The Human element

The Human element

     In an age where we cannot live without mobile devices and all our information is online most us us never give a passing thought to what this means and more importantly how to keep it safe. If you employer hands you a check for a million dollars and asks you to keep it safe, you rush off and put it in the bank or a safe. We know what to do to protect the tangible things we are given. 

     What were not so good at is knowing how to protect the confidential document that we were emailed by the boss which we were equally entrusted with to keep safe. The computer age in the modern workplace is still relatively new. Many of the workers in the work place may have even predated the computer on every desk revolution. 

     

     I am sure if you have worked anywhere by now you have been given the line that I am not good with computers or they don't really like me. A good number of people in your office will likely fall in the group of non computer users. These users can be a challenge and may even be safer using an old paper and pen method. How do you protect these users? Do you just shrug them off and leave them to there own devices? Do you even think of them as a part of your Cyber Security defenses? Are these users you need to continue to repeat the same lessons over and over?

I see in many of the companies I visit the shrug them off strategy. We fix there immediate problem and wonder off. Yes I do get these users are sometimes a tremendous challenge and can be a burden to your IT staff. However much like learning to walk or ride a bike we fall over and over much to the frustration of our teacher until we don't. There is that moment when it all becomes very clear and all the repeated lessons just make sense.

     So why when we know that our users are the biggest risk in our organization are we prepared to spend tens of thousands of dollars on a single Firewall are we hesitant to spend a few thousand dollars to develop and maintain an on going education program for our employees. We have an IT budget that encompasses the hardware and software, even our IT staff. Why do we not also put some aside for use here? 

     Imagine the cost of a single data breach. or the constant flow of accidental data outside our company infrastructure. These costs usually lead to the termination of the IT Manager and a lot of lost revenue. Usually just one of these breaches equal the cost of a decade of training.  The threats to our network change every day. This increase is going to cost billions of dollars that may have been saved if we took the initiative. As an IT guy I know the challenge of keeping up with all the latest threats. Many are technical certainly but the way these end up in our network is often not.

I guess the point of this is simple. We need to view our employees as part of the entire IT infrastructure and like our annual licensing costs we need to be spending an annual amount to ongoing training. You may never see this in a monetary return of savings, you will see the loss of money if you do nothing.

As always do not be afraid to challenge your mind!