Corporate Security
Cultivating vigilant behaviour in people Statistics show that a large number of data breaches are due to employee mistakes
instead of hackers’ savvy. These mistakes include storing
sensitive information on unencrypted hard drives, accessing said information on non-secure devices and ignoring security protocols when opening attachments or sending information over the web. This two part series provides a framework for cultivating vigilant behavior in people. By Louis Yau
12 | Australian Security Magazine
S
inging praises of vigilance, which entails a high level of alertness and avoidance relative to potential risks of loss, as well as subsequent peace of mind, is easy enough. Yet there continues to be a worrying deficit of vigilance in societies and organizations. This issue is alarming, especially in the wake of increasingly sophisticated and multi-lateral threats. Security practitioners and systems alone cannot offer a panacea. The statement “Security is everyone’s responsibility” is a cliché but also quite true. People must take security into their own hands and minds, to be more precise. While it seems logically sound that people should be more vigilant, this is not reflected in reality. The spree of crimes and accidents upon the release of the popular phone game Pokemon Go was largely due to players being completely oblivious to their surroundings. This lack of vigilance led to them walking off cliffs and walking into muggings , to name a few examples. A lack of vigilance is not limited to phone obsessed millennials however. Scams, such as the
infamous Nigerian Prince email, continue to net in millions despite repeated government and bank warnings about them. While it cannot be denied that criminals are getting smarter, ultimately the best defense is vigilance and common sense. The Change Curve While it may be argued that embracing vigilant behavior is logically sound and that people shouldn’t be resistant towards change, the reality is that people don’t always think this way. A survey of 3000 employees found that approximately 60% of them did not like their compliance training, with only 44% believing that their training has ‘raised their awareness and understanding of compliance and ethics’ . Even the 44% positive response rate is questionable since many employees answer survey questions based on their perception of what may be the most desirable answer for their employer while spending as little time as possible on completing the survey.