or so there should be. People who work on laptops in the office tend to take them home because they don't want to incur the costs of buying their own. But. It's. Not. Their. Personal. Property. Also, the SEC isn't sure why their staffers brought their computers to the convention. My guess? WiFi. They wanted to check their personal email and Facebook.
It's a tough call, but someone in every organization has to set up rules, and employees should use their judgment. Even though it's a nuisance, I carry two smartphones and my personal iPad with me. I do not want my personal email on my company devices. For me, it's about separation of church and state. But enough about me. I don't want to be called into a group meeting and be told to be careful. Put it in an employee handbook in the first place. No company laptops or tablets may be removed from the premises without prior authorization. No unprotected devices may leave the building. Ever. How difficult is that?
