About 15 years ago, I attended a conference in Florida. On the last day of the event, and during the morning session, the lead presenter shared a concerning public announcement. A conference attendee had their laptop stolen – they were advising folks to ensure they safeguarded their items, especially electronic equipment. Additionally, they were reminding attendees to ensure devices were protected with passwords, etc. Throughout the day, I kept thinking about all the necessary safeguards that the victim and their employer needed to take – I was imagining what workplace training, measures and safeguards needed to be in place. And I was assessing our own policies to determine any improvements.
While reflecting on that conference, it reminded me of a journal that I once read. It was about the importance of training employees on how to handle situations when an electronic device is stolen or compromised, especially those containing sensitive information. I also read about the importance of organizations ensuring they offer employees secure password guidance. For example, having password reset questions and confirmations that are outside normal conversation questions. For example, avoid having employee password questions that evolve around daily living experiences such as questions about favorites — like food, seasons, color, special dates, favorite teachers, etc. The article spoke about fraudsters being able to engage in conversation with people and being able to determine all kinds of personal information by just engaging in short talk or sending out phishing scams –obtaining enough information to potentially gain access into a system.
I encourage organizations to not copycat other systems, and ensure we have the best password protection and training. Additionally, I encourage managers to inform employees of proper steps in reporting theft of electronic devices, etc.