By Mathew Kibby, Regional Director, Sub-Saharan Africa
Wherever you work and whatever you do, just for a moment pretend I’m your boss.
You are hereby given notice that the information security buck has been dismissed. It is no longer available to be poked, prodded, marveled over or passed, as was most often the case. Just to be clear, and so we’re all on the same page, it’s not that the buck stops with you any longer, it’s that there is no buck.
Your new, and frankly terrifying, reality is one of overwhelming accountability. If a security breach occurs from your desktop, laptop, cellphone, tablet or any other connected device, as a result of your bypassing, shirking, shortcutting or just plain blatantly disregarding the security protocols in place, the responsibility will be yours and yours alone. Where’s that good old buck now?
Since we don’t live in the dark ages, you won’t be publicly flogged and it’s highly unlikely you’ll be tarred and feathered, but you may very well lose your job. Now before you hightail it off to HR brandishing this memo as evidence, please note that we are not threatening to fire you. However, do please understand that security breaches cost us information currency, downtime, data loss and more, all of which impact our bottom line and hence our ability to hire employees, including you. Moreover, if you’re responsible for this loss of revenue, it’s likely you are the weakest link in this organisation. Ergo, when resulting job cuts are made you’ll follow hot on the heels of the aforementioned buck.
If you snorted coffee out your nose or didn’t quite make it all the way to the bathroom, good. That means I have your attention.
Jokes aside, there’s abundant truth in this humour. Cyber attacks are among the greatest threats facing businesses in the digital age and, all things being equal, employees (from top to bottom) are considered to be the second highest threat to cyber security. If we are to shore up our defences then the buck must stop here.
If you think the very notion of passing the security buck is absurd then good for you (and please send your CV to me), but you’re a statistical anomaly. A recent survey by World Wide Worx and VMWare, found that buck-passing and finger pointing are very much de rigeur when it comes to laying the blame for enterprise security breaches. More than a third of IT decision makers (ITDMs) in South Africa believe that the C-level executive and board should be held accountable for a significant data breach, whereas 56% of respondents hold that the IT department should be accountable. The naked truth however, it that it’s most often the employee wandering free-range across all levels of the business who is the likely cause of the problem in the first place.
That’s right, it is not a lack of, or poor, cyber security, but carelessness, poor training and a casual attitude to security issues, among employees, that have the greatest impact on security and which result in employees unwittingly opening the door for a cyber-attack.
The study further revealed that one-fifth of South African employees are willing to breach security. Take a look around the office. Count five colleagues. Now consider that statistically at least one of those individuals is prepared to take a security shortcut that could rain hellfire and damnation upon your company, and quite possibly your future.
The bottom line is don’t be that person who doesn’t play by the security rules, and if you’re senior leadership and among the CEOs and C-level executives who have (statistically) asked 66% of all ITDMs in EMEA to bend the rules “just this one time,” regardless of risk, compliance or legislation, then shame on you.
If you know what the rules are, play by them. If you don’t know what the rules are, ask. If you think the rules can be improved on, offer your input. If you think the rules don’t apply to you, leave.
As we tell our customers over and over again, the surest way to mitigate these security threats and challenges is to educate employees. So having said that, please consider yourself educated and welcome to the four-fifths of responsible employees who wouldn’t dream of leaving the cyber security door open.