You will lose data, if you haven’t already. That impact of that data loss will vary from innocuous low impact to a highly costly sensitive data-breach, and everything in-between. Why am I so sure?
- People are lazy. Yes that includes you and I. We all have so many priorities in our busy lives that some things just slip. If we can find a quicker easier route to get to the same result then that’s the path we are likely to take when we are under pressure. We take short cuts (I call it being efficient!). For instance, there may be a policy in place that is supposed to guide us into handling documents and files that we work with in a way that is congruent with the sensitivity of the data contained within, however, that policy is so far removed from the everyday workings of you and I that 3 days after our data handling and classification training, we’ve reverted back to our old ways.
- People become immune to risk. It’s natural. If we behave in a certain way, click on certain links, open certain emails and nothing bad happens, then it must be safe right?
How many times have you seen this screen and clicked “Continue”. Did the sky fall in? Were you fired? Did your laptop explode? It’s human nature to gauge and assess risk based on past consequences.
- People trust people. Apart from rudimentary checks at the time of hiring, employers often don’t check the integrity of employees working for their organisations. And why not? Most people are reasonably honest right?And whilst employee theft of company data to sell may be uncommon, what about the disgruntled employee who leaks data, or steals organisational sensitive data to give themselves advantages in their next role, with your competitor. The biggest impact to data security, by a very long margin, is going to come from the inside.
- People make mistakes. Whilst I am on the subject of data leaking outside of the organisation, we quite naturally think of insider threat. But the reality is, most data leaking out of organisations isn’t malicious at all. In reality, over half the data leakage happens not because of insidious and malevolent behaviour of employees, but because people make mistakes. In fact the technology we use on a day to day basis can in some cases make it easier to make errors. Have a look at the type ahead feature in MS Outlook address bar for instance, how easy is it to inadvertently send a document or an email to the wrong person?
So, unequivocally it would seem that it’s you and I that are the weakest links in the whole security chain. Recognising this is the first step to plugging the holes in our data security strategy. Also recognising that there is no silver bullet in terms of the security software or hardware solutions we provide that will plug those holes. We need a multi-layered approach to security software, there is no one-size fits all solution, but equally important is to make the software that we decide to deploy able to protect us from our own human inadequacies!