Yet Another Laptop Theft…This One With Info About 26.5 MILLION Military Vets

There was a widely reported Reuters story today, "Data on 26.5 million veterans stolen from home" about yet another laptop theft with massive amounts of personal information stored upon it. The theft took place sometime this month.  Data included names, social security numbers and birthdates.

The Department of Veterans Affairs spokesperson indicated the employee took home this large amount of data in violation of "rules and regulations and policies."

Well, it is good they had these policies in place.   Policies cannot prevent people from doing the wrong things, but they are necessary to establish the expectations for appropriate business activities, and the security framework for an information handling and processing environment.

Hopefully there are some strong sanctions policies also in place.  The employee was put on administrative leave during the investigation.

Policies, though, without communicating them to personnel will be ineffective…people cannot be expected to do the right thing if they are not told what the right thing is to do.  Is there a strong information security education program in place at these companies where such incidents are occurring?  I think of the oft-quoted Rumsfeld quote when these incidents occur and I question whether or not there is adequate awareness and training in place, "But there are also unknown unknowns – the ones we don’t know we don’t know."  Your personnel don’t know that they don’t know about information security risks if you have not been communicating with them.  This is a huge risk…ignorance is definitely not bliss for your organization.  Companies need to start beefing up their awareness and training efforts or these types of senseless and avoidable incidents will continue to occur.

Technorati Tags

Leave a Reply