This really is mind-blowing. Thanks for the reminder that we all need to be more careful. ALL of us.

Yikes! You aren’t a dick for taking that photo. Who ever printed that report is a dick for putting the company name all over it and letting people read it on airplanes.

Thanks for the warnings. We moved to a small town from a larger area and it amazes me how clueless many folks are about what can and very well might happen if they don’t keep alert and be wise in their actions. We might exist in “Mayberry” but the rest of the world doesn’t and they drive through often…..

Would it be right to notify the company so they are aware of this? Curious on the ethics discussion here…

I was thinking about this JUST yesterday while on the phone with my mom. She was riding public transportation at the time… telling me about a date she went on. In a matter of ten minutes – I knew where the guy lived, what was in his house, how much it was worth, how much it was insured for, who he worked for, past accomplishments and hobbies… And his name! I would like to hope that there was no one else around her, but we both know different. I was completely in shock.

hmmm…is it possible that the man was not employed by either company, and had perhaps come into possession of the binder by some other means (found it in a hotel lobby, etc) and didn’t give a damn as to its contents? Still, good lesson to be learned, as always. good stuff!

So true. It’s amazing what “private” information people voluntarily make available for public eyes or ears.

Peter, I think you are doing a favor for them. Human failure is what causes more security breeches and issues than hacking. This is not the first article I’ve read this week pointing out how people conduct sensitive business on the subway, the train, and here you are pointing out how clueless this dude was.

I certainly believe you are doing this company a favor.

Any phone conversation can make people totally unaware. Mythbusters did a show on the effects of drinking & driving and comparing it to talking on the phone while driving. Guess what, they were the same! Somebody talking on their phone while driving is the equivalent to drunk driving.

It just goes to show that when people are so busy on their phones they don’t pay attention to anything around them.

Peter, you are correct that people are unaware about who is watching, always… almost from birth, for those born in the last 10-15 years, there is an almost un-eraseable trail of data that will follow them forever or until the end of the world as we know it later this year.
People, especially those in business and leadership positions, must step out of their zombie like states and be aware and vigilant in regards to security, confidentiality and behavior that can come back and BITE hard.

I’ve done work for a number of well-paid, presumably smart people from CEO’s to wall street lawyers. While they may be brilliant in their field, they are often some of the most clueless in terms of common sense. I have been asked to assist with some of the most menial task (not in my job description) which is nice because I get paid for my time – but shocking because these folks have no IDEA how to complete them. This gentleman is probably used to working in a very insulated environment where ‘someone else’ is in charge of security and does not know how to provide it for himself. Perhaps that could be your next business venture peter, a consulting company that teaches professionals how to look out for themselves.

People are so self centered that the idea other people exist is nonexistent. Just think of all the really important things they miss out on by living in their personal bubbles.

Great advice. Smart insight. I use my “seat time” to recharge and encourage those with whom I work to do the same when traveling. The work will still be there when we are actually at work.

As for you, I am guessing that you did not get to watch Dexter ;)

KS – OT’r

If you work in a cubicle or open office be aware that everyone within 20 feet can hear what you are saying. I could have stolen my neighbors credit card number on a regular basis because she gives it out over the phone all the time while sitting at her desk.

Find a conference room or something if you need to order stuff over the phone, not somewhere public.

When I was in the Navy, we were drilled about OPSEC. This is the kinds of things we were always cautioned to watch out for.

This is critical information! Thank you for posting this Peter! We never know WHO is paying attention.

Well said Peter! I think we have all had a time or two when we were careless, but I would hope that we would have learned from it. I purposely don’t bring out proprietary info when traveling, I do read info about clients or about their competition, however, I am always worried that I will be stupid, so why chance it!

I’m lucky to work in an environment where everyone not only understands, but practices good SA. But i’m also reminded that as a very chatty friendly person I often give out seemingly harmless information that could in fact be damaging… i was told a story last week by a friend. She was on an airplane, being a nervous flier she got to chatting with the Flight attendant and spoke briefly about why she was on a trip – she went to spend time with a friend who had been cheated on by a boyfriend- turns out one small mention of a shared common interest and the seemingly random flight attendant knew exactly who her friend was, and the ex-bf. The world is a SMALLL SMALLL place, especially for those who travel. Everyone could be just one degree away!

