Don’t Be Caught Off-Guard by Data Breach
I had an important appointment recently at a destination that is approximately 20 minutes from my home if you can take the interstate highway, avoid most of the traffic and accept that an enormous iron oil derrick is going to be hurled at you along the way.
The word “derrick” is named for a famous English hangman who lived in the late 1500s and is credited with inventing a gallows with a clever movable beam and pulley system for executing people. The term still applies to any kind of upright iron contraption capable of supporting tons and tons of weight combined with a movable boom that is used to raise and lower equipment in the same way Thomas Derrick dangled criminals.
But this blog is about contingency plans, so I’ll leave the Elizabethan era executioners to historians. On the day of my appointment, it was a modern contrivance stretching about as long as a city block being hauled by a series of tractor-trailers that reminded me of the original Derrick and his killer role in history. Although I had carefully timed my departure time and estimated the distance to my destination, I didn’t expect a caravan of “wide load” haulers to careen from the far left lane of a four-lane highway and enter the ramp where I unwillingly was about to prove the old science adage about two objects being unable to share the same exact space at one given time.
Never fear – I arrived at my appointment on time despite those images of being rolled over and the reality of having to unexpectedly divert my journey. I wound up using a little ingenuity (pop the curb, drive through the grass) and an alternative route (heavily trafficked side streets and eternal stoplights) to get around the heavy load that blocked my way. However, the only reason I kept my appointment was because I had a contingency plan for a possible near-date with destiny. (I left a little early.)
Maybe some of the big businesses out there that collect and haul large amounts of data could learn a lesson from the Derrick Dilemma, as it came to be called. Every week, news stories appear that either report another wide-load loss of data by some unprepared company or reveal statistics about the number of files that have been stolen or misplaced. The most recent examples include a telecom giant that just got around to admitting that two years ago it lost personal information on 17 million people and a lost hard drive that may include personal and financial details of up to 1.7 million people who had expressed interest and provided information regarding military service in the UK.
But the most interesting new data security news relates to the Identity Theft Resource Center’s findings that this year's breach tally has eclipsed the total number of reported data incidents of 2007. Last year the non-profit group recorded 446 incidents involving U.S. corporations, governments and universities. This year the number has reached 516, and we still have a couple of months to go. As the Washington Post noted in its coverage, at an average of 57 caches of consumer data reported lost or stolen each month, U.S. organizations are on track to reach at least 680 breaches by the end of 2008.
No business should have to expect to lose data, any more than a driver going to an appointment 20 minutes from home should have to anticipate a near-miss with an oil derrick on parade, but these things happen. One of the lines from an all-time favorite road movie, It’s A Mad, Mad, Mad, Mad World, is uttered by Ethel Merman, who states that “these things happen” because people are always saying “these things happen.”
I have to agree with Ethel (in that movie, she got run off the road too!), but until businesses start taking the right precautions and making the best contingency plans, data breaches are going to continue to multiply until everyone’s stuck in traffic.
Comments