Monday, May 26, 2008

Selling Off People's Lives

Do You Trust Your Employees?

Whether a business has three or 200,000 employees, data protection and security are of the utmost importance. Now, some may say, well, a three person business does not have much to protect, they are so small. A small company can have lots of information that could be just as confidential as a big business if accessed by hackers. So, if you are a smaller-based business do not think you are immune. You are not my friend. At least you have the luxury of being able to know all of your employees on a much more intimate level then a big business.

Technology vs. Human Will

A business can have all the latest and greatest technologies for security at their finger tips, but that does account for human "error" or in this case, human theft. It can be and is challenging for businesses to have to juggle the two because one cannot be around without the other. In the case of Lending Tree, employees took advantage of the access to information. We have to ask ourselves how this information was so easily abused. I mean, honestly, people's lives are at risk of identity theft and who knows what else and it seems this went on for a couple years. What were the motivating factors? Money? Revenge? As this story continues to unravel, I want to know.

As a business owner, one must have the at the bare minimum security protocols and be pro-active about it or there will be consequences. In terms of monitoring employees, if the release of people's information can reek havoc, you need to set-up security barriers that, for example, monitor emails being sent out (Symantec has a service). Then, have the settings pick up key words that could involve potential threats. Yes, it may be tedious to have to look through all the files, but if it saves the business from bad press and LOTS of law suits, it is well worth the business' time.

The original article was from the Charlotte Observer, but the link has since been taken down, so I found another one dated around the same time.


So it seems there has been a class-action suit filed. One person has already come forward about the effects of this violation.

Garcia bought a copy of his credit report almost immediately after that and found that his information had been reviewed by nearly a dozen lenders without his permission, severely affecting his credit score, the complaint said.

Yikes! That is not good and is now a serious consequence of the renegade employees. The article mentions that the affected parties do not believe Lending Tree took adequate action to protect their information, which they may not have. I wish more details were given, but I'm going off of what I have access to.

The Ultimate Battle

How, as business owners, are we able to find the line between technological security measures and human security? It is extremely frustrating and scary. Businesses need to invest in security, it is a necessity. We cannot skimp on it because we have to ward off hackers. However, when our own employees poise a threat, it is the worst possible situation. Thus, it makes first off, the hiring process that much more important. It also puts further emphasis of keeping upper management in the trenches with the employees. The more they are involved, the less likely certain events/actions can slip by and heaven forbid they become wrapped up in it as well.

In addition, make it difficult for employees to be able to transfer sensitive information. If an employee has to log into a database to retrieve information, are they able to cut and paste? Can employees bring their lap-tops home? It's one thing to bring work home to get caught up, but if it involves dealing with very sensitive data, do not risk it, do not allow it!

Overall, this issue will always be around, but like I touched upon earlier, what were the motives? Did someone anger the employee? Were they short changed on something? Were they just a bad hire? In efforts to fight this sort of security threat, we need to analyze why it occurred. Only then can we figure out how to curb the threat. As a business owner, protecting your information is one of the most critical skills sets available.

~the GURU

1 comment:

Jack Payne said...

The Lending Tree thing is nothing but baffling, when you think, credibility and dependability are so important to the image of such an organization. I, for one, a guy who writes on identity theft all the time, am still gun-shy. I don't risk the innard vitals--pin numbers and passwords to flood out over the internet by way of my computer.