Column: When it comes to IT security, we're all in this together

Opinion

Column: When it comes to IT security, we're all in this together

I have to admit to smiling when I read the story in MicroScope concerning a survey by Cryptzone which found 42% of directors and senior managers admitted to regularly ignoring security policies and procedures, writes Billy MacInnes.

The security vendors have spent an awful lot of time explaining to companies just how easily their security can be compromised by employee behaviour so it's a bit embarrassing to discover that so many bosses haven't been listening to a single word they've said.

Perhaps I'm being too harsh on them. Maybe the bosses were listening all along but they didn't realise that when it comes to security all people are equal.

Well, actually, some are more equal than others because I would assume directors and senior managers would have access to much more sensitive and commercially confidential information than their underlings. As such, any security breach on their behalf would be potentially far more damaging.

I would have thought being considered far more important from a security point of view would appeal to many directors and senior managers as a seal of importance to go alongside their company cars, parking spaces, better pensions, health cover, share options etc, etc.

But the survey appeared to illustrate the ignorance of quite a lot of directors and senior managers when it reported 52% said they had access to the most sensitive information but had the least understanding of security. One would assume those who had ascended to the heights of the corporate ladder would be able to make the link between having access to sensitive information and an awareness of how to best secure it.

The problem for some is it might clash with their instinctive belief they are somehow too important to be subject to the same restrictions as their employees. Dominic Saunders, senior vice president of the NETconsent business unit at Cryptzone, suggested that the phrase "do as I say, not as I do" appeared to "resonate in the executive corridor of far too many organisations today".

He added organisations needed to ensure they had solutions which ensured no one, no matter how far up the corporate ladder, could flout policies and procedures. In other words, policies that treat everyone equally. To quote another phrase (and he did): United we stand, divided we fall.

Years ago, my daughters were big fans of the first High School Musical film. While I don't suggest errant directors and managers be made to watch the film as punishment for any perceived security misdemeanour, I do think they would be wise to take the message from the big set-piece song to heart: "We're all in this together." If Saunders wants to add that to his collection of phrases, he has my blessing.

This was first published in May 2012

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.