Stroz Friedberg, a risk-management consultancy, commissioned a survey [PDF] of information handling practices in businesses that concluded that senior managers are the greatest risk to information security within companies.
Though the conclusion is a convenient one for a company that specializes in information security to have drawn, I think it is credible. Senior management often sets "business-wide" policies that everyone except the policy-makers themselves are required to abide by. Everyone I know who's worked in corporate IT has horror stories about senior managers who refuse to adopt good password strategies, good email hygiene, etc.
More widely, the problem of leaders establishing "one rule for them, another for us," is an endemic one that cuts across several domains. When I was helping to kill the Broadcast Flag (a Hollywood-backed rule that would have required all technology companies to get movies studios to approve their hardware and software designs before putting them on sale), the studio reps were very careful to make sure that "professional tools" would be exempted from whatever onerous locks were put on the stuff the rest of us used.
And of course, many of them privately admitted that they used "region 0" DVD players that could play the movies they brought home from their trips abroad, even though these are nominally illegal and the studios claim to want them abolished. They also routinely used Handbrake and other illegal tools to rip DVDs, excusing it as not infringing when done by someone working for a studio.
Released by global investigations, intelligence, and risk services company Stroz Friedberg, the survey also found that 58% of senior management reported having accidentally sent the wrong person sensitive information, compared to just 25% of workers overall.
Corporate managers also put their companies at risk of intellectual property loss if and when they depart the company. Fifty-one percent of senior management and 37% of mid-level management admit to taking job-related emails, files, or materials with them when they have left past employers. Only one-fifth of lower ranking employees have done so.
Senior managers are the worst information security offenders
I first started writing about the remarkable Joi Ito in 2002, and over the decade and a half since, I’ve marvelled at his polymath abilities — running international Creative Commons, starting and investing in remarkable tech businesses, getting Timothy Leary’s ashes shot into space, backing Mondo 2000, using a sprawling Warcraft raiding guild to experiment with leadership and team structures, and now, running MIT’s storied Media Lab — and I’ve watched with excitement as he’s distilled his seemingly impossible-to-characterize approach to life in a set of 9 compact principles, which he and Jeff Howe have turned into Whiplash, a voraciously readable, extremely exciting, and eminently sensible book.
In Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?, a new paper in IEEE Security & Privacy, researchers from the University of Newcastle demonstrate a technique for guessing secruity details for credit-card numbers in six seconds — attackers spread their guesses out across many websites at once, so no website gets enough bad guesses […]
Michael Geist writes, “The global music industry has spent two decades lobbying for restrictive DMCA-style restrictions on digital locks. These so-called “anti-circumvention rules” have been actively opposed by many groups, but the copyright lobby claims that they are needed to comply with the World Intellectual Property Organization’s Internet treaties. Now the head of the RIAA […]
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]
The Pocket Tripod PRO had massive Kickstarter success in 2013, raising almost $85,000 in a single month. But this isn’t just another case of pre-release product hype. This ingenious little device folds out from a credit-card-shaped plastic slab into a sturdy stand with a surprisingly wide range of motion. In portrait orientation, your phone slides […]
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]