Good heads up as I am reading this on an airplane flying from Florida reading e-mails and my favorite blogs. Need to get a privacy screen for my laptop and iPad

I had a boss at my first job out of college who reminded everybody not to talk business on the elevator because you don’t know who is listening and who that person work for, his/her agenda, etc. and whatever information was discussed could turn around and bite you in the ass. Mind you, this was 1992, pre email (for the general public), social media, etc. and news didn’t travel as quickly but it still got around…eventually.

Most of us are working on the road and I try to make an effort to not work on something that may have proprietary information that’s conspicuous.

I’m not surprised by this in the least, as I see it almost every time that I travel. I’ve never understood why companies would put these type of binders together, basically allowing proprietary info to so easily get in the wrong hands — or simply lost, for that matter.

It doesn’t relate to business, but I’m often surprised about the personal reading material people look at on planes for everyone to see. Last week I had a guy on one side of me reading a book about intimacy in unstable relationships and another reading a large brochure on hair replacement therapy. Aren’t these private issues?

At my mandatory annual Navy information and operational security (INFOSEC/OPSEC) brief – which is usually a snoozer – the instructor recounted a recent case of how a female spy lured a man with classified access to her apartment, which was wired to create incriminating evidence so the married guy could be later exploited for secrets, with nice, HD incriminating evidence.

The moral of his story? IF SHE’S HOT and YOU’RE NOT, THINK OPSEC!!

Peter, I walk at the gym almost every day. The circular track is slightly padded, not enough to give bounce but helps decrease impact. But I digress. This year I quit taking my ipod to the gym. Music can’t compare to watching (and especially listening to) my fellow gym-rats. As Dr. Seuss said in 1937, “And that is a story that no one can beat, When I say that I saw it on Mulberry Street.” heheh

Peter – I expect the networks to be calling you any day now to host your own primetime show to expose the world around us!!! Always enjoy your blog. Today was no exception, and it’s a great reminder. One I would also add — everyone needs to wake up to WiFi access and how free access sometimes means “someone is watching”. I am not paranoid, but have been in high-tech 25+ years, and if anyone does not understand how relatively easy it is to sniff passwords / data being send over an open unencrypted WiFi connection at the local coffee shop, or “hey look, free WiFi” at an airport, hotel, etc needs to wake up. It’s the wild-wild west, and as you pointed out, it’s not just electronic! Thanks for having the integrity to not expose him here. He’s lucky it was you sitting beside him.

Privacy hardly exists in today’s world and majority of people voluntarily ensure this through social media interactions and postings.

Thank you, Peter, for not only sharing, but documenting your experience to serve as a cautionary tale. On the one hand, one could make the assumption that people do still trust other people to do the right thing. On the other hand, being in the conference and event planning industry, I’m amazed at how much people trust each other to their detriment – enough to leave laptops, tablets, phones, wallets/purses, etc. in an unattended room. There is no such thing as a “locked” room these days, much less privacy in public spaces. You are correct that it is up to each of us to safegard the privacy of our own information and that of others. You never know who might be listening or watching and where that information may end up.

This is dickish behavior repackaged to be sold as helpful advice for the masses.

The man was careless. There’s no doubt about it. Happens all the time and this article isn’t going to change the behavior of others on any measurable scale. What’s more important is your own behavior. You obviously spent a great deal of time being nosey, no? Certainly enough time to grasp details about what your neighbor was reading and take photos to “prove your point”. And the comments of some of the folks above leads me to believe far too many people love sticking their noses into the business of others.

Look, it’s simple. Yes we should all be careful about private information. That’s obvious. Many people aren’t careful enough. That’s also obvious. But then, perhaps they’re simply hoping their neighbors have even the slightest amount of respect for personal space. This article advertises that you most certainly do not.

Wow. Just WOW. I think taking a day to work on situation awareness is one of the best ideas I’ve heard so far this year.

I used to work at a bank, well, in fact I was a contractor for the bank. I did service for local branches but worked from the corporate office. A typical day for me would include strolling into a branch I had never been to, talking to people I had never met, and jumping on their computers for a few hours to make some necessary software switch. Never once did anyone ask to see my identification (other than the badge I wore on a lanyard that said my name and the banks name…very easily forged) nor did they call anyone to double-check I was there to do what I said I was. For all they know, I was jumping into the database of clients and emailing their credit card information to myself, or wiring tiny sums of money to some offshore account.

