Data Breach
Data Breach
After an employee had been terminated by the Chicago Public Schools, police allege that the former employee took a company database containing more than 70,000 people’s private information. The report indicates that the former employee was a 28-year-old temporary worker in a Chicago Public Schools information center and that the database may have been stolen in retaliation for the employee’s termination. Police have identified that the former employee had also copied and then deleted a database with information on Chicago Public Schools employees, volunteers and others. The police described the copied and deleted data as “sensitive”. Chicago Public Schools contacted the individuals affected by the data breach and informed them that specific private information had been compromised including: names, employee ID numbers, phone number, addresses, birth dates, criminal histories and any information associated with the Department of Children and Family Services. Chicago Public Schools noted that the former employee had possession of the databases for 24 hours, but there was no evidence that it was disseminated in any way. The former employee was arrested and charged with one felony count of computer tampering/disrupting service and four counts of identity theft.
Policies
Cybersecurity professionals help organizations develop policies on how to handle the storage and retrieval of sensitive information, as well the training of staff on security policies. One of the challenges for security involves the need to secure information with new levels of encryption when employees gain access to new parts of a network or when someone leaves the company. This requires security professionals to constantly monitor and upgrade technologies in order to make them as secure as possible during business operations, even when encryption must strengthen due to changes in employee statuses within a company. The data breach resulted in the compromising of more than 70,000 people’s personal information; however, the impact could have been more widespread if the employee had taken information relative to critical infrastructures and used it to make changes that could devastate large populations of people.
Mitigation
In order to mitigate the threat, cybersecurity professionals at Chicago Public Schools should create or update policies that explain how to prevent access to network and data during the termination process. As soon a manager within the company decided to terminate the employee that should have restricted the access by changing the encryption on data. The company should also invest in training its employees on the proper use of technology in order to prevent data breaches or reduce the prospect of them occurring to company assets. Human error represents one of the most frequent threats to networks and critical infrastructures, and training can help reduce the occurrence of mistakes having negative impact on companies and technology users.