Painting by Evelyn de Morgan

The Problem
In Greek mythology, Cassandra was so beautiful Apollo granted her the gift of prescience, meaning she could see the future. Unfortunately, she wasn’t thrilled by Apollo and refused to return his love, so Apollo put a curse on her, ensuring no one would believe her predictions. As a result, she lived a life of great pain and frustration.

There’s a mortgage company here in Honolulu that nearly witnessed the fall and destruction of Troy. The story begins in a Starbucks’ parking lot. One of the employees, an uber broker, dashes in the store for her well-deserved double macchiato. When she returns just minutes later, her laptop is gone. The first reaction is disbelief, then anger and finally frustration. A quick call to the office seems to ameliorate the damage. The boss is stern but understanding and all activity is quickly focused on filing a police report, making an insurance claim, rescheduling appointments and getting her a loaner laptop.

But the real tragedy was lurking behind the curtains. The stolen laptop contained over 5000 names, address, social security numbers, bank accounts and other confidential information on the their clients…

The Fix
It sometimes takes a tragedy to do what’s right. In this case, with the looming threat of expensive legal exposure let alone public embarrassment if the incident hit the papers, the CEO realized he had to pull his team out of their day-to-day, gotta-get-it-done-now sense of urgency and get them focused on what’s important: safeguarding their company’s data.

They called us in for a security threat assessment. Here’s what we discovered:
The IT had been relegated to someone who was well-meaning but poorly trained.
The server was missing some critical software updates, exposing the server to malicious attacks.
A router had an open port, meaning one could penetrate the network from the outside.
The 14 laptops in the field were used as standalones by the brokers. Each unit had varying different versions of antivirus and antispyware solutions. Many were missing critical operating system updates. Some had the firewall turned off.
The tape backup on the server wasn’t capturing all of the important files.

Here’s what we did to help secure their network:

• We pulled all employees together for a brownbag lunch and told them some scary stories about data breaches. We showed them how data can easily fall into the wrong hands and why it’s important they – the frontline employees – engage security issues on a constant day to day basis.
• We established a set of policies and procedures for everything from the type of data can be put on a laptop to what is considered acceptable behavior when using the laptops.
• We encrypted the laptops and established data access rights, so employees could access only the data they needed, nothing more.
• We centralized all file management on the server, so the right data is automatically backed up every evening, with one complete week’s worth of data religiously stored offsite in a fire-resistant safe.
• We configured each laptop according to an agreed standard so each unit had the same software and the same settings and as a result could be used interchangeably to mitigate down time and preventive maintenance time.
• We closed the holes in the router and setup VPNs (virtual private networks) so employees could easily and safely access office the files through encrypted internet connections from home or elsewhere.

The stolen laptop was ultimately recovered. Our forensic analysis showed data on the unit wasn’t compromised. The mortgage company dodged a bullet. They heeded Cassandra’s call. They prefer to remain anonymous.