Recently I have embarked on that most adult of adult things: buying a house. I shall secure financing to purchase a castle, which I shall promptly remodel into six different workshops, each with a specific purpose.
But first, I need some money. Mortgage brokers can get me that money. So I contact a few, to find out what I need to do to get castle-money.
Here was one response, which is representative of the others:
I will need the following from you via email:
· Copy of your driver’s license and social security card
· Last 60 days of pay stubs
· W2’s for 2011 & 2010
· Tax Returns for 2011 – all pages, all schedules
· Last 3 months of all bank statements and 401K statement – all pages, even if they are blank
· Name and number of person to verify employment
Screw it, why don’t I just print all that out and stick it in an envelope marked “IDENTITY THEFT CENTRAL OFFICE, MOSCOW.”
Seriously, this is nuts. It’s 2012, computers have been around for a few years – we need to get our shit together and secure our data.
It’s especially troubling that these things happen in industries that should know better. Seriously, information security was never mentioned in business school? You traffic in the most sensitive data of peoples’ lives, essentially the keys to the kingdom of their identities, and you treat it the same as you would a wacky picture of a cat?
That’s messed up.
And it’s not a limited problem. Even in video production, where most users are more technologically advanced than the average person, people still tape their passwords to their desktops.
The other day I had the following conversation:
Me: OK, set your password as whatever you want…just don’t make it your dog’s name or something.
User: How’d you know? It IS my dog’s name!
This was someone who’s been editing professionally for years, and who (due to the nature of editing software) has administrative access to his machine.
I died a little inside.
There’s also the ongoing battle against people who are either too lazy or ignorant to understand the problem here. Ever hear “what are the chances of that actually happening?” in response to a security issue you’ve raised?
Yep, those people. I imagine these same people go home, fire guns into the air, and think it’s fine because “what are the chances of the bullet actually hitting anyone?”
Consciously choosing to engage in irresponsible behavior just because the chance of consequences is low doesn’t make it any less irresponsible. And when the victim isn’t you, that makes you an asshole in addition to being irresponsible.
Don’t be an asshole. Do a bit more work, secure your clients’ data, and spare everyone the horrible pain of identity theft.