In an increasingly mobile workplace, employees may consider it the responsibility of their bosses to keep information secure, but in reality, it is the responsibility of each individual.
Searchsecurity.com unveils an example of this in a health care firm based in Boston, who after an evaluation of its systems to assess violations of the Health Insurance Portability and Accountability Act (HIPAA) or other infringements of the Massachusetts privacy regulations, found that employees were lacking in training on security and privacy. The audit was done by Networks Unlimited Inc (a data security consultancy firm), which found instances such as employees sending own personal data via email, including bank information and Social Security numbers, and employees sending credit card details to a family member’s AOL address.
Although these were instances of personal security breaches, the audit showed that employees were under the belief that the company was ‘keeping their data secure’, by some means, when these protections were not in place.
The company is now implementing security training, as well as having a dedicated security team in place. However, that is only the tip of the iceberg, as there is a lot that needs to be done to keep information secure, including portable data storage.