A Company's Biggest Risk!

What is your company’s biggest risk?  Many would probably say that it was the fact that they do business through the Internet.  Being connected to the Internet and making all your transactions online is a big risk, but is it the biggest?  I recently read an article in Security magazine entitled, People – Your Most Important Asset and a Significant Risk.  This article discusses the importance of the employees and what they do for a company.  It also discusses the fact that due to human nature, people are a significant risk to the company.  I would have to not only agree that they are a significant risk but also the biggest.  Why?  We have the ability to think and act for ourselves.  

Set back and think of how you would program a robot to guard the front door of your company.  You would probably be able to program that robot to guard that door better than anyone else could ever think of guarding the door.  This robot would follow the programming perfectly.  It would make sure that all security obligations are met. It would not let the person in if they were not authorized.  Now, place yourself in the shoes of the robot.  Someone comes in and starts up a conversation with you.  You, being friendly with them, decide to communicate back and strike up a long conversation.  You begin to feel comfortable with that person.  You decide that he or she can be let in.  Even if they were not a threat, you just committed a severe security infraction against your company.  What if that person was a social engineer?  They just did their job and made it past you.  A robot would not allow this. 

People come with flaws.  None of us are perfect.  More often than not, people make more mistakes than computers do.  Company’s take a huge risk relying on people to do their jobs for them because of the mistakes that we can and do make.  People key data into databases incorrectly more than you can imagine (trust me; I know this because I work at a DBA helpdesk).  Even though the majority of the article in which I reference stems to the new hire employees more so than the longer tenured employees, the article’s main point is still the fact that employees in general are a significant risk to the company.  What companies need to do when they are looking over their risks is to not forget their employees.  They are by far, in my opinion, the biggest risk that a company has to deal with. 

Reference:

Brennan, J. & Mattice, L. (2013). People – Your Most Important Asset and a Significant Risk. Security Magazine. August 2013. Pg. 28.