The following introduction was originally published in the Information Security section of the BCS ITNow Magazine, Autumn 2012 issue (Volume 54, Issue 3), which was on the topic of Securing the Human:
“The human can be both the weakest link and the strongest tool in building and protecting your organisation, says Gareth Niblett, Chair of BCS ISSG.
People are at least as important as technology when it comes to securing business, but sometimes it appears that investments are made in tin with flashing lights more readily than their fleshy operators and users. It is people that design, build, run and use systems. Businesses should remember to invest in their people as well as the latest technology.
Companies talk about how their employees are their biggest asset, but often it is training, education and awareness, including for information security, that gets cut when times are hard.
Also, when ‘downsizing’, roles that should be kept separate, to minimise fraud and other unwanted activities, can be combined to ‘maximise efficiency and
Even with recent technological advances, social engineering remains a key threat to organisations and their information.
A number of recent data leaks have been facilitated to some degree by tricking the target or their service providers into divulging what should have been restricted information or enabling unauthorised account access or changes.
With the growth of BYOD and cloud services, organisations need to balance awareness of the risks with the benefits of use; employees need to understand the issues related to them and follow any related policies, ensuring that corporate and client information remains in full compliance with any legal, regulatory or contractual obligations.
The human can be both your weakest link and your strongest tool in building and protecting your organisation. If they are treated as part of the solution and you help secure them then they, in turn, can help keep themselves and your business secure.”