Last week, personally identifiable information of more than 700 Yuma Proving Ground workers were potentially comprimised by an employee with the best of intentions because the proper security measures were not set in place.  An employee at YPG took data containing personally identifiable information of YPG employees home and loaded it onto a personal computer in a misguided effort to support continuity of an operations program.  That home computer was compromised. 

Unfortunately, the Yuma incident is far from isolated.  The fact is, we often identify exposures created by employees who are “just doing their job.”  The overwhelming majority of data breaches are caused by process issues and human error rather than hackers or network intrusion. 

In less than 30 days, any company can identify these types of vulnerabilities and avoid devastating consequences. Incidents such as the one that occurred at YPG are further evidence that companies need to conduct regular threat assessments to ensure that personally identifiable information and other sensitive data is protected.