NY Yankees: Baseball, Hot Dogs, Apple Pie and a Massive Data Breach
It was just a simple human error. There were no hackers in a dark room in Russia. There was no covert inside operation. There wasn’t a set of high-tech network sniffing tools. Just an employee, trying to do his job, who executed a one-click PR catastrophe for the New York Yankees: a data breach of over 21,000 names, addresses, account numbers and email addresses of their loyal fan base.
Inadvertently releasing the personal information of thousands of people is bad enough, but this disaster is made worse by the fact that these names belong to the very people whose support keeps the Yankee organization going, and able to put a winning product on the field each year.
So, the question is, what do the Yankees do now? There are calls to fire this hapless employee, making him a sacrificial lamb for the purpose of satisfying the masses. But this problem goes far deeper into the organization than a worker who makes a mistake. If the Yankees simply fire this worker, and do nothing more, the problem still exists. This person does not deserve to lose his job. There is a fundamental security issue with the way that the organization does business.
This type of data breach is far more common than being “hacked” from outside of the organization. An article in Information Week indicates that 35.2% of data breaches are caused by human error. But we focus our attention on making sure that we have firewalls in place, strong passwords employed, perhaps even encrypted file transfer, but we ignore the security hole that’s big enough to drive a tank through: email security.
Managed File Transfer solutions are now taking on the issue of the ad hoc type of file transfers that occur through email – the exact scenario that caused the Yankees so much heartburn this week. Here’s what a Managed File Transfer solution needs to do:
1. Force the sender to verify the recipient before sending
2. Encrypt both the body of the email and the email attachment
3. Require a user name and password to be entered by the recipient in order to view the email
4. Have both the email and the attachment stored on a central server. When you send email attachments, you are sending copies of the file that can’t easily be controlled once you push the send button. If the attachment is stored on a server, the sender could simply delete the copy on the server, rather than spending time trying (unsuccessfully) to recall the message.
I hope that the New York Yankees will consider this: don’t fire this employee. Fix the root of the problem!
What do you think the Yankees should do?
Tags: email security, Managed File Transfer, New York Yankees
Both comments and pings are currently closed.
