How serious is your organization about securing and keeping private the consumer and other data you access, handle, store or otherwise process? Put another way, does your company culture emphasis and value the allocation of precious resources to fight cybersecurity threats?
These are particularly important and timely questions to ask, especially in light of recent well publicized data breaches affecting millions of Americans. According to a recent New York Times article, one of those breaches involving Home Depot was due at least in part to years of neglect and a lack of attention to vulnerabilities and warnings by former members of the company’s cybersecurity team. This alleged culture that stressed “selling hammers” over securing data left the company open to attack from malware that it says “had not been seen before and would have been difficult to detect.”
Several former Home Depot employees said they were not surprised the company had been hacked. They said that over the years, when they sought new software and training, managers came back with the same response: “We sell hammers.”
Additional investigation (and litigation) will likely tell more about whether and to what extent company culture played an integral part in the data breach that ultimately compromised 56 million of Home Depot’s customers’ credit cards. In the meantime, however, all organizations – for-profit and non-profit – should be taking a long hard look at how they value cybersecurity. Is company culture deeply intertwined with a dedication to keeping data safe, or is the privacy and security of information ‘something for IT to worry about?’