A lot of information security leaks are attributed to insider threats. Just look at Wikileaks and the US government. An Army private copied thousands of documents onto a CD and walked out the door with them. This may be an extreme case, but is becoming more common.
A lot of data and document security issues are due to the oops factor; we do it accidentally or unknowingly. Most of us don’t willingly comprise our company or personal security, but sometimes it happens because of a lack of knowledge. I think a lot of this can be traced to insufficient training. Most companies just assume that everyone knows how to operate a computer safely.
If a new CRM system comes in, everyone gets trained on it. What about email, Microsoft Word, Adobe Acrobat, instant messenger and a browser? What about basic computer security? Most people are just expected to figure it out on their own. How many times have you accidentally hit a key or clicked and something happened that you didn’t expect? And if it did, you weren’t sure how to undo it?
This gets worse with all the malware out there. Accidentally clicking on an email link that takes you to a malware infected website could be devastating. A few years ago there was the case of the Connecticut teacher whose computer was hitting porn site popups in the classroom. Spyware or malware was most liking causing the problem, but the poor teacher didn’t know how to stop it. Most of us have heard we shouldn’t click on suspicious links, but how many of us have had formal training on it?
With all the consumer electronics available, everyone assumes that everyone knows how to use technology. Just because you can use an iPod, doesn’t mean you have a clue about computer security. Most companies give employees a security or ethics policy saying “Though shall not send anything confidential to anyone . . . blah, blah, blah.” We read it and are supposed to follow it. But most of us aren’t trained on the technology we use everyday that makes it very easy to violate these policies. Most of us don’t think about it. We assume IT has that covered.
And how about security on mobile devices? We all love our Blackberries, iPads and USB drives, but how many of us know how to secure them against data loss? Think about the MFP or printer in your office? Technology can solve many problems by preventing viruses, malware and hackers from wreaking havoc, but until users are trained on operating their computers securely, we will still have problems. Knowing what your users know (or don’t know) can help you prevent another oops.
To quote Pogo, “We have met the enemy and he is us.”
Are your people trained on computer security?
Photo credit Nilocram