By now, you’ve no doubt heard about the embarrassment suffered by the U.S. Department of Defense at this year’s Super Bowl®. But have you considered that your business can learn a lot from it, too?
A CNN employee on a commercial flight to a wedding in January found much more than they expected in their seat pocket. Rather than a few magazines and menus, they discovered a stack of documents marked “For Official Use Only” and “Important for National Security.” They’d stumbled onto files from the Department of Homeland Security, all related to the 2018 Big Game.
Ironically, the documents included extensive instructions on how they were to be secured — and advised that they should be shredded prior to being discarded.
“Recipients of the draft ‘after-action’ reports were told to keep them locked up after business hours and to shred them prior to discarding,” reads a CNN report. “They were admonished not to share their contents with anyone who lacked ‘an operational need-to-know...The reports were accompanied by the travel itinerary and boarding pass of the government scientist in charge of BioWatch, the DHS program that conducted the anthrax drills in preparation for Super Bowl LII in Minneapolis.”
At this point, it’s clear that those documents — which also contained sensitive information that CNN was instructed by the DHS not to disclose — did not cause any harm to national security. But it’s nevertheless an embarrassing incident for the government agency. And it couldn’t have come at a worse time, as faith in government is at an all-time low in the U.S.
“The misplacement of the documents was a really stupid thing,” former DHS official Juliette Kayyem explained to CNN. “Who else knows who may have picked this up? The biggest consequence of this mistake may have less to do with terrorists knowing our vulnerabilities and more to do with confidence in the Department of Homeland Security.”
Regardless of whether this is a matter of public relations or national security, it’s clear that the Department of Homeland Security has good reason to be a little red in the face. Here’s the thing, though — this could have happened to anyone. That’s the lesson everyone should take from this.
Simply put, no one, in any organization, at any level, is infallible. People make mistakes. Sometimes those mistakes compromise sensitive files or information.
It’s your job to ensure that they don’t. To move away from physical documents that are easily lost or misplaced, and ensure that you’ve total control over digital files no matter where they end up. To ensure that your staff is properly trained and schooled in security best practices, but that you’re prepared for when one of them inevitably forgets their training.
More than anything, what happened to the Department of Homeland Security shows us that for all the sophisticated black hat groups and cybercriminals floating around today, our own workers are still the biggest threat to our data. So long as we keep that in mind when working through our security plans, we should be just fine.