Here in Silicon Valley, we tend to share information and the latest developments with each other at lightning speed via IM, Twitter, Facebook, email, SMS, etc.  The grape vine here is probably faster than most government communications systems when it comes to getting information out. Last Friday, an extremely agitated colleague from a local Internet security company texted me. He said that “the worst data breach since WikiLeaks has happened.”  He proceeded. According to the link he sent, Santa got hacked. The Naughty List, no less, according to Infosec Island. Security blogs being security blogs, IA notes five things companies naughtily do, or naughtily fail to do, from an Information Security standpoint.

1. Lack a security communications plan for employees
2. Spend $1 million on security technology and $250 on communications
3. Use cartoons in their communications
4. Use sterile branding
5. Use compliance as an incentive to pay attention

Let me add a sixth, based on a real scenario that happened at an IT staff meeting at a company up the Peninsula: Using sock puppets and paper bag puppets to explain your corporate security policies. Sure, that's a way to get them to take you seriously. Image: BuyCostumes.com