Yikes! You aren’t a dick for taking that photo. Who ever printed that report is a dick for putting the company name all over it and letting people read it on airplanes.

Would it be right to notify the company so they are aware of this? Curious on the ethics discussion here…

hmmm…is it possible that the man was not employed by either company, and had perhaps come into possession of the binder by some other means (found it in a hotel lobby, etc) and didn’t give a damn as to its contents? Still, good lesson to be learned, as always. good stuff!

Peter, I think you are doing a favor for them. Human failure is what causes more security breeches and issues than hacking. This is not the first article I’ve read this week pointing out how people conduct sensitive business on the subway, the train, and here you are pointing out how clueless this dude was.

I certainly believe you are doing this company a favor.

Peter, you are correct that people are unaware about who is watching, always… almost from birth, for those born in the last 10-15 years, there is an almost un-eraseable trail of data that will follow them forever or until the end of the world as we know it later this year.
People, especially those in business and leadership positions, must step out of their zombie like states and be aware and vigilant in regards to security, confidentiality and behavior that can come back and BITE hard.

People are so self centered that the idea other people exist is nonexistent. Just think of all the really important things they miss out on by living in their personal bubbles.

If you work in a cubicle or open office be aware that everyone within 20 feet can hear what you are saying. I could have stolen my neighbors credit card number on a regular basis because she gives it out over the phone all the time while sitting at her desk.

Find a conference room or something if you need to order stuff over the phone, not somewhere public.

This is critical information! Thank you for posting this Peter! We never know WHO is paying attention.

I’m lucky to work in an environment where everyone not only understands, but practices good SA. But i’m also reminded that as a very chatty friendly person I often give out seemingly harmless information that could in fact be damaging… i was told a story last week by a friend. She was on an airplane, being a nervous flier she got to chatting with the Flight attendant and spoke briefly about why she was on a trip – she went to spend time with a friend who had been cheated on by a boyfriend- turns out one small mention of a shared common interest and the seemingly random flight attendant knew exactly who her friend was, and the ex-bf. The world is a SMALLL SMALLL place, especially for those who travel. Everyone could be just one degree away!

I had a boss at my first job out of college who reminded everybody not to talk business on the elevator because you don’t know who is listening and who that person work for, his/her agenda, etc. and whatever information was discussed could turn around and bite you in the ass. Mind you, this was 1992, pre email (for the general public), social media, etc. and news didn’t travel as quickly but it still got around…eventually.

Most of us are working on the road and I try to make an effort to not work on something that may have proprietary information that’s conspicuous.

It doesn’t relate to business, but I’m often surprised about the personal reading material people look at on planes for everyone to see. Last week I had a guy on one side of me reading a book about intimacy in unstable relationships and another reading a large brochure on hair replacement therapy. Aren’t these private issues?

Peter, I walk at the gym almost every day. The circular track is slightly padded, not enough to give bounce but helps decrease impact. But I digress. This year I quit taking my ipod to the gym. Music can’t compare to watching (and especially listening to) my fellow gym-rats. As Dr. Seuss said in 1937, “And that is a story that no one can beat, When I say that I saw it on Mulberry Street.” heheh

Privacy hardly exists in today’s world and majority of people voluntarily ensure this through social media interactions and postings.

This is dickish behavior repackaged to be sold as helpful advice for the masses.

The man was careless. There’s no doubt about it. Happens all the time and this article isn’t going to change the behavior of others on any measurable scale. What’s more important is your own behavior. You obviously spent a great deal of time being nosey, no? Certainly enough time to grasp details about what your neighbor was reading and take photos to “prove your point”. And the comments of some of the folks above leads me to believe far too many people love sticking their noses into the business of others.

Look, it’s simple. Yes we should all be careful about private information. That’s obvious. Many people aren’t careful enough. That’s also obvious. But then, perhaps they’re simply hoping their neighbors have even the slightest amount of respect for personal space. This article advertises that you most certainly do not.

I used to work at a bank, well, in fact I was a contractor for the bank. I did service for local branches but worked from the corporate office. A typical day for me would include strolling into a branch I had never been to, talking to people I had never met, and jumping on their computers for a few hours to make some necessary software switch. Never once did anyone ask to see my identification (other than the badge I wore on a lanyard that said my name and the banks name…very easily forged) nor did they call anyone to double-check I was there to do what I said I was. For all they know, I was jumping into the database of clients and emailing their credit card information to myself, or wiring tiny sums of money to some offshore account.

Kevin Mitnick ( http://en.wikipedia.org/wiki/Kevin_Mitnick ) who was one of the greatest hackers in history used Social Engineering as his method of attack. He didn’t brute force into computer systems, he simply called and talked to anyone that would answer, gathered any information he could from them and worked his way up the chain till he got to someone that, based on the information he would regurgitate to them, would let him into their systems.

I had a very similar situation earlier this week on a flight from Vegas-NY. As soon as I sat down, I found a large confidential deck in my seatback pocket regarding a partnership between airline I was flying and a hotel chain. I debated whether to tweet airline’s CMO who is on twitter. In the end, I handed it to a flight attendant who was very thankful and told me it was left by a pilot believe it or not. I used the opportunity to teach the young 23 year old who works for me the same valuable lesson you just taught everyone in this post. I will email this to her as follow-up.

Wow. Did you think about pointing out to him that you could easily read what looked like highly confidential information? Or would that have seemed too intrusive?

Want to see lack of situational awareness without alcohol or phones? Just try to walk down aisles at a Wal-Mart on a busy day. Way too many people have no idea there is anyone else in the store. And I bet many of them vote with the same awareness! G

Oh my god that was you sitting next to me on the plane – (just kidding). Without doubt, we all need to mindful of private information, especially since identity theft and corporate espionage has been continually on the rise. If he had been using a laptop, I might have suggested he use a privacy screen filter, but for a binder, the company name/logo should have been removed from the bottom of every page.

