It was recently discovered that a number of FDIC employees had copied customer records onto thumb drives and taken those drives off-property. The total number of records involved, scattered across some half a dozen incidents, amounts to about 160,000. These records included personal banking details of US citizens, scattered across the country.
The FDIC did not report these immediately to congress, because there was some evidence that the copying was accidental, and in fact, in all but two cases, when the matter was called into question, the data was returned, and the employees signed affidavits swearing that it had not been shared with anyone. One of the six cases is still under investigation, and the last was clearly a case of intentional copying. The employee in question is currently the subject of an ongoing criminal investigation.
Unfortunately, this underscores three painful truths about data security. First, your employees are both your biggest asset, and your biggest risk. A disgruntled employee can easily make off with large amounts of proprietary data before he leaves the building for the last time, and such an event is notoriously difficult to catch.
Second, agencies of all shapes and sizes are at risk of this occurring – even government agencies with deep pockets. And third, while no policy is perfect, having a robust policy concerning physical data security can help you identify and investigate these issues when and as they occur.
Does your company have a good policy as it relates to physical data security? Do you need help putting one together? Contact a member of our team, and we’ll be happy to assist!