By Carly Chynoweth
The Sunday Times
September 28, 2008
Firewalls, passwords and high-tech entry systems are all very well but
they cannot stop someone from leaving documents on a train or lending
their pass to a work-experience student. With all the attention being
given to hacking, identity theft and computer-related security recently,
it is easy to forget the key role that staff play in corporate security.
"People are beginning to realise that the data-security leakages we have
read about in the press are never down to technology - they are always
due to people screwing up," said Martin Smith, chairman and founder of
The Security Company (International). "So many things have gone wrong;
all of them could be solved with management and training."
One of the first steps that organisations should take, he advises, is to
make sure staff understand the security implications of the decisions
they make each day. This should help to minimise security breaches
brought about by carelessness, such as holding sensitive conversations
in public places or sending unencrypted private information through the
post. "Most people want to follow the rules as long as you tell them
what they are and what the consequences of breaking them will be - both
for them and the company," said Smith.
He tries to get the message through by asking staff to protect business
information as if it was their own personal secret. "I tell them to
treat the documents they deal with at work as if they are letters from
their boyfriend that they don.t want their husband to see," he said. In
other words, do not leave them on a desk where an outsider visiting the
building for a meeting might spot them. "And I tell them to treat their
password like chewing gum - do not share it or stick it on your
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!