I was compelled to write something a bit outside my normal realm; Information Security. I have done some limited work in InfoSec over the years and even presented it as a topic at conferences in Orlando, Montreal and Phoenix a few years ago but haven’t done much since then. Still, sometimes something pops up that brings to mind InfoSec and yesterday I encountered a situation that I had to share, as it shocked me.
I was busy faxing off signed permission paper off to DRJ, as I’ll be having an article published in a future DRJ Journal magazine. While I was waiting for the fax to go through I noticed a couple of papers underneath the fax machines and pulled them out thinking they were scrape or just garbage someone placed there. I want to say I was at a large “box” stationary store, as I wasn’t near home or the office to fax it, so I stopped off at the store to send it that day.
As I pulled the papers out I found that it was someone else’s fax that they’d left behind. Nothing too odd about that but when I took a closer look I was astounded to see what they’d left behind.
On the paper what the person’s name and address with their home and cell/mobile number. ‘OK, that’s a bit risky,’ I thought but continued to look at the fax. What amazed and stunned me was the other information some people leave around and don’t think is important. The fax had on it their drivers licence number, a MasterCard number (with expiry and the security code), and another number that I wasn’t quite sure what it was. I think it was an insurance policy number but not sure.
If I was a disreputable person, I could have done something with this card. I could have stolen this person’s identity and caused an incredible amount of grief for them. In today’s age and all the comments, suggestions, awareness campaigns, comments and inserts from vendors – including government agencies, people still don’t get the message about Information Security and not leaving such information lying about for others to get their hands on.
This was a major, major lapse on this person’s part.
People need to be constantly vigilant when it comes to InfoSec and their personal information. Just as corporations need to protect their client/customer data, so too must we be vigilant with out own information.
I’m sure you wondering what I did with the couple of pages: I tore them up into little bits and threw them in the garbage. I obviously didn’t know this person but there was no way I was going to allow someone to gain access to this information; the trouble it would have caused if it got into the wrong hands would have been quite significant.
Oh, and just so you know, I made sure to take my own pages back when my fax had finished and left nothing behind. …and keep an eye out for the article in a future DRJ Journal.
The new book by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3, “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility.” Available at www.stone-road.com **