SC Magazine recently took a look at Barclays’ latest effort to inspire security consciousness amongst its staff. As employee awareness initiatives go, this is an innovative and ambitious project.
In essence though, Barclays’ new strategy has at its core what many other analysts and experts have told us in the past: that encouraging proactive behaviour among staff is the key to effective security in the enterprise. Former Quocirca analyst Fran Howarth summed up that attitude in this 2009 paper, by saying: “Only when employees are made aware of what is expected of them and understand how inappropriate behavior can negatively affect the organization are they likely to think about the consequences of their actions.”
Tackling problems before they arise will always be preferable to dealing with their fallout. But promoting a proactive attitude towards security will be of little use if it is not backed up by the necessary technology.
While large organizations such as Barclays have the benefit of sophisticated systems, which ensure that its workers’ proactivity is matched by the effectiveness of its technology, not all firms can currently say the same. Simple measures such as username and password protection may have been good enough in the 1990s, but are not simply outdated and not sufficient to protect a business in the digital age.
It was with this in mind that we created JustAskGemalto. We know that our solutions are far more effective when they are being used by people who understand the security risks they encounter on a daily basis, and why it is in their interest to counter them.
Only time will tell if Barclays latest idea will prove as successful as its 2009 ‘Think Privacy’ drive. Nonetheless, its creators should be applauded for their efforts in attempting to include and involve the end user in the complex task of securing their company.