Most people wait until they have a heart attack before eating right and exercising, but it may be too late.
IT Security is the same way. Organizations all the time call me and express their disbelief that a user might lose a memory stick containing private information like social security numbers of customers or employees. They also lament to me about how they never expected a laptop to ever be stolen or they would have encrypted the data on the drive.
I suppose medical doctors and the American Heart Association feel a similar “I told you this could happen!” frustration.
I heard an eye opening interview on NPR with Dan Ariely, the author of Predictably Irrational, about the swine flu. He was responding to the question, “Why is it that thousands of people die from the “other” flu every year, but one baby in Houston dies from the swine flu and everyone freaks out?” What I understood from his response was that people can relate to the clearly described death more than the thousands of other people who die of the flu that they don’t ever know.
Perhaps this explains why so many people think nothing about IT security until something bad happens to them or one of their associates.
If you want to, check out www.predictablyirrational.com and the video podcasts in the iTunes University.
His blog gave me an idea for a simple 2 question exam for you to ASK YOURSELF:
- My company, customers, and family would be most proud of me if:
- At this moment, I will:
a. I realize I am responsible for IT security, not the IT person, and take the necessary steps I should take.
b. When there is an IT security breach, act shocked, play the victim, and look for someone else to blame.
a. Procrastinate, postpone, or pretend there are no risks.
b. Take the necessary steps to protect the network.
The necessary steps, for companies and organizations, is to schedule a review of IT vital systems and you can do that here:
For families and individual users, I am in the process of creating a tool that will make it easier for you to take the necessary steps. Stay tuned.