I came across a very interesting post by Peter Cochrane that should send shivers down the spine of anybody reading it. And if you are a security professional, I’d recommend grabbing the chair closest to you.
It reads like the script of a 1960s comedy spy movie but to anyone working in security and responsible for an organization’s data it is a very realistic account of how security is being breached on a daily basis and why data loss and identity theft are on the rise.
People are the weakest link; we’ve known that for years, and while employees were confined to their desk and IT administrators could control what they were doing, the risks were minimal.
Yet the minute organizations set their employees free to roam with their laptops, PDAs, smartphones, memory sticks and the whole range of mobile devices (or running around with the latest Apple iPhone prototype), they said goodbye to security and their data .
Your reply to that may be, “but now we’re hardening devices and using encryption”.
Great, but not so great when your employees are on a train and blabbing to each other about the company’s business plans, using commercial wi-fi to access the corporate network and taking their time to type in their username and password.
Either they don’t give two hoots if someone is listening to them or looking over their shoulder or their concept of security is simply turning the key in a door lock before leaving the house.
How many times have you been sitting next to someone on a plane or train and with a few furtive glances have managed to go through the spreadsheet on his laptop or the presentation she’s reading? Some people are more careful than others but I believe that the people mentioned in Peter Cochrane’s blog are representative of a growing security problem.