If they want to play with whatever tech tools to get their job done, have at it. They can ask for help when they really need it.
But if they are taking short cuts with the security of the data, that needs to be cracked down on immediately, as they are putting the entire company in jeopardy.
If security is non-negotiable, the only solution is to destroy the data so that it can't be ever recovered by anybody. Or even better not having any data in the first place.
Securing some data is very important. Some data indeed shouldn't exist in the first place. But for a lot of data it matters very little. Most security breaches have rather mild consequences.
Treating all data as megatopsecret and all security breaches as end of the company produces not only unproductive systems, but bad security.
Breach to private health information that can be linked to an individual more exactly? Is this kind of information all around the organization's computers?
Something that seems often forgotten in these discussions is that it's not just putting the entire company in jeopardy, but the customers, clients, and vendors as well. Security seems to be some magical obstructive force to these people because any concerns besides their own convenience are purely abstract. Well, ask anyone who's had their identity stolen from the hundreds of breaches in the last couple of years if that concern is abstract. Staff who can't see past their own desk to understand the role of security are a serious danger to society.
If they want to play with whatever tech tools to get their job done, have at it. They can ask for help when they really need it.
But if they are taking short cuts with the security of the data, that needs to be cracked down on immediately, as they are putting the entire company in jeopardy.