Pay attention to the human element in IT security

Published 21 November 2007

As far as information security is concerned, even the world’s best technological solution cannot replace a piece of paper –- the company security policy

The air express industry, as have many other businesses, has transformed the way it serves customers over the past few years, through the use of the latest information technology (IT). FedEx spends more than $1 billion every year on IT. Frederick Smith, founder of FedEx, once said, “The information about the package is as important as the package itself.” CIO’s Linda Brigance writes,

though, that these advances come with a price: The need to protect the system from damaging viruses, accidental data breaches, and even deliberate attacks. It is thus vital for any successful global business not only to have an excellent security policy in place, but also to ensure that the policy is prioritized and communicated in an efficient and meaningful way. In the last six months in the United States, nearly 40 percent of firms surveyed by the Computing Technology Industry Association reported a major IT security breach. How many of these could have been prevented by considering the human element in the workplace? Many stemmed from the accidental loss of a laptop, Blackberry, or mobile device; employees using unsecured networks from home to conduct company business; or employees downloading unapproved software onto the company network. An effective security policy is, in short, a vital protection tool for any kind of enterprise.

The paradox is this: security policies often do not capture management’s attention until the organization has a major security incident. The most effective policy, however, is not one which is developed during a crisis, but rather, one that is developed, updated, and communicated continuously after a systematic review of security needs. The question then becomes, how are the best security policies developed? Large companies and those with the most at stake have put significant resources into this area. FedEx delivers more than 3.3 million packages each working day and the information that goes with them, and understands the significance of solid IT security