The loss of a CD by HM Revenue & Customs in November 2007 containing personal and financial details of over 7 million families claiming child benefit was swiftly followed by assurances that such a mistake would never happen again.
Earlier this week, an agency of the Department for Health(1) admitted that over 4,000 NHS smartcards, giving potential computer access to patient records, had been lost or stolen - and nearly a third of these in the last year alone.
But no matter what steps an organisation takes, they will always run the risk of being compromised by human psychology and the way we perceive risk on a day-to-day basis, says Professor Gerard Hodgkinson, Director of the Centre for Organisational Strategy, Learning and Change (COSLAC).
“Our research shows that organisations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life,” he says.
“People tend to conceptualise the world around them in a simplified way. If we considered and analysed the risks involved in every permutation of every situation, we’d never get anything done! If I make a cup of tea, I don’t stop to weigh up the probability of spilling boiling water on myself or choking on the drink.”
Survey participants, all of whom regularly used IT systems in the course of their work, were asked to list examples of possible data security risks, either imagined or from their own personal experiences. A further group were asked to comment on the probability, underlying causes and likely consequences and impacts of the most commonly described scenarios.
Despite the survey data being collected over a period of two years, many of the risk examples envisaged by the study participants ironically matched – with surprising accuracy - some of the recent security lapses relating to information technology.
Says co-author Dr Robert Coles, “The results showed that when asked to focus on potential problems, employees seemingly exhibit a highly sophisticated perception and categorisation of risk, and insight as to the consequences of risky scenarios. However, this perception isn’t always translated into practice and elementary errors are still happening - and will continue to happen.”
The authors say that the results are useful for highlighting blind spots in what workers perceive as risk and probability, which will enable organisations to improve their induction and training processes.
The research also highlights the need to pay closer attention to the design of information security processes themselves. “Perhaps organisations should consider involving the potential users when developing crucial business processes,” says Dr Coles. “A well designed system should not allow these mistakes to be made. We need more triggers and mechanisms in the workplace that make us stop and think before we act.”
Prof Hodgkinson’s research, published in the February issue of the international journal Risk Analysis, is the first time that risk perception has been specifically analysed in terms of workplace information security.
The research was funded through Prof Hodgkinson’s tenure as a Senior Fellow of the ESRC/EPSRC Advanced Institute of Management programme (AIM).
Jo Kelly | alfa
New AI system manages road infrastructure via Google Street View
19.06.2019 | RMIT University
'Alexa, monitor my heart': Researchers develop first contactless cardiac arrest AI system for smart speakers
19.06.2019 | University of Washington
The quality of additively manufactured components depends not only on the manufacturing process, but also on the inline process control. The process control ensures a reliable coating process because it detects deviations from the target geometry immediately. At LASER World of PHOTONICS 2019, the Fraunhofer Institute for Laser Technology ILT will be demonstrating how well bi-directional sensor technology can already be used for Laser Material Deposition (LMD) in combination with commercial optics at booth A2.431.
Fraunhofer ILT has been developing optical sensor technology specifically for production measurement technology for around 10 years. In particular, its »bd-1«...
The well-known representation of chemical elements is just one example of how objects can be arranged and classified
The periodic table of elements that most chemistry books depict is only one special case. This tabular overview of the chemical elements, which goes back to...
Light can be used not only to measure materials’ properties, but also to change them. Especially interesting are those cases in which the function of a material can be modified, such as its ability to conduct electricity or to store information in its magnetic state. A team led by Andrea Cavalleri from the Max Planck Institute for the Structure and Dynamics of Matter in Hamburg used terahertz frequency light pulses to transform a non-ferroelectric material into a ferroelectric one.
Ferroelectricity is a state in which the constituent lattice “looks” in one specific direction, forming a macroscopic electrical polarisation. The ability to...
Researchers at TU Graz calculate the most accurate gravity field determination of the Earth using 1.16 billion satellite measurements. This yields valuable knowledge for climate research.
The Earth’s gravity fluctuates from place to place. Geodesists use this phenomenon to observe geodynamic and climatological processes. Using...
Discovery by Brazilian and US researchers could change the classification of two species, which appear more akin to jellyfish than was thought.
The tube anemone Isarachnanthus nocturnus is only 15 cm long but has the largest mitochondrial genome of any animal sequenced to date, with 80,923 base pairs....
29.04.2019 | Event News
17.04.2019 | Event News
15.04.2019 | Event News
19.06.2019 | Physics and Astronomy
19.06.2019 | Information Technology
19.06.2019 | Materials Sciences