The weakest Firewall is the Human Firewall!
The Human Firewall. That’s the person sitting behind the screen, creating, using, and sending digital assets. It doesn’t matter how great your client’s perimeter defense is, when their end-users are traveling all over the world, sporting the latest mobile devices, full of highly sensitive data. Or just plain ignorant of the risks involved in processing sensitive data. It’s time to move beyond IT…to the place where it happens.
Example: My Credit Card Number
Just this week one of my employees was setting up travel – I’ll be delivering the keynote at Westcon’s upcoming security conference in Park City, Utah, just about a month from now. In the process of scheduling transportation to and from the airport with the hotel concierge, we received back a confirmation email. I’m sure the hotel has a firewall – maybe a great one! But the email they sent contains just about everything a hacker would want to know about me – including my entire credit card number and expiration date.
I responded by contacting the manager over the concierge services…Naming the person who sent the email, I was told that the sender was new. They started their job just two weeks ago – he was sorry about the mishap. Not completely happy with this answer, I asked him if he knew why this was a problem…his response was about half-right. He seemed to get the fact that people can see email content. Pressing further, I asked him if he understood what PCI Compliance was, what a violation would mean to his hotel, and how Visa might respond if I were to put a call into them. He was clueless.
Somewhat enjoying this conversation (despite the fact that my credit card is probably posted on various websites around the world by now), I mentioned my keynote next month…speaking on this very thing. I noted that this might make an excellent example…again he apologized and we ended the call.
The opportunity Sits with the Business Side Managers
Stories like this one create opportunities. The business side managers are liable for what their employees are doing. If this type of thing creates a real problem, it’s going to cost the company money – big money. Target is going to pay for credit reporting, and Target customers were thinking twice about pulling out their credit card a week before Christmas last month. Companies can’t afford this – and it’s far more expensive than your proposals to fix it. But you can’t sell this to IT. It’s time to move out to the business units. Arm yourself with stories of disaster – learn to communicate the impact vs. likelihood message from my House & the Cloud book. IT does not have this one covered!
© 2014, David Stelzl
P.S. Learn more about selling to the Business Side…get a free copy of The House & the Cloud, along with my Value Proposition Keynote.