In a recent survey, 70% of (male) drivers said that their driving skills were "above average". Which tells you that most people think that they are better drivers than the others on the road. Well, PC security is probably like this - most users think that they know more about making the right decisions than the "average user". Which means they are likely to think that security features are there to protect others from their own mistakes - whereas they themselves, surely, don't need security measures because they know what they are doing. Of course, you know this isn't true (except, of course, in your case!)
So this morning at IT Forum, I joined a security session with Rafal Lukawiecki & Steve Lamb, subtitled "How to do more business with less risk". I was interested to hear their perspective, because my main experience of IT is as a user, and security always seems to be designed to get in my way and is designed to stop me doing things I need to do (okay, I'm realistic, and do recognise sometimes that it's there for my benefit)
Rafal and Steve's perspective was that while there are many new areas of security that are built-in to Windows Vista, there are 3 or 4 key features which everybody should be looking at, and thinking how it will help them to manage their IT infrastructure.
Here are those key security features:
Two excellent security nuggets from Rafal and Steve:
The overarching message was:
- You need tight security to make your systems reliable, and keep your data secure
- Your users want ease-of-use, and security gets in the way of that sometimes
The answer is to find the right compromise, because too much security will encourage users to find ways around your security; too little security might make your users happy but give an unacceptable risk for your business systems.
One recommended way to get your users on your side is to show them what the implications are if they don't pay attention. For example, if a user leaves a computer logged on, and leaves their desk, what information could another person see? Or who could be emailed from their Contacts list? Simple examples help to reinforce the message that a simple step like locking your machine (Windows Key + "L") is simple and improves security significantly.
Steve's blog is a good source for further information on this subject, and to explore the subject further.