Research from the ICS – the Irish Computer Society – found that almost 58 per cent of the data breaches were caused by staff. The human element is the most overlooked aspect of many organisation’s security defences.
The problem facing most organisations is that many members of staff – especially those in the lower grades – simply want to do their job as efficiently as possible and so please their customers – and bosses.
The problem here is that those same members of staff are often unaware of the technology can make their jobs a lot easier, especially when it comes to IT security issues. This is clearly shown by the ICS research, which found that – where an employee had precipitated a data breach – it was largely a result of internal failures and a lack of awareness.
It’s also interesting to note that 28 per cent of professionals saw the greatest threat to their data as coming from negligent employees. But how do you motivate members of staff – who often have other issues to worry about – to use technology to reduce the risk of the company’s data going walkabout? The solution, I believe, is to use the available technology more wisely.
Instead of having staff use cumbersome and complex security technology – such as a hardware token – to make their computer access more secure, employers need to use technology that employees are very comfortable with. And the technology that most employees are comfortable with, he says, is the mobile phone that almost everyone has in their pocket or purse.
If you can get staff to use their mobile as an authentication device – something called tokenless two-factor authentication – then it will become second nature to the employee, as it’s a simply lot more convenient to use than a hardware token.
The Irish Computer Society research – which took in responses from 300 IT professionals ahead of the Society’s annual data protection conference on the 9th of February – found that clear security policies and procedures are the key to developing a successful set of data defences.
With the research showing that over half of the respondents to the survey expressed a belief that formal training and awareness programmes should be conducted on a regular basis to educate staff on IT security issue, it really comes down to making the technology involved as easy as possible for employees to use on a day-to-day basis.
And it’s for this reason that I recommend the use of mobiles as a means of tokenless two factor authentication to achieve higher levels of security when accessing data in the workplace. If you make the technology easier to use, you can achieve stakeholder security buy-in a lot more easily.