Technology and Human Error Don't Mix Well. Process Mitigates Risk
We were asked to comment this month for the Vancouver Sun about a data breach incident where a credit union employee mistakenly emailed the wrong distribution list, sending the private information of 450 insurance agents to 75 media outlets. While the first instinct is to blame the person who sent the message and leave it at that, we think this incident has more to do with the process within an organization. As we said, "How many organizations can say with a straight face that can never happen in our organization?"
To mitigate the risk of failures like that recounted above, owners still need to think about access, training and processes.
For example, is there a person in charge of vetting outgoing communications? Do all employees receive training for sending messages and categorizing messages they receive (as the controversial case of the missing emails in the BC government office comes to mind)? Does everyone in the office even need email, or would it be better for certain employees to make use of other forms of communication and record-keeping? What about standardizing the way all employees categorize and record data? Can these processes be improved through automation (eg. getting a prompt in your email verifying recipients to ensure the message goes where it is supposed to go). These are all questions to get organizations thinking about processes to reduce room for human error.
Another example is data backup. Do employees at your company have a scheduled backup? If they do, that's a start -- but how exactly is it backed up? Can employees go back to older versions of documents if they want to use them, or are these automatically updated to the latest version, with old drafts erased? Do all employees have the same memory limitations to backup, or can your organization give more data backup to employees who require it?
In the broader picture, what are the organization's processes for choosing their technology? These kinds of decisions can be extremely costly, especially if the technology doesn't do what your business needs. Yet, according to an Economist study from a while back that still appears to be backed up anecdotally today, a staggering 90 per cent of executives "go with their gut" when making decisions. Again, businesses need to have processes in place to guard against human error.
Better processes and training can help employees at all levels in an organization avoid doing harm to the business, make better decisions and use the right tools for their job.
Look forward to news and opinions about the latest tech trends, online and network security, identity management and other important issues in the tech sector from the Pacific Coast Informer.
PCIS in the News: Botnets and Hackers and Pirates, Oh My!
Some quick links to recent news articles where PCIS has provided expert commentary on network infrastructure, technology trends and online security.
Could Google Be Tricked Into Talking With Botnets? An explanation of how enterprising hackers might be able to use Google's effective search engine capabilities to launch devastating attacks on Internet users.
E-mail mistakes breaching confidentiality at the click of a button. Human error leads to a data breach, but how many other companies are vulnerable to the same problem?
Piracy, Open Source and the Shrinking Space Between. There will always be software piracy, but there is a solution that could make it a lot harder for the pirates.
Other ways to stay connected
How to Subscribe/Unsubscribe to the Pacific Coast Informer
SUBSCRIBE: To subscribe to the Pacific Coast Informer, send a blank email message with subject line "SUBSCRIBE-PCINFORMER" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Pacific Coast Informer, send a blank email with subject line "UNSUBSCRIBE-PCINFORMER" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
