Unfortunately, security violations happen. It’s simply a fact of life. There are intentional violations, but then there are so many more that are simply an act of forgetfulness or hurriedness. The security violations that are born out of unintentional negligence, forgetfulness, and/or hurriedness are the focus of this article. While it’s interesting to think about the most famous nefarious security violations, it’s also important to consider some of the more common scenarios when it comes to security violations. If you make an accidental security violation, how do you bounce back from that?
First, your initial reaction can determine how the rest of the process and consequences go. If you are clueless and the violation is brought to your attention after the fact, there is a whole other course of action to take from that point. Either way, let’s look at what you should do after a personal security violation and how you can bounce back from it.
Report It, Now!
If you fall in the category of realizing you just committed a security violation, the first thing you need to do is report it. Get a hold of your Chief Information Security Officer (CISO) or Facility Security Officer (FSO) and give them the details of what happened. There may be a chance to contain it and keep it from getting any worse. The sooner you can report it, the better. You may be tempted to think twice about reporting it and instead try to fix it yourself…don’t! Just report it, and let the security team take the next steps.
Be Honest and Thorough
Being 100% honest when you report what happened is crucial to the security team containing it and mitigating any further risk. When you report it, be thorough. Where were you when it happened? If you didn’t follow Sensitive Compartmented Information Facility (SCIF) procedures, don’t just state, “I forgot to lock the SCIF.” A better response would be, “I was the last one out of the SCIF last night. I left the SCIF at 1730 hours and walked out without spinning the combo lock.” This helps the security folks to see who else might have been in the SCIF after you left.
Always Disclose It
There is no scenario in which you shouldn’t disclose a security violation. Yes, you will feel stupid, and yes, you will be afraid of what happens next. It is far better to just face the music and be thorough and honest about your mistake. If you don’t disclose it, it could lead to further security violations and inadvertently lead others to be exposed to sensitive information that they shouldn’t have access to. In the aftermath of the security violation, when the dust has settled, don’t pretend it didn’t happen, but don’t go writing on your resume either. If you are asked about it in an interview, don’t lie. Admit that you made a mistake and give the details of it, as far as you can without revealing classified information.
Learn from Your Mistakes
The best way you can bounce back from your security violation, is to learn from your mistakes. History shouldn’t repeat itself, especially with security violations. If you were able to keep your job despite the violation, do your best not to repeat your mistakes. Think back on what happened and how you could have avoided it. Ensure that you are putting better security practices in place now and in the future to avoid this happening again.
We all make mistakes, but holding a clearance just amplifies our mistakes. However, if you report your mistakes right away, are honest about what happened, and always disclose it if asked, you can learn from your mistakes and move forward. If you see someone else getting ready to make a security violation, stop them, and educate them on what they are doing. Learn from your mistakes and help others avoid the same mistakes.
