Data Security -- The People Component

Data Security- The People Component

Your business might have invested much in technology to protect your data. But do you know that your data may still have a high probability of compromise? 

I recently had a project where I worked with a customer to update their IT infrastructure. A fair amount of focus was on security, including the effects of ransomware. The infrastructure was updated with particular attention paid to security, multiple backups, and control of all devices, including employee-owned computers and tablets. The CEO asked if I thought they were now reasonable since they had spent so much money on this. My response was, “The weakest link is your employee.” 

To prove the point, we had all their employees attend training sessions that included two warnings: (1) NEVER click on a link sent to you unless you contact the person and you know that the link came from them, and (2) NEVER plug in a memory stick that you see unless it is provided to you in response to a specific request that you made.  

Six weeks later, I had the IT department send out a fictitious email that appeared to come from a bank. It had a link that sent a note to the IT department that alerted them that the link had been clicked and came from a specific employee computer. Out of approximately 400 employees, 190 employees clicked on the link!

These employees were put on probation.

Next, we got 20 memory sticks placed on random employee desks one evening. All 20 of them were plugged in the following day. A program on the stick altered the IT department.  

It is necessary for employees to know that everyone plays a part in IT security and adherence to the rules is a condition of employment.