RESEARCH TRIANGLE PARK, N.C. (MainStreet) -- I have an increasing concern that meeting in public places is leading to carelessness when it comes to confidential information. At this moment, I'm sitting in a restaurant waiting for a meeting. In the past five minutes the conversation in the next booth has become impossible to ignore. They just mentioned a company that I do business with (they are the IT provider for that company). In 10 minutes, sitting 10 feet away, I know how to log into the company's server, the ID and password -- every character and number, what's in caps, what's lowercase. Not only have I learned the password, but I know it's the same password they typically use for clients too. Wow!
If we have a meeting in a public place, we can forget people are listening. If we mention a name, make a comment about a colleague or say something that would be best said in a private setting, it could have serious consequences.
Your organization (especially if it has a virtual structures) must tell its team, including vendors, subcontractors, consultants, customers, employees and other stakeholders (don't forget your board members!) about the importance of confidentiality and protection of intellectual property. You never know who could be listening or the impact that can result from the wrong -- or right -- person overhearing your conversation.
In the example I mentioned, let's say they are discussing the ability to access a bank. What impact could this conversation have on their company and on the bank and its customers if a breach of security happens as a result of a public conversation? On this particular day I count 25 people within range of hearing this conversation.
Due to the severe nature of this security breach, I have to contact this "bank" and give them a heads-up. To fail to do so would be negligent because I have a relationship with the entity. What would my responsibility be if no relationship existed? For some, overhearing sensitive information is a passing event and, as long as it does not affect them directly or indirectly, the company's problem. For others this is an actionable item they would be compelled to report.
What actions you would want taken by third parties to tell you of an information leak? This is an important consideration when making your organization policy and procedure. How do you want stakeholders to report breaches and potential issues? What are the consequences for minor and significant breaches?