The loss of a CD by HM Revenue & Customs in November 2007 containing personal and financial details of over 7 million families claiming child benefit was swiftly followed by assurances that such a mistake would never happen again.
Earlier this week, an agency of the Department for Health(1) admitted that over 4,000 NHS smartcards, giving potential computer access to patient records, had been lost or stolen - and nearly a third of these in the last year alone.
But no matter what steps an organisation takes, they will always run the risk of being compromised by human psychology and the way we perceive risk on a day-to-day basis, says Professor Gerard Hodgkinson, Director of the Centre for Organisational Strategy, Learning and Change (COSLAC).
“Our research shows that organisations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life,” he says.
“People tend to conceptualise the world around them in a simplified way. If we considered and analysed the risks involved in every permutation of every situation, we’d never get anything done! If I make a cup of tea, I don’t stop to weigh up the probability of spilling boiling water on myself or choking on the drink.”
Survey participants, all of whom regularly used IT systems in the course of their work, were asked to list examples of possible data security risks, either imagined or from their own personal experiences. A further group were asked to comment on the probability, underlying causes and likely consequences and impacts of the most commonly described scenarios.
Despite the survey data being collected over a period of two years, many of the risk examples envisaged by the study participants ironically matched – with surprising accuracy - some of the recent security lapses relating to information technology.
Says co-author Dr Robert Coles, “The results showed that when asked to focus on potential problems, employees seemingly exhibit a highly sophisticated perception and categorisation of risk, and insight as to the consequences of risky scenarios. However, this perception isn’t always translated into practice and elementary errors are still happening - and will continue to happen.”
The authors say that the results are useful for highlighting blind spots in what workers perceive as risk and probability, which will enable organisations to improve their induction and training processes.
The research also highlights the need to pay closer attention to the design of information security processes themselves. “Perhaps organisations should consider involving the potential users when developing crucial business processes,” says Dr Coles. “A well designed system should not allow these mistakes to be made. We need more triggers and mechanisms in the workplace that make us stop and think before we act.”
Prof Hodgkinson’s research, published in the February issue of the international journal Risk Analysis, is the first time that risk perception has been specifically analysed in terms of workplace information security.
The research was funded through Prof Hodgkinson’s tenure as a Senior Fellow of the ESRC/EPSRC Advanced Institute of Management programme (AIM).
Jo Kelly | alfa
New Foldable Drone Flies through Narrow Holes in Rescue Missions
12.12.2018 | Universität Zürich
NIST's antenna evaluation method could help boost 5G network capacity and cut costs
11.12.2018 | National Institute of Standards and Technology (NIST)
Researchers from the University of Basel have reported a new method that allows the physical state of just a few atoms or molecules within a network to be controlled. It is based on the spontaneous self-organization of molecules into extensive networks with pores about one nanometer in size. In the journal ‘small’, the physicists reported on their investigations, which could be of particular importance for the development of new storage devices.
Around the world, researchers are attempting to shrink data storage devices to achieve as large a storage capacity in as small a space as possible. In almost...
The more objects we make "smart," from watches to entire buildings, the greater the need for these devices to store and retrieve massive amounts of data quickly without consuming too much power.
Millions of new memory cells could be part of a computer chip and provide that speed and energy savings, thanks to the discovery of a previously unobserved...
What if, instead of turning up the thermostat, you could warm up with high-tech, flexible patches sewn into your clothes - while significantly reducing your...
A widely used diabetes medication combined with an antihypertensive drug specifically inhibits tumor growth – this was discovered by researchers from the University of Basel’s Biozentrum two years ago. In a follow-up study, recently published in “Cell Reports”, the scientists report that this drug cocktail induces cancer cell death by switching off their energy supply.
The widely used anti-diabetes drug metformin not only reduces blood sugar but also has an anti-cancer effect. However, the metformin dose commonly used in the...
A research team from the University of Zurich has developed a new drone that can retract its propeller arms in flight and make itself small to fit through narrow gaps and holes. This is particularly useful when searching for victims of natural disasters.
Inspecting a damaged building after an earthquake or during a fire is exactly the kind of job that human rescuers would like drones to do for them. A flying...
12.12.2018 | Event News
10.12.2018 | Event News
06.12.2018 | Event News
17.12.2018 | Studies and Analyses
17.12.2018 | Life Sciences
17.12.2018 | Power and Electrical Engineering