I was walking through Gatwick Airport today, when I was magnetically pulled towards the temptation of a gadget shop, which happened to be Dixons. On reflection this happens almost every time I travel by air. Two things struck me as I perused the aisles of lovely technology. First, the shop was much busier than any other retail outlet in the mall. Second, there was, at that point, more female customers in the shop than male.
The attraction of these stores stems, I think, from the fascination of “what’s new” certainly for myself; currently I am giving a great deal of thought to buying a Bluetooth keyboard for my iPad. A gadget shop is the modern adult equivalent of the toy shop. However, the popularity of new technology among both men and women goes a long way to validating a view that I harbour, that people invest way more in relative terms on personal technology than most organisations do for their corporate users.
I had come straight from a meeting with an FT 100 company, where we discussed automating their awareness projects and implementing our Policy Management Software. Yes, that’s what I do for a day job people! One of the major constraints for this company in their desire to mitigate the risk of a data loss incident with automation technology, is their legacy systems. In many companies the complexity of these systems acts like a dead-hand on progress and business change program’s. As I walked across their beautiful central London office, I was also struck by the prevalence of CRT monitors. This is a typical example of technology at work being inferior to what users have at home. No wonder employees get frustrated and attempt to circumvent IT Security controls.
I believe that the popularity of technology amongst all ages and genders represents an opportunity for organisations to approach employees on the subject of IT security in a more robust manner. Users are already aware of technology and the problems associated with it. From malware through online bullying to identity theft, users have had exposure to these concepts already. Organisations should accept this and leverage off this foundation of awareness.
No one wants to get into trouble at work by inadvertently transgressing a security policy. However, this happens all the time because the human factor has been neglected due to both legacy system induced paralysis and corporate inertia. Compliance is often seen as someone else’s problem.
Organisations should take a leaf from the engaging way that government sponsored programs, such as www.getsafeonline.org in the UK and www.staysafeonline.org in the USA, reach out to users. Here is a top tip readers: get a link to one of these websites placed on your corporate intranet and relate personal IT Security at home to the workplace.
This week is Get Safe Online week in the UK and CyberSecurity Awareness month in the USA, if you needed a reason.