Kevin Mitnick ( http://en.wikipedia.org/wiki/Kevin_Mitnick ) who was one of the greatest hackers in history used Social Engineering as his method of attack. He didn’t brute force into computer systems, he simply called and talked to anyone that would answer, gathered any information he could from them and worked his way up the chain till he got to someone that, based on the information he would regurgitate to them, would let him into their systems.

You mean United Airlines? Looks like he is not the only one that needs to be careful.

I had a very similar situation earlier this week on a flight from Vegas-NY. As soon as I sat down, I found a large confidential deck in my seatback pocket regarding a partnership between airline I was flying and a hotel chain. I debated whether to tweet airline’s CMO who is on twitter. In the end, I handed it to a flight attendant who was very thankful and told me it was left by a pilot believe it or not. I used the opportunity to teach the young 23 year old who works for me the same valuable lesson you just taught everyone in this post. I will email this to her as follow-up.

I had the same thought as Aron. What if you sent to the company named at the bottom of the document to say “just a heads up you might want to limit who you give documents to” or something. And not a threat because you make it very clear (and rightly so) that it would be a dick move to call this company out in public.

As an HR professional it makes me think about the privacy policy you have your employees agree to. The liability that creates for the company. The cost of the risk associated with that information getting into the wrong hands because of a careless employee or even a contractor for that matter.

But you know what parallel comes to mind (weird I know) – Think of it as a woman walking around with her dress caught up in her stockings – would you tell her? I would. I wouldn’t make a big deal about it and run and wave my arms and yell “HEY LADY YOUR A** IS HANGING OUT!” so everyone looks. Subtle – woman to woman. If it were me, I’d be mortified to find a dress-in-skirt picture on the internet and saying man I wish someone had told me.

But I digress. It is the business world and it’s not just a dress-in-skirt. Probably hundreds of lives and millions of dollars are at stake and it would certainly ruffle some feathers.

It’s interesting to read other folks thoughts on the ethical discussion..

Wow. Did you think about pointing out to him that you could easily read what looked like highly confidential information? Or would that have seemed too intrusive?

Yikes! Clearly, the firm needs to use project names not relating to the actual project. e.i.; Green Fern; not “Multi Billion Dollar Media Company”

Want to see lack of situational awareness without alcohol or phones? Just try to walk down aisles at a Wal-Mart on a busy day. Way too many people have no idea there is anyone else in the store. And I bet many of them vote with the same awareness! G

It’s the modern equivalent of “loose lips sink ships”!

Oh my god that was you sitting next to me on the plane – (just kidding). Without doubt, we all need to mindful of private information, especially since identity theft and corporate espionage has been continually on the rise. If he had been using a laptop, I might have suggested he use a privacy screen filter, but for a binder, the company name/logo should have been removed from the bottom of every page.

Which brings us to Foursquare. Plus “here’s where I am and what I’m doing” tweets. Why oh why would any reasonably intelligent person broadcast their location in real time? Pleaserobme indeed

Good article… Hope you get lots of hits and comments… unfortunatly your points are mute to almost anyone who is potentially on the giving side of this kind of info as if they were web savvy, they would likely be far more privacy savvy…

Great blog and a reminder that our “always on” society has made people unaware of the impact of their actions. It’s not just working on planes — it’s overly loud phone conversations overheard, conversations in public places, etc. Security professionals have a huge issues on their hands with the easy access to data and the availability of recording devices of all kinds. Thanks for the (necessary) reminder that we are always being watched.

I see and hear (thanks clueless cellphone users) stuff like this all the time. The good news is I use it as examples when I consult about security. One woman was so “sharing” via her cell and laptop in an airport lounge, that the gentleman next to me said “If she worked for me I’d fire her on this spot”. Get a clue, folks.

WOW, I am also curious if you will be giving them the heads up, even if anonymous. I guess it is a touchy subject.