Good article… Hope you get lots of hits and comments… unfortunatly your points are mute to almost anyone who is potentially on the giving side of this kind of info as if they were web savvy, they would likely be far more privacy savvy…

I see and hear (thanks clueless cellphone users) stuff like this all the time. The good news is I use it as examples when I consult about security. One woman was so “sharing” via her cell and laptop in an airport lounge, that the gentleman next to me said “If she worked for me I’d fire her on this spot”. Get a clue, folks.

There are learnings here, yes. Let’s all be paranoid and suspicious of each other, our neighbors, even ourselves. Trust no one. What a world we live in these days. Yes, this gentleman was careless, yes, we need to be careful and watchful in public spaces and places but honestly, Peter, stop patting yourself on the back so hard. You’ll hurt yourself. You perform valuable services and we appreciate you, but there is indeed an element of disguised “dickishness” to your self-congratulatory behavior, IMHO. I agree with jqb.

message
This won’t take down a company but it could prove to be very embarrassing. Make sure you carefully review long emails trails before hitting “Forward.” The email you’re forwarding to the head cheese may have a message from your colleague way down the page that says what a jerk he or she is!

Thanks. Ent. as always Peter. One small FYI: Bose NC HP is shutting the white noise out, neither the speech nor screaming babies :-)

Twenty years ago when I was a baby consultant for a large HR consulting form, we had a class called “Charm School.” (By the end of my corporate consulting career, its name had been politically corrected to “Little Things Count,” but everyone still called it “Charm School.”) One of the most powerful lessons we learned and that became part of the cultural discussion was preserving the privacy of clients, especially when traveling (and this was before iPads or even cell phones). Many of us were on the same flights from Chicago to DC, or JFK to LAX, as were our competitors, and every one of our client-facing associates learned how to arm bend, paper-fold, or otherwise hide client docs from prying eyes. Or, we kept them in our briefcases on the plane and made sure we’d done our prep at home! On the phone, we often used client numbers instead of names in discussion, too. I guess sometimes the old ways still have their power, especially in a new world. Thanks for sharing the reminder.

Wow, Peter!

Thanks for this reminder. I am a band director, and I take my kids on trips sometimes. I am thinking I should make them all read this article…

Sue

Thank you for sharing.
I worked on a blog post once, while traveling on how to use social engineering to get information from travelers you meet. As it was just fiction and all my own ideas on how I would do it, while I was sitting in a lounge on the airport of Sao Paulo, I decided not to publish my thoughts.

After reading your post here, I might as well…

Thank you!

DG

I hate to admit it but I’ve definitely been at fault of being too naive. The thought to do this to people – steal their information for bad – doesn’t enter my mind so it’s hard for me to think of the ways they could take advantage of me. Maybe it’s the product of growing up in a small town. Living in Seattle I’ve become more aware of the different kinds of people. I’m rambling . . . anyway, your article was helpful. It serves as great insight for those who may not know what to look out for.

Kadee
@kadeeirene

Interesting reaction to the story Peter. Finding the comments about your “dickishness” to be a HARO no-no, as in off-topic.

Very important message. The fellow who commented directly above me ( jqp) misses the point. Totally. wonder if that’s on purpose?

Had a somewhat similar experience. Checked into a hotel, found a folder in my room with the negotiating documents for a contract a company that was trying to become a supplier to an auto manufacturer. Costs, bid prices, etc. I found a name and email address of the person who left it (senior exec) and arranged to get it back to him (rather than sell it to an auto magazine). I’ll admit I was flabbergasted that someone could just leave something like that on a hotel table. Pay attention folks. Not everyone will return sensitive stuff you carelessly leave around.

What color is the sky in your fantasy world, JQP?

My 8 yr old twins got iPod Touches for Christmas. I have NOT set them up with email because I don’t want them texting or emailing their friends yet. I want them to understand how important online privacy is. That they NEVER share their password with friends (a common mistake kids make).

This is a good reminder that I need to also keep talking to them about their privacy offline. It’s why we tell them to NEVER give out the garage code, even to a good friend.

I’m hoping if I start these discussions now, they’ll grow up understanding that if they pose for that party photo, assume it will show up on someone’s Facebook page.

Also, don’t talk about someone else’s private lives — divorces, medical problems, job problems — in restaurants. You are louder than you think you are. You are a lot louder than you think.

More and more I am noticing this. It’s crazy how much information people give away. Pulling out papers on trains. Loud conversations in cafes, bars and on transport.

It is definitely time for all of us to become more aware about ourselves.

As for privacy and being aware about quite how much information we all share, It’s crazy and changes so fast that there is no way schools could keep up if they wanted to. We need to be MUCH more aware these days. The amount of emails, texts, photos that we send is alarming. Certainly not all of it you would want public knowledge. We have to be careful!

Maybe I’m alone in wanting to know what company this was? Super curious now. I work with a lot of contracts – this is a good reminder for me when reviewing on my laptop and iPad. Thanks.

Wow! That is absolutely amazing! What’s even more amazing is how many companies have you sign NDA or other legal forms to never let their information out but these same people are absolutely oblivious to how much information they are giving out on their own. I understand the need to do work while traveling or away from the office but that is why there are tables and seats away from people in cafes or in airport terminals.

It’s truly incredible that companies, especially large corporations where any leaks could affect them quickly and in a big way, are still not taking vulnerability and compliance as seriously as they need to be taking it. Great post.