Wednesday, March 26, 2008

Sending a mixed security signal

I have recently experienced what some might say is a gross security oversight. At a certain company every employee is required to lock all company data in their drawers before leaving for the night. This is obviously to prevent easy theft of non-public material data. There is nothing wrong with this practice.

However, this same company has no policy regarding its paper trash. Most people toss their old printouts in the trash or recycle bin. Yes, those who work with highly sensitive data do shred their printouts. However, the majority of the employees have had little to no security training, and not having a policy regarding sensitive printouts sends a very mixed message about corporate security.

So listen up kids, don't so this, it just makes you vulnerable, and teaches poor security to your employees. Also, it makes security wonks cry. No one wants to see that.


Anonymous said...

it is funny how often trash is overlooked. I once decided I was going to become an expert on analyzing trash. This lasted for a total of one dumpster.

Anonymous said...

This is a sign! Start studying for your CISSP. :-)