Auditors identify weaknesses in company policies and practices, but they often act like the same users they laugh about behind closed doors. And they often don’t protect their own data, or the sensitive data they access in the course of doing their jobs.
How many times have you observed auditors do the following (I’d love to hear YOUR stories):
- Use weak passwords.
- Carry confidential data unprotected on thumb drives
- Carry confidential data unprotected on huge external hard drives
- Email sensitive client documents in plain text across the Internet.*
- Fail to lock their screens when they leave their laptop**
* Encrypting data sent via email seems to irritate Big 4 auditors the most!
** I’ve seen Big 4 auditors with no screen saver configured. Hey, that’s MY company’s data you’re playing with!
Next time you hear of PII being exposed because of confidential data stored on a laptop, you might just wonder if an auditor was involved–or at fault.