There’s a certain appeal to buying the latest and greatest firewall, the world’s best virtual private network (VPN) and the ultimate anti-malware package. After all, the companies that developed all these products hire only the best security minds in the business. Their offerings are second to none, and they’ll doubtless let you sleep at night, knowing that your IT infrastructure, your data and indeed your company and its clients are perfectly protected against the latest security threats.
It’s a nice ideal. Too bad it all blew up when Martha from the accounting department copied an unencrypted database onto a USB thumb drive to catch up on some work at home, and the USB disappeared from her briefcase somewhere on the subway.
The scenario is all too familiar: Companies invest deeply in leading-edge security technology, only to have it unravel due to human error. If security is going to work, employee behavior needs to be front and center when IT builds out its security road map.
That’s easier said than done in the world of enterprise IT, in which intangibles such as processes and policies often take a back seat to stuff you can buy and install. It is, after all, easier to build a business case for something you can see than for something you can’t. Plus, getting everybody on-board with security can be a challenge, as most employees — whatever their level in the org chart — tend to see it as a hindrance to productivity.
Please log in or subscribe to read this article