What is your company’s biggest risk? Many would probably say that it was the fact
that they do business through the Internet.
Being connected to the Internet and making all your transactions online
is a big risk, but is it the biggest? I
recently read an article in Security magazine entitled, People – Your Most Important
Asset and a Significant Risk. This
article discusses the importance of the employees and what they do for a
company. It also discusses the fact that
due to human nature, people are a significant risk to the company. I would have to not only agree that they are
a significant risk but also the biggest.
Why? We have the ability to think
and act for ourselves.
Set back and think of how you would program a robot to guard
the front door of your company. You would
probably be able to program that robot to guard that door better than anyone
else could ever think of guarding the door.
This robot would follow the programming perfectly. It would make sure that all security
obligations are met. It would not let the person in if they were not
authorized. Now, place yourself in the
shoes of the robot. Someone comes in and
starts up a conversation with you. You,
being friendly with them, decide to communicate back and strike up a long
conversation. You begin to feel
comfortable with that person. You decide
that he or she can be let in. Even if
they were not a threat, you just committed a severe security infraction against
your company. What if that person was a
social engineer? They just did their job
and made it past you. A robot would not
allow this.
People come with flaws.
None of us are perfect. More
often than not, people make more mistakes than computers do. Company’s take a huge risk relying on people
to do their jobs for them because of the mistakes that we can and do make. People key data into databases incorrectly
more than you can imagine (trust me; I know this because I work at a DBA
helpdesk). Even though the majority of
the article in which I reference stems to the new hire employees more so than
the longer tenured employees, the article’s main point is still the fact that
employees in general are a significant risk to the company. What companies need to do when they are
looking over their risks is to not forget their employees. They are by far, in my opinion, the biggest
risk that a company has to deal with.
Reference:
Brennan, J. & Mattice, L. (2013). People – Your Most Important
Asset and a Significant Risk. Security Magazine. August 2013. Pg. 28.