There are learnings here, yes. Let’s all be paranoid and suspicious of each other, our neighbors, even ourselves. Trust no one. What a world we live in these days. Yes, this gentleman was careless, yes, we need to be careful and watchful in public spaces and places but honestly, Peter, stop patting yourself on the back so hard. You’ll hurt yourself. You perform valuable services and we appreciate you, but there is indeed an element of disguised “dickishness” to your self-congratulatory behavior, IMHO. I agree with jqb.

So Amy: You’re flying home after a Ketchum business meeting .What would you have done differently? Other than call me a dick… Actually, I’ll take it a step further. If you don’t believe we need to be paranoid, I encourage you to sit next to me on your next flight. It’ll be fun. Honest! :)

message
This won’t take down a company but it could prove to be very embarrassing. Make sure you carefully review long emails trails before hitting “Forward.” The email you’re forwarding to the head cheese may have a message from your colleague way down the page that says what a jerk he or she is!

Peter, the gray type on gray background on your site is kind of hard to read. Maybe black type? Just a suggestion.

Thanks. Ent. as always Peter. One small FYI: Bose NC HP is shutting the white noise out, neither the speech nor screaming babies :-)

Peter you are always on target!!

Twenty years ago when I was a baby consultant for a large HR consulting form, we had a class called “Charm School.” (By the end of my corporate consulting career, its name had been politically corrected to “Little Things Count,” but everyone still called it “Charm School.”) One of the most powerful lessons we learned and that became part of the cultural discussion was preserving the privacy of clients, especially when traveling (and this was before iPads or even cell phones). Many of us were on the same flights from Chicago to DC, or JFK to LAX, as were our competitors, and every one of our client-facing associates learned how to arm bend, paper-fold, or otherwise hide client docs from prying eyes. Or, we kept them in our briefcases on the plane and made sure we’d done our prep at home! On the phone, we often used client numbers instead of names in discussion, too. I guess sometimes the old ways still have their power, especially in a new world. Thanks for sharing the reminder.

Good advice, Peter! Maybe he thought someone just as clueless as he was would be sitting next to him and he didn’t think he’d have any reason to worry.

Wow, Peter!

Thanks for this reminder. I am a band director, and I take my kids on trips sometimes. I am thinking I should make them all read this article…

Sue

I dont even own a company but I am much more careful with my information than these people, great article.

Thank you for sharing.
I worked on a blog post once, while traveling on how to use social engineering to get information from travelers you meet. As it was just fiction and all my own ideas on how I would do it, while I was sitting in a lounge on the airport of Sao Paulo, I decided not to publish my thoughts.

After reading your post here, I might as well…

Thank you!

DG

As a kid playing cards with my family my Dad always reminded us to “breast your cards”…good advice for us all here. Thank you Peter.

I hate to admit it but I’ve definitely been at fault of being too naive. The thought to do this to people – steal their information for bad – doesn’t enter my mind so it’s hard for me to think of the ways they could take advantage of me. Maybe it’s the product of growing up in a small town. Living in Seattle I’ve become more aware of the different kinds of people. I’m rambling . . . anyway, your article was helpful. It serves as great insight for those who may not know what to look out for.

Kadee
@kadeeirene

Unbelievable. This is so important and you are right – we have to assume we are being watched. It blows my mind that people are so careless.

Interesting reaction to the story Peter. Finding the comments about your “dickishness” to be a HARO no-no, as in off-topic.

Peter, I can tell you what I’d have done differently. If I was the individual beside you I’d have looked at you and asked you if you are incapable of minding your own damn business. If I were in your role, I’d have minded my own damn business. It’s really that simple. Why complicate it?

Very important message. The fellow who commented directly above me ( jqp) misses the point. Totally. wonder if that’s on purpose?

Peter, that guy is terribly lucky he was sitting next to you! Those pages of his report could have been on the evening news that night! Thanks for being such a good guy and also for the reminder that we all need to be extra cautious in this very digital time!

Had a somewhat similar experience. Checked into a hotel, found a folder in my room with the negotiating documents for a contract a company that was trying to become a supplier to an auto manufacturer. Costs, bid prices, etc. I found a name and email address of the person who left it (senior exec) and arranged to get it back to him (rather than sell it to an auto magazine). I’ll admit I was flabbergasted that someone could just leave something like that on a hotel table. Pay attention folks. Not everyone will return sensitive stuff you carelessly leave around.

