Human Risk Variables

Most people are familiar with the concept of IT vulnerabilities. However, most people do not realize that the greatest IT vulnerability is not a system or technology; it is the mechanism in which employees interact with those systems. A corporation can have the best IT security in the world; however, if an employee loses his laptop at an airport or accesses his corporation’s network from an unprotected wifi interface at home, the vulnerabilities are not contained or mitigated. This risk becomes even more significant when you consider the increasing number of home-offices that corporations are shifting towards. A “clean-desk” policy or password protection system may be enforceable at a corporate office, but what happens when an employee works from home? Many people don’t even lock their doors during the day let alone worry about securing proprietary information. 

Travel also exposes companies and their employees to increased risk, particularly in terms of securing proprietary information. Any time documents or information are taken away from a company’s secured facilities, there will be increased risk, both to the safety of their employees and the information that they are taking with them. Often this is overlooked and travel coordination is left completely up to the individual employee.Overall, the greatest vulnerabilities facing industries today stem from what we call “human risk variables.” Specifically, I am referring to all the risks posed to a corporation by current or former employees, whether malicious or not. It is difficult to find a balance between providing adequate security for your company and clamping down so hard that your security measures hamper productivity or make your employees feel like they work in a prison. By giving employees the freedom that they need to feel comfortable and do their jobs efficiently, companies are unfortunately putting themselves in a position where a vital part of their security plan is in the hands of potentially thousands of employees.