Computer Security is Everyone’s Responsibility
Computers are everywhere and on everyone. Some people are carrying multiple computers at once. No longer are computers huge boxes living in sealed rooms. The result is that computer security is everyone's business. There are some important principles for security. These are: A security breach can destroy a company. Security is both a technology and human practice. Security is a moving target and we need to build resilient organizations that can survive.
A security breach can destroy a company. No matter what size of company you have, a security breach can destroy the company. Most security breaches are where data gets out to our harm. Loss of the bank account, or customer data, or leakage of new product or process information can be very damaging. There are now new laws that make loss of customer data even more damaging.
The other major security breach are the computer viruses such as "ransomware" which encrypts your hard drive and demands a ransom to get the key to unencrypt it. These may take down one computer or the whole network. While many companies have paid the ransom, there is no guarantee that the key will be delivered or that some other party hasn't also encrypted your hard drive. There are reports of multiple ransomware on a single machine. In many cases, it is far better to scrap that machine and start over from the backup.
Security is both a technology practice and a human practice. No matter how good of a technology one might use in a safe, it doesn't help if the combination to the safe is posted right next to the safe door. People need training in security matters and why security is so important. Top management needs to know about the risks to the company from computer security and the need to invest in security practices.
Security is a moving target. We want to be able to buy a safe and rely on it but we can't. Whenever there is enough value, people figure out ways to break into such safes and new ways to rob information. Recent reports of how researchers have figured out what they call "side channels" to get into some smart phones really show how many different ways people can get at information. (One case is where the researchers started simply with sending bad WIFI packets to the device and that gave them a backdoor into the phone.)
To make our organizations resilient in the face of such problems, we need to rethink the value we get from being connected and new ways to protect that value. Having current (and tested) backups and using encryption on all important data is the starting point. Some companies practice attacks including sending "phishing" attacks to staff to see who needs further training. Other organizations are actually going back to typewriters and paper "because nobody can hack a typewriter."
We need to keep aware of computer security issues and be willing to redesign our computer systems if they put the company at risk when they fail or are hacked.