Another 30 minutes or so before they let us in and the waiting area is filling up. It is an
8 a.m. flight on a Monday and the crowd is predominantly professional. There are certainly a few consultants. A woman in front of me is one of them. She is reviewing notes and often glances at her Blackberry, which has rung twice on my brief watch here. The owner answered both calls, which were both related to her ongoing assignment. By now, I know the name of the client, the nature of the issue at hand, a couple of key names and what the agenda is like for the upcoming few days. I am sure that if we had more time here, I could have told you what the project sponsor’s private life is like.
Two weeks ago, while on a train, I had to listen to someone instigating a conference call in order to “sort things out” at the office. As one of the unwilling listeners to the conversation, I learned the name of the organization, the nature of the problem, the names of the vendors and a few other things that should not be discussed in a company of complete strangers.
Last year, while on a 20-minute ride on a commuter train, I was sitting across from a visibly bewildered and upset foot-soldier consultant from a very large and well-known consulting company (I owe this knowledge to the company’s insignia placed on just about every item this person was carrying). On a phone with a colleague for the duration of my short trip, and hysterical most of the time, she let me and the fellow commuters know the name of the client, why they were an abomination of an organization, why they would “go belly up in the near future”, and, of course, who was the biggest idiot there (albeit lesser idiots were not missed either).
Those of us who travel, encounter such kind of behavior often. There are a couple of problems here. First of all, it is of course a bloody nuisance when you have to hear someone yap while you are trying to read, rest or do some meaningful work. But we all have to attend meetings some time, so this is not the biggest problem.
The real problem is that, while organizations dedicate enormous expense, personnel and other resources to protect their and their clients’ data against unauthorized network access and commercial espionage, their best efforts can be so easily undone by indiscreet remarks in public by a careless employee or vendor.
Just like that, the most complex defenses are undone in a matter of moments.
It is easy to see the ramifications of such sloppiness and the issues it can potentially create, for the client organization, for the person’s employer, for the consulting company whose employees are heard discussing their clients in public.
Despite our best efforts, people remain to be the weakest link.
Hordes of well-paid professionals in legal, IT and other streams of work are employed to develop, implement and enforce security and privacy policies and measures. The real problem is that while organizations dedicate enormous resources to protect their and their clients’ data against unauthorized network access and commercial espionage, their best efforts can be undone by indiscreet remarks by a careless employee or vendor. Just like that, the most complex defenses undone in a matter of moments.