How formatting a spreadsheet turned into a headache for 36,000 Boeing employees.

Best-Selling Author | Speaker | Coach | CTO
When was the last time you sent someone an attachment in an email? Have you noticed that when you type the word “attach” and don’t add something, Gmail even helpfully reminds you that you forgot something?
For many of us, this is an everyday occurrence–so frequent, we don’t even think twice about it.
For security professionals, it is the stuff of nightmares.
Last week, Boeing notified employees of a minor security breach from February when one of their workers requested help from his spouse in formatting a spreadsheet. Not so terrible, except this spreadsheet contained sensitive information about 36,000 employees, including employee names, ID numbers, and accounting codes in the visible columns, in addition to birth dates and social security numbers in hidden columns.
While this was just a careless mistake, Boeing was quick to act and cleaned up the mess immediately. They’ve destroyed all copies of the spreadsheet, informed the employees who are affected (and the Washington Attorney General), and offered identity theft protection to their employees.
IBM recently performed a worldwide security study that shows average cost of a data breach is $4 million. Each lost or stolen record containing sensitive information incurs an average cost of $158.
Companies like Boeing have playbooks and insurance for this type of thing. What can you do to keep yourself out of harm’s way?
In this paperless age of the internet, it seems like we’ve gotten used to storing all our data in the cloud. However, some things are better left offline.
For certain types of information, especially things that contain personally identifiable information like social security numbers, the safest methods of delivery are still in-person or by fax.
For those of you (like me) who don’t own a landline anymore (much less a fax machine), Regus Business Center and FedEx Office both have many locations around the world where you can use an actual fax machine.
I know that probably 95 percent of you are shaking your heads and saying “She can’t be serious!” (I am.)
If you absolutely must use the interwebs to transfer your sensitive documents, you can be a little bit smarter about it. First, ensure that you’re uploading things over an SSL connection. Next, that you’ve encrypted and password protected your attachments with a secure program like 7zip, or the excellent Cryptup plugin for Gmail.
Finally, make sure you never send the password to the file with the attachment itself. Deliver passwords verbally or via some non-email method.
Sending sensitive files within an email is just generally a bad idea overall, though. Instead, there are plenty of programs that exist to help pick up the slack.
Dropbox and Box are my two favorites, as both are certified for HIPAA-level data compliance, so your data is safe to store and share with them.
No matter what you do, no solution is 100 percent foolproof. New breaches are being reported almost daily, and excellent sites like Troy Hunt’s HaveIBeenPwned can give you a leg up in prevention.
Making such a costly mistake can sink your business, and as an entrepreneur, every penny counts.
Want to keep up to date with all the latest news and events?