Loose Lips Sink Ships

stuart-wilkesI didn’t mean to do it, I really wasn’t that interested, but the two professional looking types at the adjacent table to me in the coffee shop just couldn’t keep their business conversation to themselves. Even though I had my white Apple earbuds plugged in and to those around me would appear to have little interest in what was going on beyond the realms of my table, I heard every detailed word of a conversation that essentially should have been labelled ‘private and highly confidential’.

To distill their 30-minute conversation down to a handful of lines, they were discussing a sensitive HR issue. The core of their conversation revolved around a chap called Guy, he had done something that was leading to a disciplinary. Yet as the ‘powers that be’ had wanted to get rid of this chap for years, this was their chance. He had been an expensive hire and according to their in house measurements had failed to live up to expectations. These two individuals were negotiating a package of measures that they would present to Guy later that day, they would see him provided with a ‘pay off’, but they couldn’t use that term, a glowing reference that made no mention of this current investigation into his conduct and no doubt a warm handshake from his corporate assailants. I felt sorry for Guy, he doesn’t know what was about to come his way.

What surprised me most was that such a meeting was being held in the relatively public arena of a coffee shop. I heard far more detail than I’m letting on to you and I could have quite easily tracked down Guy (not his real name) through social networks and the name of the business he works for and tell him the real story; which would have potentially led to a whole lot of bother for his employers. The whole affair brought to mind the World War II phrase “Loose Lips Sink Ships”

This phrase was extensively used by the United States Office of War Information to advise servicemen and other citizens to avoid careless talk concerning secure information that might be of use to the enemy. I think it should be brought back, not just for coffee shop conversations but for cyber security related issues too.

We are constantly informed that so many cyber breaches occur from the insider threat, where an employee divulges information either accidentally or maliciously to a third party. In the same coffee shop as the ‘Guy conversation’ I have witnessed other laptop nomads stand up from their temporary work environment and head to the toilet, to get another coffee, or even to go outside to take a phone call. They are quite happy to leave their laptop plugged in, logged in and the screen easily visible to even the most uninterested of observers. That is a potential cyber breach. If they returned to their table to find their laptop gone they would be beside themselves. Alternatively, a wannabe opportunist cyber thief could quite easily enable remote access from the logged in laptop and then quietly help themselves to its contents from the other side of the coffee shop.

Coffee shops, libraries, even on a train I’ve seen similar situations occur. All leaving the individual and whom ever they work for open to a cyber breach. Now I’m not suggesting that paranoia should engulf any remote workers; nor am I suggesting that the public places I’ve mentioned are awash with cyber criminals poised ready to pounce, but it can be an oversight as simple and as innocent as this that can lead to a major cyber breach. In the past we have heard how the government has been embarrassed after sensitive documents have been left on trains, this is no different. People will automatically pick up their wallets, phones and other items that they see ‘of value’ but even the most portable of laptops seem to be left just waiting to be stolen.

With estimates ranging from 40% – 60% of workers performing some or all of their duties remotely, coffee shops, hot desk areas, libraries and other places that offer free Wi-Fi are becoming the work spaces of choice for the many. They should be instilled with the necessary training to prevent them from cyber complacency. It all seems pretty obvious now I’ve mentioned it, doesn’t’ it? But it actually doesn’t stop there.

I’ve seen people ask their adjacent cafe dwellers to ‘keep an eye’ on their laptop whilst they vacate their spot for a few minutes. They entrust their business device to a complete stranger, just on the assumption that as they share a love of vanilla lattes then somehow there is a professional bond of trust between them. Really? Maybe that’s what happened to Guy?  He left his laptop in a coffee shop, asked a stranger to baby sit it for him, then when he came back it was gone, as was a copy of the company’s customer lists, supplier contracts, banking details and salary scales. Is that what actually happened to him? Is that the detail of what I heard? Well that would be telling wouldn’t it. My lips in this case are sealed and that’s just they way it should be.

 

Share: Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone