I’ve written before about the IT people in your company who probably know more about you than you might think. This now extends to taking your personal devices to a repair shop. You should assume someone might be surfing through your data while working on your computer, and you should decide if you are OK with that or if the physical destruction of the device after being replaced is the safer option.
Organizations that like to complain about not being able to find talent but also don’t bother to develop it are just leeches on their industry. Do you want more people skilled in cybersecurity or any other skill you’re having trouble finding? Teach it. Develop it. Grow it.
It’s not easy, but that’s how you address a lack of skilled workers. Educational and systemic changes are going to take way too long.
I spent a lot of my time these days focused on onboarding, bringing in new people, getting them up to speed, and contributing. That’s an important process. So is off-boarding, because when you don’t have a proper process for departing employees, stuff like this can happen.
Now, the shortage of people leading to overworked stressed, and burned-out workers is the headline, but if you look at the reasons given in the article below, it’s not “just” that. It’s where that situation leads. When you’re short-staffed and constantly putting out fires, you don’t really take the time to think about showing appreciation, helping employees grow their skills and careers, or creating a diverse workplace.
Yet those are the exact things that employees are looking for elsewhere.
Appreciating and growing your employees is not something that is “nice to have” anymore. It’s a requirement.
Whatever you choose to do, though, the next step needs to be doing everything possible to make sure it doesn’t happen again instead of breathing a sigh of relief that you got your data back and continuing business as usual. That would seem to be the common mistake here.
Don’t make that mistake.
Security pros, where do you fall on the debate on paying or not paying, and does this report change your thinking?
A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.
It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.