With increased scrutiny on data security – it’s interesting to read this week’s Network World article “Humans continue to be the weak link in data security”. The article highlights some of the human weaknesses of business users related to the use of encryption and handling of passwords, and provides a sharp reminder that humans can easily undermine even the most sophisticated security systems.
On the topic of human weaknesses. Yes, I admit I am guilty as charged. I have been known to write passwords on post-it notes – there are a couple in front of me on my desk right now. Apparently I’m not alone – the Network World article cited results from a recent Pomenon study where 35% of business managers surveyed admitted to using the post-it note approach to remembering passwords. 31% of respondents admitted to sharing passwords. Interestingly, none of the IT managers who responded to the survey admitted to using post-it notes – confirming that IT is definitely a more evolved type of a human.
So what is the solution – remove business users from the equation? Hardly, given that the technology is there to serve business users. So how does an organization protect its business users from themselves?
In the world of file transfer – we have our share of human-related weak links including:
• Shared FTP accounts and passwords
• Files left indefinitely on FTP sites
• Files sent via IM
• Disks lost in the mail
• Files carried on unencrypted thumb drives
• Confidential files sent unsecured via email
We tend to think that business users want to do the right thing. However, faced with the day to day challenges of needing to get their jobs done, even the most conscientious business users will be tempted to take short cuts. Why would someone share a password? Because it’s too much hassle to get a new account or password. Why would someone send files via mail? Because they don’t have an easy way to send it electronically. Why would someone send confidential information via unsecured email? Because they don’t have an easy to use secure way of sending files.
Most of the reasons for seeking short cuts for file transfer center around ease of use, reducing hassle, getting things done quickly. Given that files take up more than 70% of email volume, file transfer warrants attention within the enterprise. Otherwise it might just be the weakest link in your enterprise data security system – along with humans.
No related posts.