Document security blunders can happen to anyone, whether a small business or a large corporation. This was made clear by the recent Super Bowl document leak that occurred at the beginning of February 2018. In this article, we’ll take a look at what exactly happened and what lessons individuals and businesses can learn from this major information leak. For more information about keeping your sensitive information safe, contact the data management experts at Blue-Pencil today.
Paper Shredding – Worst Case Example Of What Not To Do
Check out the video below from CNN to hear a quick news report outlining the Super Bowl documents leak.
On February 5, 2018, multiple news outlets reported that Super Bowl documents with sensitive information had been leaked. Important government documents were left behind on a plane in a back seat pocket. The information contained within the documents detailed how the Department of Homeland Security would respond to a bio-terrorism attack if an attack coincided with the Super Bowl (source).
The documents discovered on the plane contained also detailed anti-terrorism information from the Department of Homeland Security, who made notes critiquing the response to a simulated anthrax attack drill and offering ways the response to a possible attack could be improved after confusion with the recent drills (source). These leaked documents posed a potential threat to U.S. security, as terrorists could use this information to their advantage. It could also change the public’s opinion about the Department of Homeland Security, and cause doubt about how trustworthy the Department is.
What exactly happened? How did such sensitive information get released to the public? According to news reports from CNN and The Washington Post, a CNN employee discovered copies of these documents while seated on that plane.
According to CNN, “Recipients of the draft “after-action” reports were told to keep them locked up after business hours and to shred them prior to discarding.
They were admonished not to share their contents with anyone who lacked ‘an operational need-to-know.'” Unfortunately, the documents never made it to a shredder.
CNN discovered these documents before Super Bowl Sunday. However, CNN withheld the information until after the event, as government officials were concerned that the leaked documents could potentially jeopardize the Super Bowl’s security. Even after the event, CNN has decided to withhold some of the more sensitive information contained in the documents, as the Department of Homeland Security worried that the information could threaten national security (source).
CNN.com – Super Bowl anti-terrorism documents left on plane
Washingtonpost.com – A sensitive DHS report about anthrax got outed —
because it was left in a plane’s seat pocket
Super Bowl Documents Leak – Lessons Learned
We can always learn important lessons even from unfortunate situations. Juliette Kayyem, a former Department of Homeland Security official, had this to say about the Super Bowl documents leak:
“‘The biggest consequence of this mistake,” Kayyem said, “may have less to do with terrorists knowing our vulnerabilities and more to do with confidence in the Department of Homeland Security. In the end, confidence in the federal government at a time of crisis is what the American public deserves'”
– Juliette Kayyem – CNN.com
Kayyem outlined one of the main lessons we can learn from this incident – confidence in an organization is highly important, and any kind of leaked information may damage that confidence.
Another lesson both individuals and companies can take away from this is that information leaks and security breaches can happen to anyone. If it can happen to the Department of Homeland Security, it can happen to you! That’s why putting a secure document management and destruction policy in place and sticking to it is so important, as we are all subject to human error!
In terms of information security, shredding documents is one of the best ways to prevent information leakage. These Super Bowl documents were supposed to get shredded before disposal. Shredding documents helps give you peace of mind that your documents have been thoroughly destroyed and can no longer be accessed by those who should not see them.
Tips To Protect Your Sensitive Documents
Looking for ways to protect your sensitive information and avoid a security scandal? These security tips are summarized from our Top 5 Tips To Decrease The Risk Of A Confidential Information Leak article to help you keep your information safer.
Tip #1: Create a Culture of Security
Like the Super Bowl documents leak, it is often employees themselves who accidentally leak sensitive information. By creating a culture of security within your workplace, you can help establish patterns that reduce the chances an employee will accidentally expose private information.
Tip #2: Provide Education & Training For Employees
In order to sustain the culture of security we mentioned above, regular education and training opportunities are recommended for all members of your workplace. This education should be consistent – such as monthly training sessions and reviews of workplace information security policies.
Tip #3: Implement A Malicious Employee Mitigation Strategy
Unfortunately, some information security leaks from employees are intentional. A malicious employee can become a serious security threat.
It’s important to have a plan in place, with employee monitoring systems, risk assessment, and more, just in case an incident like this occurs at your workplace.
Tip #4: Securely Shred Your Documents
As we saw with the Super Bowl documents incident, waiting to shred documents can increase the risk of information leakage. It’s important to have a plan in place for secure document destruction – ideally a plan that shreds unneeded sensitive information as soon as possible.
Tip #5: Security Classification Redundancy System
A major threat to information security is when, for whatever reason, people inadvertently gain access to information they should not have. You should ensure that all critical information is shared over only the most secure sources (e.g. avoid sharing highly sensitive information over email). You can also make some important documents only readable and not downloadable to avoid accidental downloading and sharing.
Blue-Pencil – Top 5 Tips To Decrease The Risk Of A Confidential Information Leak
Keep Your Information Safer Now!
At Blue-Pencil, we can help you avoid a serious information leak. Blue-Pencil helps empower Canadian organizations to reach new heights with friendly and efficient document management services. Customer service is not only a slogan but something we practice by investing in our strategic partners.
“Blue-Pencil was efficient and professional. My documents
were safe and disposed of properly. Not only would I continue to use Blue-Pencil, I would recommend them to everyone.”
– Immanuel Greenberg – More testimonials here!
Located in Oakville, we have grown our document security business over the past 10 years, serving more than 6,000 organizations including small and medium-sized companies as well as Fortune 500 businesses.
We have recently launched two new divisions; Documents Storage and Records Management division and Document Imaging and Scanning Solutions division. This allows us to offer full circle, comprehensive solutions for information security management. We service the GTA and surrounding cities – click here for a full list of our service areas. If you’d like to learn more about us and what we can do for you contact us today!