Not missing the point Patricia. I’ve simply introduced a new and more important point. Yes, we should all be cautious…duh. Even better, we should all mind our own damn business. Peter saw what he saw because he allowed his desire to read his neighbor’s documents to undermine any respect he has for privacy.

To tell us that people are not cautious is to point out the obvious. To suggest that unsavory individuals may exploit the carelessness of others is more of the same.

To actually mind our own damn business…obviously too much too ask.

What color is the sky in your fantasy world, JQP?

One of the best subjects you’ve written about!

My 8 yr old twins got iPod Touches for Christmas. I have NOT set them up with email because I don’t want them texting or emailing their friends yet. I want them to understand how important online privacy is. That they NEVER share their password with friends (a common mistake kids make).

This is a good reminder that I need to also keep talking to them about their privacy offline. It’s why we tell them to NEVER give out the garage code, even to a good friend.

I’m hoping if I start these discussions now, they’ll grow up understanding that if they pose for that party photo, assume it will show up on someone’s Facebook page.

This is a great example of failure caused by lack of situational awareness. Being aware is also important for our personal safety. Knowledge of who and what is sharing our space is a basic survival skill we seem to have forgotten. (e.g. Texting or reading while walking. That car bearing down on us has a much longer stopping distance.)

Also, don’t talk about someone else’s private lives — divorces, medical problems, job problems — in restaurants. You are louder than you think you are. You are a lot louder than you think.

New HBR post that reinforces Peter’s point: researchers examining secondhand mobiles were able to recover all sorts of private stuff, including nude pix and sensitive business info. http://bit.ly/x64bFV

More and more I am noticing this. It’s crazy how much information people give away. Pulling out papers on trains. Loud conversations in cafes, bars and on transport.

It is definitely time for all of us to become more aware about ourselves.

As for privacy and being aware about quite how much information we all share, It’s crazy and changes so fast that there is no way schools could keep up if they wanted to. We need to be MUCH more aware these days. The amount of emails, texts, photos that we send is alarming. Certainly not all of it you would want public knowledge. We have to be careful!

I took particular interest in this information because of my professional background and present profession as a “Counter Intelligence” Technical Surveillance Counter Measures technician.
Situational awareness, protection of propitiatory information, and trade secrets are some of the words expressed within my vocabulary whenever giving a presentation to a business executive audience, and board members that I am attempting to do business with.
Here are a few of my remarks corroborating yours:
tip 1 ~ Cameras are everywhere and many are not legal as their audio/video sure do invade ones privacy.
tip 2 ~ A professional spy will gather this information and know how to market it to the highest bidder.
tip 3 ~ Many need to smarten up because so many are clueless as you mentioned earlier; or ‘until it is too late.’
tip 4 ~ If you are the target you just tipped your vulnerability with alcohol, but this is just part of what professional information seekers will look at. Just look at the social/business marketing sites and much intelligence information is just given away by the ‘social big mouth’ and their ‘bragging rights.’
Clueless people appear as ‘sitting ducks’ for the ‘professional information hunters’
Thank you for this information and please keep on writing…

Maybe I’m alone in wanting to know what company this was? Super curious now. I work with a lot of contracts – this is a good reminder for me when reviewing on my laptop and iPad. Thanks.

Reminds me of working in Tokyo. We were not allowed to go drinking or eating in certain parts of Tokyo because that is where the competition drank and ate.

Wow! That is absolutely amazing! What’s even more amazing is how many companies have you sign NDA or other legal forms to never let their information out but these same people are absolutely oblivious to how much information they are giving out on their own. I understand the need to do work while traveling or away from the office but that is why there are tables and seats away from people in cafes or in airport terminals.

I completely agree. I am a college student and this is even true for us. I had a professor standing behind me in line for food today talking on the phone to who I can only assume was her husband. While she has people standing all around her she spelled out her school email and the password to get onto it. With that information any one of the students could get in and change grades, remove tests, drop students from the class, or send emails and get the professor fired. Though this isn’t nearly as serious as destroying a million dollar company, I feel it just goes to prove the point that everyone is getting a little too comfortable in their not so privet bubble.

It’s truly incredible that companies, especially large corporations where any leaks could affect them quickly and in a big way, are still not taking vulnerability and compliance as seriously as they need to be taking it. Great post.