- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Searching for trouble: the hidden risk of pressure cookers, backpacks and quinoa
How to move past sensation and snap judgements to provoke valuable conversations to understand and reduce risk in your organization
Imagine sitting in your living room when a series of SUVs and armed agents show up. Last Wednesday, that scene played out for a couple living outside New York City. The wife, a writer, captured the events and shared it with the world (her post: pressure cookers, backpacks and quinoa, oh my!).
On the heels of recent revelations and accusations about information collection, the story rapidly gained traction. It became de facto proof that the government must be spying on people, using their Internet search histories to look for signs of terrorism.
Without knowing why the agents decided to interview the husband, the couple naturally searched for answers. They concluded that multiple people in a household searching for a myriad of otherwise unrelated terms must have crossed a threshold and sent an alert.
Within 24 hours, the corrections came. Turns out the former employer of the husband tipped off the Suffolk Police. In fact, in the statement released by the police, the terms cited were a bit more specific "pressure cooker bombs," and "backpacks."
The investigation concluded without finding of criminal intent. Story over. The collective of the Internet moved on to seek new fascination. As the family considers what just happened to them, the lessons for the rest of us are just beginning.
The opportunity in the story
This is an event that gives us a great opportunity to engage in meaningful corporate discussions.
Take time now to consider how this happened and the potential risk for the former employer. Stepping back, the first three questions that spring to mind:
- Why was the company searching his history?
- Did they act appropriately to tip off the police?
- Have they now opened themselves up to liability as a result?
These and related questions require some serious discussion in organizations today. Just because this one turned out okay doesn't mean it will in the future.
The footnote on the story is that the husband left his position "a few months ago." One reported suggested it was April. The interview happened in July. If that holds true, then:
- Who was responsible for searching his computer?
- Is searching Internet browsing history a common practice when someone leaves the company?
- Was his computer singled out for this search? Why? Does it matter that he left the company?
- Did an employee follow protocol and work a chain of command -- including consulting with legal counsel -- before submitting this to the police?
- Did the company consider the potential blow-back on them, or the possibility of a civil suit? Should they have?
I don't have answers for most of these questions. The answers I do have start with the phrase, "it depends." Each situation is different. In this case, I don't have enough specifics to make judgments. Neither do you. That's not the point.
These questions are starting points for conversations.
We don't live in a world where every decision is clear cut. To serve in a way that adds value to the organization means posing questions like these when the timing and relevance is high.
Set up a meeting. Gather the right people in the room. Use real-world events to paint the backdrop, then pose the questions. Maybe make it a lunch meeting and engage in "what-if" and explore where the questions lead.
This isn't about asking a question and providing "the answer."
Let it unfold. Allow others the chance to find their voice, process the events, and ask their own questions.
Done right, this improves communication across teams. It provides insights into how the company perceives and handles risks. Regular conversations like these prevent surprises and help broaden understanding.
What questions would you ask? And when is your meeting going to happen?
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government