Blog article
See all stories »

An article relating to this blog post on Finextra:

Eight million Brits share PIN numbers - survey

Over eight million Brits have handed over their Chip and PIN details to someone else in the last year, with a quarter of these falling victim to fraud, according to a survey for insurance firm LV=.


See article

People are the biggest vulnerability

One of my favourite TV programmes is "The Real Hustle" where a team of ex-confidence tricksters show how easy it is to use social engineering to gain access to other peoples' goods and money.

Of the three security areas that can be addressed, people, process and tools, people provide both the largest target and, due to reluctance to own up to being conned, the least likely to be discovered.

With the opening up of systems through b2c (business to consumer) and b2b (business to business), data is no longer isolated in a castle surrounded by a firewall "moat". Businesses need to understand not only the vulnerabilities of their own employees, to risks such as fraud, boredom, pride and revenge, but also those of their customers - as illustrated by this article on PIN sharing. Their suppliers also hold an increasing amount of company information, whether product sales figures (how tempting to the competition) or future strategy (ditto) through IT plans.

Mitigating the Risk

Whilst the risks will never completely disappear, there are some ways that the risk can be reduced:

  • Clear policy - state what is expected in terms of security as a means of education and, should the worst happen, recompense
  • Secure process - understand what processes are vulnerable and who is involved in them, that way risk mitigation can be prioritised and addressed
  • Vetting - you would not let a known criminal into your home without watching them carefully, so why allow them to use your payment cards without watching what they do (attempting to stop them completely would be a waste of time, not to mention being unfair to reformed criminals)
  • Training - how many people know what they need to do, on a weekly basis, to keep their PC more secure?
  • Tools - give them the right tools that do not impact their ability to do their jobs (otherwise they will simply work around them) but do make the organisation more secure

 

'And all the men and women merely players'

Comments: (0)

Mary Freeman

Mary Freeman

Senior Business Analyst

Simplify IT Limited

Member since

27 Jul

Location

London

Blog posts

2

Comments

6

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all