There are several stories running today that discuss the actions of Nick Benson, a former employee of TJX. I say former because he was recently fired for disclosing, in the opinion of TJX management, too much information about their internal operations. I read the posts and I'm not sure that the information disclosed was that sensitive. Furthermore, Benson was essentially a cashier. How would he know about the operational details of the TJX infrastructure?
Regardless of the value or accuracy of the disclosed information, the question I'm asking myself is this:
Why did Benson think that an external hacker site was the only way to report the problem and be taken seriously?
As security professionals, we need to provide our non-technical employees with tools to report their concerns. More importantly, we need to make certain that non-technical people know that they can report security concerns. If we give them the tools they need, they won't start looking to outside entities for help.
How does your organization enable its employees to report security concerns?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment