The Business-Technology Weave

Apr 29 2011   12:04PM GMT

Ahhh, New York City you talk a lot; let’s have a look at ya…



Posted by: David Scott
Tags:
access security
best security practice
business breach
business security plan
computer security
content management
content security
cost of data breach
cyber security
data breach
data disclosure
data exposure
data security
enterprise security
human error
New York Yankees
New York Yankees data breach
NY Yankees
NY Yankees data breach
security breach

 

(With apologies to Mick Jagger/Rolling Stones -  NYC, Madison Square Garden, 1969).

 

I was going to title this particular article, “If I can breach it there…, I can breach it… anywhere…”

 

Followed by  “…with apologies to ‘New York, New York’…”. 

 

BUT –

 

This data incident is not a breach (at least from the perspective of the originating organization). 

 

It is an incident of human error:

 

A New York Yankees employee accidentally exposed the personal data of approximately 17,000 fans.  Credit card info is not thought to have been exposed, but – you can imagine the drill:  How are you going to know you’re safe, short of one of two things?  Either you cancel a card, or you cross your fingers and hope unauthorized charges don’t show up.  For at least a few weeks’ time your peace of mind is significantly impacted.

 

This much is known for sure:  Included in the spilled information are names, addresses, phone numbers, and e-mail accounts.  When considering the Yankees, not all errors occur on the field:   This data spill comprises about half of all season ticket holders.  It is, simply, unfortunate.

 

It’s interesting to note that as of yesterday, the 28th, not all season ticket holders (approximately twice the 17k thus far exposed) have been apprised that their information either:  1)  Has been – or -  2)  Might be compromised.  There really is no valid reason for any lag in a timely notification that sensitive data is at risk.

 

So how the heck does an employee expose sensitive information about 17,000 people?  Well, according to the Yankees Organization, the employee “accidentally” (there’s that word again) attached a spreadsheet to an outbound e-mail.  As stated in I.T. Wars:  Errors have efficiencies too.  Bad outcomes are no longer relegated to the travel of physical paper and a couple carbons…  errors travel at the speed of electrons, to destinations of extraordinary number.

 

Mistakes will happen, but in this case it seems rather incredible.  Spreadsheets and all  files should have accurate names – particularly for sensitive information – that reflect, in a concise way, the sensitivity for each file’s contents.

 

Further, passwords and controls can be attached to files (upon their creation), forcing authentication when attaching sensitive information to e-mails.  Also control systems are easily developed such that, when anyone attempts to attach/include particularly sensitive files (password protected or not) with an e-mail, a simple dialog box invokes a warning:  This file has been marked as “Sensitive” – or – “Classified” – whatever… -it can even be auto-triggered by content (hey…),  followed by:  “Are you sure you want to include this file to these recipients?”

 

This can be applied in addition to other security measures of course:  Access and control by virtue of login accounts with associated class-of-user, group network identities, and – limits to, and graduated levels of, access to areas of data based on experience, nature of work, and need.

 

Stay safe out there.

 

April 29th:  On this day, in 1892, Charlie Reilly is baseball’s 1st pinch hitter.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: