An employee at Boeing recently shared with his spouse a spreadsheet that he couldn’t figure out to format correctly. As a result, presumably because of a security flub on the spouse’s end on what was undoubtedly an unsecured, private home connection, the private information of thousands of Boeing employees were compromised. Most of the confidential information was in hidden columns that couldn’t be seen by the user, but it was visible to whomever stole the information; these identifying details included names, birth dates, and Social Security numbers, among other things.
As a result, Boeing notified the Washington state Attorney General, although it is unclear if they have yet communicated with the three other states in which their compromised employees live.
At root, the main cause of this incident was a poor decision by an employee to share what seemed to be innocuous data with an outside source, his spouse, and the resulting security boondoggle that followed. This could be addressed by uniform employee training on property security protocols, as well as the possibility of hardwiring security protocols and restrictions into work computers. Some opportunities in that arena might surprise you, as there are ways to do things like preventing someone from taking a screenshot – such as having microscopic bars scan across the screen to hinder any image produced, to preventing users from copying any data to external disks or sending it over any unapproved network connection.
But in the end, the first, and sometimes last line of defense, is the end-user themselves, and potentially the most important protections, while infrastructure reinforcements are perfectly fine are, in the end, best and most simply implemented at the human level.