WHAT WERE THEY THINKING…

The Palisade Secure Assessment provides organizations the opportunity to analyze network traffic for transmissions of sensitive data.  While on a conference call with an information security manager, our process was described to me in the following manner:

 “This assessment is like going to the dentist for your six month check-up.  After the hygienist cleans your teeth the dentist examines and then starts to share  the news while looking at the latest x-rays.  The ideal response is that there are no cavities and he/she will see you in 6 months.  The cavity response confirms the pain you had been feeling over the past few weeks, or comes as a complete surprise”

After listening to this description we both had a good laugh and I commended him for his example and asked if it was acceptable to use in my next blog post.  After the call I gave his responses more thought and came to the conclusion that most of the organizations who take advantage of our Secure Assessments understand the “pain”, but also experience the surprise.

It is common that each year employees are educated on the severity of sending sensitive data in the clear.  But employees are human and often times forget to push the “encrypt” button before clicking on “send”.  When reviewing these incidents within the reporting interface I often hear, “What were they thinking”?

To continue on with the dentist theme, you can schedule another appointment to alleviate the “pain”.  While integrating with an encryption solution continues to be the most widely used method of remediation, warning messages are providing more importance.  Upon transmission of sensitive data, employees are being warned of the information being sent and reminded of corporate policy.

It is always my pleasure to offer best practices or suggestions on what information should be included on the warning messages, but maybe we should just keep it simple.

“What were you thinking?”