17 March 2018
Mary Freeman

Retail Perspective

Mary Freeman - Simplify IT Limited

2Posts 11,084Views 6Comments
Information Security

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...
A post relating to this item from Finextra:

Eight million Brits share PIN numbers - survey

27 August 2009  |  10081 views  |  1
Over eight million Brits have handed over their Chip and PIN details to someone else in the last year, with a quarter of these falling victim to fraud, according to a survey for insurance firm LV=.

People are the biggest vulnerability

27 August 2009  |  4234 views  |  0

One of my favourite TV programmes is "The Real Hustle" where a team of ex-confidence tricksters show how easy it is to use social engineering to gain access to other peoples' goods and money.

Of the three security areas that can be addressed, people, process and tools, people provide both the largest target and, due to reluctance to own up to being conned, the least likely to be discovered.

With the opening up of systems through b2c (business to consumer) and b2b (business to business), data is no longer isolated in a castle surrounded by a firewall "moat". Businesses need to understand not only the vulnerabilities of their own employees, to risks such as fraud, boredom, pride and revenge, but also those of their customers - as illustrated by this article on PIN sharing. Their suppliers also hold an increasing amount of company information, whether product sales figures (how tempting to the competition) or future strategy (ditto) through IT plans.

Mitigating the Risk

Whilst the risks will never completely disappear, there are some ways that the risk can be reduced:

  • Clear policy - state what is expected in terms of security as a means of education and, should the worst happen, recompense
  • Secure process - understand what processes are vulnerable and who is involved in them, that way risk mitigation can be prioritised and addressed
  • Vetting - you would not let a known criminal into your home without watching them carefully, so why allow them to use your payment cards without watching what they do (attempting to stop them completely would be a waste of time, not to mention being unfair to reformed criminals)
  • Training - how many people know what they need to do, on a weekly basis, to keep their PC more secure?
  • Tools - give them the right tools that do not impact their ability to do their jobs (otherwise they will simply work around them) but do make the organisation more secure


'And all the men and women merely players' TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Mary

Plan, Do, Manage, Review, Cuthbert, Dibble and Grub

27 April 2011  |  6851 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

People are the biggest vulnerability

27 August 2009  |  4234 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

Mary's profile

job title Senior Business Analyst
location London
member since 2007
Summary profile See full profile »
Enabling companies to deliver compliant systems that protect information, are able to comply with disclosure requests and are easier to change to mitigate new compliance risks.

Mary's expertise

Member since 2007
2 posts6 comments
What Mary reads
Mary writes about
SecurityRisk & regulation
Mary's blog archive
2011 (1)2009 (1)

Who's commenting on Mary's posts