Contractors in the IT skills market may endorse the views of a leading security expert, which suggests that IT freelancers on the contractor payroll may need to assist the companies they’re placed with to become more aware of fundamental security issues.
According to Robert Cheyne, an expert with SafeLight Security Advisors, not enough end users are being adequately engaged by companies to take an interest in protecting their firm’s data. In an interview with SearchSecurity.com, Mr Cheyne said that it’s fairly typical for employees to assume that data security is already being taken care of by someone at a higher level, whereas the truth is that employees are a “major part of the security process.”
The issue, which clearly has relevance for the UK workforce, came to light in Boston, Massachusetts, when an employee of a healthcare company emailed sensitive bank details to a mortgage broker. The worker concerned mistakenly believed that the connection was secure when in fact it wasn’t.
One way forward advocated by another security commentator, Winn Scwartau, is for the industry to come up with solutions that have implicit security models integrated into them. This approach would remove the onus from individuals and move data security to an automatic, behind-the-scenes level.
This news comes in the wake of the first two monetary penalties issued by the UK’s Information Commissioner’s Office following major breaches of the Data Protection Act.