A worker from Boeing has been fired, after their laptop was stolen. The laptop was holding data for nearly 400,000 retired Boeing workers, and included home address, home telephone number, social security and salary details (I’m guessing that person had something to do with the Boeing pension scheme….).
My first reaction to this story was, wow!, that’s harsh, but then I read on and saw that, against company policy, the data wasn’t encrypted. And I started to wonder how I’d feel if I was the CTO, or IT Manager, or whoever is responsible for Boeing’s personal computing infrastructure. From the article:
Jim McNerney, Boeing’s chairman, president and chief executive, said the breach of company policy was so serious that some Boeing managers also will be disciplined.
I think Boeing have got it dead right; this doesn’t just stop with the person taking that laptop off-site. There must be a reason for that user not encrypting their data, and I suspect responsibility for that lies at the feet of the people running Boeing’s IT as much as it lies at the feet of the user.
Think about it – why do you not do some things? Usually because they take too long, or they’re too complicated, or both. Would you forget to set your burglar alarm? No. Would you forget to lock your front-door before leaving the house? No. The reason that you don’t is because setting the alarm and locking your door are simple, 5-second jobs.
Using IT security should be that simple, too – a 5-second job that quickly becomes second nature. If you’re responsible for IT Security in your organisation, put yourself in the shoes of your users and tell me; is your security so easy to use that your users would never take unencrypted data off-site….?
[tags]EFS, Boeing, IT Management, CTO, encryption[/tags]