We already know that completely securing our data will never be solved. This problem can only be minimized through a holistic approach and mindset. Dave Stelzl uses the illustration of a house to further this point. Stelzl states that you can not keep criminals out of our homes using traditional locks, bolts, fences and other prevention mechanisms. I know this because I have all of these security measures on my home and we still had an intruder come in and take valuables one evening a couple of years ago. Security is the same no matter what you are trying to protect, including your family or your corporate data. I’m not advocating that you don’t try, in fact I’m suggesting just the opposite. You wouldn’t just take the locks, bolts, alarm systems and weapon of choice out of your home, right? I’m suggesting applying the protection, detection and response mindset that we have with our homes onto our data.
Our employees have access to pretty much all of our data and they need access to it to perform their job and help operate the business. So if the largest cause of security breaches are simply because an end user of the information miss handled it, typically on accident, then wouldn’t it make sense to educate them and make the aware of this? Of course! Here is a video from the CEO of AVG, a security software company, making this very point. Oddly most of these software/hardware manufactures will make you believe that simply installing their product will solve all of your problems.