More can be less when it comes to security
Head of security and risk, Detica
The National Hi-Tech Crime Unit has revealed that e-crime is costing UK businesses £2.4bn a year (Computer Weekly, 5 April).
To make a real impact on beating cybercriminals, organisations need to be a lot smarter in terms of security technology and processes. And with security, paradoxically, more can often be less.
Adding 100 extra failsafe processes, all sharing an intrinsic link, is like adding 100 extra engines to the wings of a plane: it compromises performance and increases the risk of catastrophic failure. The more people who witness a road accident, the less likely it is that one of them will call an ambulance. Similarly, the more people making security checks, the less thorough each will be, assuming others will spot any problem.
Installing advanced technology security products and raising staff awareness are all very well, but banks and retailers also need to consider their customers as part of their security measures. Haste, ignorance and greed are the weak spots that fraudsters are ready to exploit.
People need to think before clicking on e-mail or website links, or downloading attachments. They should also be cautious about disclosing identity details on websites aimed at forming or reuniting social contacts.
Fighting cybercrime is an ongoing battle in which everyone has a role.
ISPs and banks should protect the consumer
Managing director, Checkbridge
I read with great interest your article, "HSBC warns of online banking bans" (Computer Weekly, 12 April).
Consumer security and its impact on the banking industry is woefully underestimated. I am delighted that Alan Jebson, group chief operating officer at HSBC is considering taking a stronger line on consumer protection.
The issue will not be resolved while we expect consumers to protect themselves. Generally they do not have the time, inclination or money to do so. The internet service provider is an obvious intermediary that should, logically, shoulder this responsibility - although neither current legislation nor consumer demand will provide the necessary motivation to do so. Until it is commercially worthwhile for an ISP to protect consumers, it will not happen.
A Checkbridge survey into e-mail security attitudes indicates that 60% of consumers think their ISP should be responsible for stopping viruses and spam. Only 17% of end-users believe that it is their own responsibility.
Banks and ISPs should jointly consider how the threat to the consumer (and through the consumer to the banks) might be resolved. It is in banks', retailers', ISPs' and consumers' interests to get consumer protection right.
' Information security special report, p29
Upturn could be stalled by staff who change jobs
Bill Goodwin's article, "Growing need for project managers drives IT departments to spend more on training (Computer Weekly, 12 April 2005), confirms the importance of staff retention in the IT sector.
Following several extremely difficult years, the IT industry is showing signs of recovery and the forecast increase in business volumes is the most positive for some time.
But this increase in commercial confidence is prompting many employees to re-evaluate their jobs and there is now a significant danger of major personnel shifts throughout the industry.
A wholesale shift of staff could seriously undermine the upturn. The cost to an organisation of losing key members of staff - in operational experience, skills and customer knowledge - is more than significant.
Add in the cost of recruitment, training and the time new employees take to become productive and such costs can rapidly destabilise profitable new customer opportunities.
If the IT industry is to work its way out of the economic slump, organisations need to have a better approach to staff development and enable individuals to progress without repeatedly changing employer.
Managers must recognise and appreciate the aspirations and career expectations of staff and manage the day-to-day work experience of personnel to enable them to achieve their goals.
By providing such proactive career management IT companies can harness skills while avoiding over-extending to recruit and train new staff (if new staff were available).
Without this proactive approach to making the most of this key corporate asset, fragile new business opportunities may be hard to sustain.
More can be less when it comes to security