Skip to main content

Continuing losses of personal data points to need for cultural change

As Government unearths yet more losses of personal data, Darrel Ince, Professor of Computing at The Open University, says he believes that "the cases of data loss so far are really the tip of a large iceberg of systematic security failing which encompasses many organisations, not just central Government.

"While a very small proportion of information security breaches are malicious, the vast majority, more than 70% of all cases are caused inadvertently by staff who have been encouraged to place their trust in secure technology rather than thinking more carefully about their own actions.

"A good comparison would be to look back to the introduction of seat belts in cars. Drivers drove more dangerously then as they felt more secure with the belts. Today, we recognise this logic as flawed and that people need to take responsibility for their own actions.

"Most major organisations in the public and private sector have appointed senior people, often IT specialists, to be responsible for information security. But experience at The Open University, which runs specialist courses in Information Security, suggests that many organisations could do a lot more to make employees aware of how they can play a role.

"The priority should be to cascade training on information security to many more people at every level of an organisation than is currently done. Information security is often seen as a specialist branch of management, but every manager should be an information security manager in relation to the work of their own department and team, and every employee should understand the importance of their own role in this process".

The Open University's course on Information Security Management places considerable emphasis on helping managers to better understand how training, job design, and the organisation of the work environment can contribute to helping employees be more alert to risks and vulnerabilities.

"By balancing technology management with people management, we help organisations to develop the capacity to meet British and International Standard for information security management and reduce the risk of major breaches happening again", said Professor Ince.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.