Comedian Lily Tomlin rose to fame on Rowan & Martin’s Laugh-In as Ernestine, the rude, sarcastic switchboard operator for Ma Bell.
She would tap into customers’ calls, interrupt them, make snide remarks about their personal lives. And her victims included celebrities as much as run-of-the-mill customers.
On one occasion, she called then-FBI Director J. Edgar Hoover, letting him know that “it really takes a Hoover [vacuum cleaner] to dig up the dirt.”
She introduced herself as working for “the phone company, serving everyone from presidents and kings to the scum of the earth.”
But perhaps the line for which her character is best remembered was: “We don’t care. We don’t have to. We’re the phone company.”
Watching Ernestine on Laugh-In was a blast for millions of TV viewers during the mid-1960s and early 70s. But confronting such corporate arrogance in real-life is no laughing matter.
Clearly, too many companies take the same attitude as Ernestine: “We don’t care. We don’t have to.”
This is especially true for companies that are supposed to safeguard their customers’ most sensitive information–such as their credit card numbers, addresses, emails and phone numbers.
An October 22 “commentary” published in Forbes magazine raises the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is apparently: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
This has been a bad month for credit card-using customers of Kmart, Staples and Dairy Queen–all of which have reported data breaches involving the theft of credit card numbers.
Earlier breaches had hit Target, Home Depot and JPMorgan/Chase.
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“There’s a short-term mindset and denial of convenience in board rooms,” writes Hering.
“Top executives don’t realize their systems are vulnerable and don’t understand the risks. Sales figures and new products are top of mind; shoring up IT systems aren’t.”
Anyone who’s ever watched the operation of an airport luggage carousel has seen this principle in action.
If you’ve checked your luggage, then you need to head for the baggage carousel as quickly as you can get out of the airplane.
Because if you don’t get there in time to grab your own bag, there’s a good chance that someone else will.
The reason? There’s no security officer there to make sure that your luggage goes only to you, and not to someone else.
Experienced baggage thieves know this. So they wait at the luggage carousel for a piece of luggage to go around two or three times. If no one collects it, they assume the owner isn’t there yet–and make off with it.
Sure, there might not be anything of value in it–from the thief’s viewpoint, anyway.
No expensive cameras.
For the thief, it’s a setback–but only a minor one. He simply dumps the luggage and perhaps goes back to the carousel for another shot at finding a bag stuffed with valuables.
But for the traveler-victim, it’s a disaster.
Most–if not all–of his clothes are gone.
Anything personal–such as gifts he was bringing for friends or relatives–is gone.
So are any vitally-needed medications–if he was foolish enough to store these in his suitcase instead of a carry-on bag.
And does the airline care?
Don’t be stupid.
Why should they? They got your money when you bought the plane ticket.
That’s all they wanted from you. And the truth is, that’s all they’ve ever wanted from you–even during the “golden age of air travel” before airplanes became “flying buses.”
The skies of United were never so friendly that airlines felt an obligation to ensure that their passengers’ luggage was actually waiting for its rightful owners.
And the same principle–or lack of principle–applies with such companies as banks, department stores and insurance companies that hold the most private information of their customers.
There are two ways corporations can be forced to start behaving responsibly on this issue.
First, some smart attorneys need to start filing class-action lawsuits against companies that don’t take steps to safeguard their customers’ private information.
Second, there must be Federal legislation to ensure that multi-million-dollar fines are levied against such companies–and especially their CEOs–when such data breaches occur.
Only then will the CEO mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”