So just who is responsible for cyber security? Earlier this week we re-tweeted a great article from the Cyber Skills Centre about who is to blame for the current issues and challenges with cyber security in organisations.
Controversially the author, Stuart Wilkes, suggested that responsibility resides with the IT Director and not the software provider or the Criminal. Reading the article, his argument was logical and well structured. As Business Leaders, the IT Director have the responsibility for ensuring security is included in the design of systems, that they communicate with the Board / their Clients, on trends within the industry, that they are responsible for recommending changes in process and practice in the organisation and so on.
The article created much discussion at Risk Evolves HQ.
Should the IT Manager shoulder 100% of the cyber security blame?
Absolutely not! We’d like to suggest that we go one step further and suggest that as Employers and employees we have a major responsibility as well. Let me explain.
We were out and about the other week and stopped to use a ‘free Wi-Fi’ service at a coffee shop (we drink far too much coffee!). In order to gain access (mindful of the advice provided by GetSafeOnline), you had to share some details :
- Email id
- House number
- Telephone number
- Date of Birth
Wow – just for ‘free’ Wi-Fi ! According to the small print, the data would only be used for ‘marketing purposes’ and you could of course un-subscribe at any time. But as consumers, would you really give this data away ? Who has it ? Where is it being kept ? Think about what it could be used for in the wrong hands ? Would you walk up to a stranger and give them a piece of paper with this information on ? Perfect for id fraud. All the information required to apply for credit cards or a bank account. Needless to say, we didn’t share our information – but would you ?
Reducing the risk of cyber crime is MUCH MORE THAN JUST AN IT CHALLENGE.