IT Safety Culture – When Security Fails

After the WannaCry ransomware attack on May 12th, 2017, many technological myths were revealed. The areas of IT security and IT in organizations do not meet the functions for which they were designed. On the one hand, the major organizational failures in companies, the absence of controls and the permanent monitoring of the systems were brought to light. Security policies and protocols were never questioned as that day, all organizations thought they were never going to suffer a computer attack and that this only happened in obsolete systems or in small companies.

However, faced with this reality, everyone was very wrong. The largest companies in the world, including their headquarters in other countries, were exposed to risk. The high sums of money that are invested in technology, with the purpose of having less vulnerable systems and thus to safeguard the information, were very short to deal with what happened, nothing was enough.

Computer security policies and protocols cannot prevent all attacks on computer systems. In fact, there is a more serious problem within organizations and are not related to having installed and updated anti-virus software in computers. The point is focused on “social culture.” In many occasions, we question access problems in the networks of the companies, and that impact the free access to the Internet. Access restrictions are becoming more complicated and there is a handful of sites that can be accessed without problems. Despite all these problems and delays, it is necessary to identify that all these security protocols seek to benefit the treatment given to the information of the organization and safeguard the data better. Blocking dangerous sites, not accepting spam, scanning pen drives, and keeping computers updated are good practices that help control the management of information within the organization to prevent any inconvenience of computer insecurity.

The culture in large companies is that IT and IT security are alternate areas that operate reactively and on their own. However, these processes must go hand in hand with the company’s policies, values, mission, and vision, and aimed to be a compendium where each sector offers its knowledge in search of the common goal. Consistent campaigns should be carried out to make employees aware of the implementation of good practices and to involve security processes in all projects and not just in those involving the modification of the company’s hardware and software.

It is of great necessity to make collaborators understand that strict security policies must be followed. It is not valid that they continue to believe in the mail chains that offer donations for each email sent, or that an Arab sheik died and the only heir of his fortune is you. People should also be made aware that updates to the OS are fundamental, especially when you have Windows, due to the vulnerabilities that it presents. Finally, the importance of having the permanent update of the antivirus is emphasized and to make periodic revisions, besides having an external backup of the vital information. All this helps us to make the systems somehow more secure and can prevent computer attacks. Just keep this in mind: “You should not be naive in the computer world, nobody gives anything, much less in the network”.

You may also like


What is Phishing?

Cyber Attacks

Cyber Attacks on the Look

Scope Changes

Dealing With Scope Changes in Projects Management