Information Security: Employee Errors Put Data at Risk/Weakest Link Information Security: Employee Errors Put Data at Risk

        • "Companies just aren't enforcing policies enough to make that person second-guess whether or not to send that e-mail that may or may not contain information," Brohm said. "There's so much breaking of the policies that go on within organizations that it's not so much having the policies in place, but enforcing the policies."

           

          Moving On

          Even if governments take corrective action after the incident, accidents can't be undone and the information is still compromised no matter what happens behind the scenes.

          While governments can't go back in time, they can work hard to regain citizens' trust. After its breach, the New Hampshire Department of Health and Human Services sent a letter to many affected citizens. Rollins said the letter advised them on what they could do to protect their credit rating. The department also set up a phone bank that operated for two weeks.

          According to the Concord Monitor, the phones were manned from 8 a.m. to 4 p.m. and had voicemail for after-hours calls. "It was basically like a war room where we had a huge whiteboard," Rollins said. The room had information on hand so people would know what to say to callers with questions.

          In Lynchburg, Schmitt contacted city manager Kimball Payne about its breach and they began citizen outreach and remediation immediately.

          "We initially sent a letter to them that said, 'Hey, we messed up. Here's the scope of the problem,'" Schmitt said. The city also created a hotline for employees to call and had a public meeting. "The city manager and I stood up in front of 200 people and begged their forgiveness, essentially," she said.

          Lynchburg also followed up with those who were affected and offered identity-protection services for a year.

          The process was tense for Schmitt. "I've been in some really difficult situations. This is the first time that I've ever stood in front of a group of employees who I thought were going to throw something at me," she said. "It was a very difficult thing but at the same time, I think we earned a lot of respect for standing up, not making excuses and just admitting the fact that we made a mistake."

          Hilton Collins, Staff Writer Hilton Collins  |  GT Staff Writer

          By day, Hilton Collins is a staff writer for Government Technology and Emergency Management magazines who covers sustainability, cybersecurity and disaster management issues. By night, he’s a sci-fi/fantasy fanatic, and if he had to choose between comic books, movies, TV shows and novels, he’d have a brain aneurysm. He can be reached at hcollins@govtech.com and on @hiltoncollins on Twitter.