Security is also about education

Today I was seeing a doctors office part of the geographical region of Västra Götaland, which is somewhat unimportant, except that I wan’t you to understand that the “local doctors office” is part of a bigger organisation. This organisation spends a lot of time securing their data and I have no issue with trusting them of taking care of my journal.

So, this morning when I was in a treatment room, the nurse had to go get a throat testing kit. I was left in the room, all alone, with a closed door for about four to five minutes. In the room there was a workstation, currently displaying my journal. Yes, it was unlocked! And it wasn’t only unlocked, in the workstation’s card reader, the security card used for authorization within the organisation was still left. Not knowing that much about how locked down their terminals are and how hard it would be to “skim” the card, but even so, I think that this shows how week security is. You can spend huge resources on software and hardware, but still have the lousiest security, if you don’t educate your employees in a secure use of the IT equipment.

Don’t just spend money on infrastructure. Spend money on education of your employees to. I’ve been at organisations where you even had to take a course + exam just to access the Internet. You might think that a programmer would gain this level of trust from the beginning. But do you know what? I was all fine with it. It shows me that they are serious about their business. You should to.

//Daniel

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s