Security: The Weakest Link


A recent presentation by California CPA Dave Cieslak bears the title, "IT Security-Are You the Weakest Link?" Most security experts will tell you that you are. Or your staff is. People are easily the biggest problem, and can confound all the technology that we install to protect not only IT systems, but also everything else. For example, experts will tell you that they can find a predictable number of computer passwords written on sticky notes when they make a sweep of an office.

Technology is not the key to security: Training and discipline are.

This was brought home to me in attending my wife's class reunion at Harvard, where I saw virtually every security measure compromised. This included having police carefully wand all visitors to the Harvard Yard, where commencement ceremonies took place all day, while at another gate police waved through anyone with a badge.

Partner Insights

Cieslak had sent his presentation on this topic before I attended the reunion, and I didn't read it until afterward. But I had come to the same conclusion. As Cieslak wrote: "Despite all our awareness, effort, investment, and training, we are still being compromised daily! Why? The human element!" Remember that cop waving people through?

Most people do not have the discipline to follow the proper measures without reminders. We know that without automatic backup, most people do not back up their computers.

And as for training, I've never had much in the way of instruction by the companies that I have worked for in the 30 years I've been using computers in a publishing environment. It's been learn as you go, and I suspect my experience is not unusual. Fortunately, I cover the computer business and pick up some ideas.

How good are patches and updates if much of your staff doesn't know that you are supposed to click those icons and install them? Many of our editors probably think that defragmenting means disarming a hand grenade. I doubt if some know that they can initiate their own anti-virus scans.

Our staff does not get periodic briefings or reminders about security, except the human resource staff periodically reminding us about social engineering via email. Certainly, we didn't get any anti-spyware. I just happened to know that Ad-aware from Lavasoft works, and that the first time I ran it, I was stunned by the results when all the malware and possible browser hijackers were flagged.

P.S. I just noted one of the Windows updates is a June release of a Windows Malicious Software Removal Tool.

Nobody told me whether I should do anything about security for my wireless connection, especially after I noticed how easily it reached out and connected to other people's networks.

About the only training many people get at many organizations is a warning from our employers not to illegally copy software. If you are lucky, they also tell you how to turn the machine on and off.

So I'm the missing link? Good-bye.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

Register now for FREE site access and more