Enabling safe business

It has been another first for me, acting as the compere for a conference.  Is compere the right word or should it be chairman, host or even MC?  MC Phil – I don’t think so.

The conference went under the banner of ‘Enabling Safe Business’ and was focussed on getting the balance right between heavy-handed ICT Security and go-as-you-dare liberalism. I’m sure this would have been of interest to anyone who has worked in ICT where you really know some of the potential pitfalls ahead but you are constantly barracked for preventing business because ‘it will never happen here’.

The conference was arranged by the North Eastern ICT Managers  group as security is an issue that all seven of us have been facing, with a view to having a consistent approach to it across the region.

A parallel can be drawn between ICT Security and Health and Safety where a lot of effort goes into it, it is well understood at senior level and that is probably because lack of attention kills people.  I was once having a conversation with the MD of an internationally renowned firm and he told me that when he arrived there they had set a target to reduce the number of deaths.  At the board he said ‘So we’re going to set out to kill 6 people this year’ and from this they realised that no death was acceptable.  Yet in spite of all of our focus people still do stupid things. 

Life is changing.  We see technical change almost every day.  We really have no idea where this digital journey is going to take us and as people haven’t come to terms with the change yet.  Think of the rise in social media and the naiveté shown in that organisations are using their users’ information to generate revenue.  People think that it doesn’t relate to them and that it really is provided for free.

One of my colleague Heads of Service said to me that in order to protect herself she needed to be careful about what was online but a quick Google search had her name all over the place and people do not realise the breadth of what already online.

The digital world reflects life and there are bad people out there.  We kid ourselves that we’ll never get caught out, that we are not that gullible but not long ago another one of my colleagues email address was hacked and used to send out 150,000 spam emails asking for bank details.  That was worrying enough but what was probably more worrying was the number of people who responded to say ‘Yes I would like to take you up on your kind offer’.  Bad people only do this because it works.

Yet we can’t be bothered.  There are tools out there that could help us all but what the heck?  We choose not to use them out of ignorance, fear of being shown up, having our heads in the sand hoping it will all go away or laziness.

There are good guys out there though, people working to stop it all going pear shaped, to check that people are doing the right thing.  And the opportunity to pay a small fine to the Information Commissioner’s Office focuses the imagination as well.  But security people don’t always have the best of impressions.  They can be seen (unfairly) as business prevention officers.  Can I share this information?  No.  Can I view this website?  No.  Can I bring in my own device?  No.

But security is not a binary problem.  The only absolutely secure system is one that is switched off.  We need to get the balance right between absolute security and complete liberalisation and that was the purpose of the conference.

It’s all over now.  The eight speakers have said their pieces, the delegates have remarked how well it went, how much they appreciated it, I have said all the thank yous and I can relax now.  I am getting out my penknife to make that next notch in my belt.