Loose Lips Sink Companies -- or Employment

ADVERTISEMENT

RESEARCH TRIANGLE PARK, N.C. (MainStreet) -- I have an increasing concern that meeting in public places is leading to carelessness when it comes to confidential information. At this moment, I'm sitting in a restaurant waiting for a meeting. In the past five minutes the conversation in the next booth has become impossible to ignore. They just mentioned a company that I do business with (they are the IT provider for that company). In 10 minutes, sitting 10 feet away, I know how to log into the company's server, the ID and password -- every character and number, what's in caps, what's lowercase. Not only have I learned the password, but I know it's the same password they typically use for clients too. Wow!

If we have a meeting in a public place, we can forget people are listening. If we mention a name, make a comment about a colleague or say something that would be best said in a private setting, it could have serious consequences.

Your organization (especially if it has a virtual structures) must tell its team, including vendors, subcontractors, consultants, customers, employees and other stakeholders (don't forget your board members!) about the importance of confidentiality and protection of intellectual property. You never know who could be listening or the impact that can result from the wrong -- or right -- person overhearing your conversation.

In the example I mentioned, let's say they are discussing the ability to access a bank. What impact could this conversation have on their company and on the bank and its customers if a breach of security happens as a result of a public conversation? On this particular day I count 25 people within range of hearing this conversation.

Due to the severe nature of this security breach, I have to contact this "bank" and give them a heads-up. To fail to do so would be negligent because I have a relationship with the entity. What would my responsibility be if no relationship existed? For some, overhearing sensitive information is a passing event and, as long as it does not affect them directly or indirectly, the company's problem. For others this is an actionable item they would be compelled to report.

What actions you would want taken by third parties to tell you of an information leak? This is an important consideration when making your organization policy and procedure. How do you want stakeholders to report breaches and potential issues? What are the consequences for minor and significant breaches?

It may seem a remote possibility that a conversation had in a public place could significantly affect your organization. But it is an important thing to consider in the age of technology and litigation; you do not want to be at risk from issues that are foreseeable and, in most instances, preventable. Here are some examples of sensitive information that could create issues if confidentiality is breached:

  • Employee performance issues
  • Intellectual property: inventions, ideas, proprietary processes
  • Competitive information related to bids, pricing, costs, etc.
  • Customer information
  • Strategic or tactical information: expansions, marketing, sales, etc.
  • Financial results or plans, including mergers, acquisition targets, requests for quotes and budgets
  • Security information including passwords, login IDs and processes

The organization that so casually shared aloud the access codes, IDs and login process in the middle of a crowded restaurant -- and their clients -- will be lucky if there are not consequences to their actions. At a minimum, their client could cancel their contract, but it could be more than that. Disclosure of confidential information and breaches of security protocols could make them liable for so much more.

Protect your organization by at least making your employees aware of the risks and consequences of careless disclosures in public places. It may seem as if "everyone does it," but you don't have to. Here are several things you can do to keep your organization aware of the risks:

  • Have a comprehensive written policy on confidential and proprietary information: what it is, how it should be handled and limits on where, when and with whom it can be discussed.
  • Establish security protocols for employees, contractors and vendors that require signed acknowledgments of receipt or access to proprietary and confidential information and consequences for failure to comply with the policy and procedures.
  • Train, train, train employees, contractors and vendors (including service providers) on appropriate and inappropriate means, methods and locations for discussions, meetings, etc., when dealing with confidential and proprietary information.
  • ·Monitor your systems, controls, training and documentation of information.
  • Establish corrective actions and disciplinary rules for breaches.

In today's world, technology can make us vulnerable, yet we are most vulnerable in the real world where often our awareness of exposure and risk is at its lowest. Our only firewalls are those that we build in our minds and around our behaviors.

—For more tips and tricks on how to keep your small business safe, visit MainStreet’s “Small Business” topic page for our latest coverage!

Show Comments

Back to Top