Start Sweating the Small Stuff

In his recent New York Times article, “That Daily Shower Can Be a Killer,” renowned geographer Jared Diamond observes how Americans tend to greatly exaggerate risks that are sensational and beyond our control—like plane crashes and nuclear radiation—yet underestimate the mundane, but more common risks that we can control—like slipping in the shower or falling from a ladder.

In my geek-centric mind, I immediately drew a corollary to computer security.   We’ve all met the engineer who will spend weeks obsessing over which password hashing algorithm to use, but fail to implement a solid password policy.

If you find yourself being hyper-paranoid about dangerous, but implausible attacks…stop!  Do a quick risk/frequency gut-check to determine whether you’re wasting time.  You shouldn’t be debating the strength of SHA-256 while your employees are emailing trade secrets to a Nigerian Prince.

XKCD: Security

What are some of the fall-in-the-shower type risks when it comes to data protection?  Our State of Data Protection Report from last year highlights a few:

  • Only 26% of companies are very confident their data is protected
  • 18% weren’t confident at all
  • 23% of companies were not confident or unsure where their critical business data resides
  • 27% of companies did not monitor any access activity on file servers and SharePoint sites
  • 13% of companies never revoke access to data when an employee leaves the organization
  • 61% do not scan their environment for sensitive data

Based on our results, there’s clearly a lot of room to tighten up these fundamental areas of day-to-day risk.  Just as Mr. Diamond’s goal is to reduce life’s common accidents to 1 in 1,000, we should strive to minimize common data security risks, like insider theft, by implementing soundsecurity programs.

Want to learn more about risk analysis?

Here are some good resources:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s