I’ve had some rather unusual security training over the years. One of my earliest jobs was in security and law enforcement, and my course of study in graduate and undergraduate school included covering some of the largest security disasters in corporate history. Oh, and I was an internal auditor leader for a time when we had a tight emphasis on security. And, I’ve actually been a body guard.
One of the things I’ve learned is that security is as much a mindset as anything else. Whether you are talking about personal security or securing your firm or country it is a heads-up game. The most successful are those that are constantly looking for abnormalities and are willing to do what is necessary when they see one to discover if there is a problem. Those that simply depend on tools or others to keep them secure likely aren’t. While these folks may lead far less stressful lives, their sense of security is a sham.
Rethinking business travel
Losing an employee, co-worker, and/or friend is not only traumatic to the people around them, but can set back company efforts related to that person significantly. Having this happen if the trip was avoidable is particularly painful. Over the last few years video conferencing solutions have become both far better and far less expensive. The cost of one system can actually be less than the cost of one trip. Terrorists seem to be attacking central transportation hubs in cities and unsecure transportation methods like trains. One way to keep employees safe is to just keep them, as much as possible, from being in either place.
Rethinking work at home
We seem to yo-yo around the work-at-home option, but most managers now seem to have a grasp of what jobs work best from home and how to monitor employees so they can tell the difference between those who can successfully do this and those who can’t. This not only lowers the risks associated with travel it can substantially reduce the cost of maintaining offices at centralized locations and hoteling. In addition, tools have improved dramatically over the years so that an office or cubical can now be automatically provisioned individually for an employee when they first log in to the office.
[ Related: 8 must-have tools if you work from home ]
Rethinking employee security training
Employees are facing a number of increasing threats both physical and electronic. I recently was made aware of Lockey, a new ransomware product that not only encrypts local storage but every piece of attached, both physical and virtual, storage as well. Given users are tricked into installing tools like this, firms should aggressively limit user access to just what they need and when they need it. Also, users need to be regularly trained to recognize and report attempts to phish them for any reason so that other employees, security and management can be made aware of an attack in progress. More typically what happens is we sound an alert only when an attack has been successful not during an attempt and, given the amount of damage that is being done, that is simply too late.
Belgium reminds us that an attack can be physical as well, and actively looking for people who are behaving unusually and reporting them may not just save the company, it could save the employee’s life. While I sadly expect that we won’t take this seriously until more of us have lost loved ones, for those who can get ahead of this problem the reward of avoiding guilt will be well earned.
Security is nothing to laugh at
I have a number of funny security stories I could share, but there is little to smile about with what seems to be going on today. Being stupid can have mortal consequences. At the heart of much of the problem is that people seem to think security is someone else’s problem. If there is one overarching thing we can do, it is to accept that security is something we all need to own because with threats like what we are now seeing out of Europe and what we have seen here, that is the only reliable way we can actually be safer.
Something to think about this weekend.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.