Hugh Boyes, a cyber security expert at the Institution of Engineering and Technology (IET), has told a House of Lords committee that a basic level of security knowledge among employees is critical in the modern business world.
A reliance on a small number of professional security staff is insufficient and cannot he provide the level of assurance and security that the modern company requires he said.
Giving evidence to the House of Lords Digital Skills Committee he said:
“With the increasing use of computer-based and digital technologies in all aspects of our lives, engineers and technicians need to have a general understanding of cyber security principles.
This is essential if we are to improve the security and resilience of our systems. Most modern companies require all their staff to complete basic health and safety training and promote a workplace safety culture; cyber security should be approached in a similar way. It is the responsibility of anyone using computer-based and digital technologies and cannot be left to a relatively small number of specialists.”
And I think he has a point.
While health and safety training in some organisations can be very much a checklist activity, designed to cover the employer’s backside should anything go wrong, there is no doubt in my mind that some of the information made available will sink in and, in my experience, will work to reduce accidents in the workplace.
Looking at it from another angle, if you wish to drive a car you need to take lessons and, ultimately, pass a test to prove that you can handle the technology at your disposal without being a menace or danger to yourself or others.
Considering how long computers have been commonplace in the work environment, and equally how long they have been targeted from the earliest mischievous malware through to the more pervasive attacks we see now, isn’t it about time they were treated as potentially dangerous objects that should only be operated by those who have at least a basic understanding of how to keep themselves, others and their employers out of harm’s reach?
What do you think?