A school administrator emailed a spreadsheet with thousands of students’ health information to all of the students’ families. Parents of students who took part in an after-school program provided students’ health data to help employees properly care for them.
After parents noticed the error – and probably after gossiping among themselves – they notified the school system who offered an apology.
Why is this important?
Human error – including mis-delivery of information – is a very, very common cause of information breaches. Errors like this are easier to prevent than people may know.
What does this mean to me?
We spend considerable resources on preventing attacks from the outside. And we pay attention to classic hack vectors
during audits, vulnerability scans, and penetration tests.
But we need to evaluate the risk of people making undetected mistakes … especially when they are avoidable. And we need to find methods in addition to security awareness and training to stop those common errors from creating these breaches.
Personnel who are not provided clear instructions for data handling
Lack of data loss prevention tools on mail servers and Internet services
Role-based data handling instructions
DLP on mail servers
DLP at the perimeter
DLP at workstations
Commonality of attack