There has been much smirking and finger pointing recently – with the FBI left and centre.
As reported by IT Security Guru a few weeks ago, FBI Director James Comey was very vocal in criticising unbreakable encryption on smartphones saying such capabilities allow users to “place themselves beyond the law”.
So, imagine my surprise to discover this week that nestled among the smartphone safety tips promoted by said agency, the FBI itself recommends we all use encryption to protect ‘personal data in the case of loss or theft.’ It also says that we should all ‘passcode protect’ our devices.
Other instances of double standards
Here, in the UK, irony is also alive and well. Our very own Information Commissioner’s Office (the body responsible for making sure organisations are responsible with personal data) recently held its hands up to a breach. Not only was the statement it issued concealed in its annual report, but the language describing said breach could be considered obfuscated by its use of a double negative.
It said it had suffered a ‘non-trivial data security incident’ – to you and I that translates as ‘significant’ doesn’t it? Having the power to fine organisations up to £500,000 for breaches, I wonder what Christopher Graham imposed against the ICO for this oversight?
In every enterprise the world over, there is evidence that different rules apply to some employees’. We all know at least one executive who has stored corporate data unencrypted on a device because ‘it’s just easier.’ Or doesn’t have a password on their smartphone because ‘it’s a nuisance.’ I’m sure you can insert a million other examples that exist within your own organisation.
On a personal level, my late father would often say ‘do as I say, not as I do’ if his ruling were challenged on grounds of ‘unfairness.’ For instance – I have a clear memory of him towering over me, cigarette in hand with smoke accentuating his angry shouts not that dissimilar to a fire breathing dragon, as sentence was passed against me for having been caught smoking.
To the petulant teenager sent to her room, I have to confess that this inequality did erode some of my respect for his authority, and definitely led to my further mutinous behaviour. While the petulant teenager believed rules were made to be broken, the now adult realises that the angry old man had my best interests, and health, at heart.
I suppose the point I’m trying to make is that, if you want your workforce to take security seriously then you need to lead by example – take security seriously. And that means EVERYONE plays their part, without contradiction or exception.
Till next week, stay safe.
Dulcie McLerie