IT security overburdens employees - but "user bashing" is counterproductive
IT security offloads too much responsibility onto employees. Günter Junk, CEO of Virtual Solution, believes that security experts need to pay much more attention to the usability of solutions. He believes that mocking the notorious shortcomings of users is counterproductive.
Employees play a central role in IT security: they must not click on links indiscriminately, they must come up with strong passwords and memorize them, they must recognize phishing e-mails, they must not log on to dubious WLAN hotspots, and if they allow their smartphone with company data to be stolen, they may endanger the existence of their company. In short, corporate end users are a risk factor, and it would be best if only trained security experts were allowed to do the job.
Employees overburdened when it comes to IT security
"An employee simply wants to do his work as quickly and conveniently as possible. Whether that is then always security-compliant remains to be seen," explains Günter Junk, CEO of Virtual Solution AG in Munich, an internationally active security specialist. The company develops and sells the SecurePIM application and the SERA framework for iOS and Android devices. "But it's not the employee who should worry about that, it's the company." In fact, employees are now hopelessly overwhelmed with their role in IT security, even more so with the proliferation of mobile systems that often operate in insecure environments. At the same time, users are faced with cyber criminals who have almost limitless resources, great know-how and now years of experience.
Needs of the end user come up short
"When responsibility for IT security is shifted to the employee, the balance is no longer right," Junk continued. "Instead, companies need to provide their employees with tools that they can work with comfortably while still being secure and privacy-compliant. However, we are still a long way from that." Employees need tools for their work that they can't do anything wrong with under normal circumstances. Otherwise, Junk believes, they should not be blamed if something goes wrong. Companies usually focus on functionality and cost when making IT decisions, while the needs of their end users fall short. Even supposedly secure
Solutions ultimately do not bring security if their usability is so poor that when users want to do their jobs effectively, they try to bypass them and write down passwords on pieces of paper, for example.
User-friendly solutions instead of user bashing
"Security experts in particular like to rant about the 'human risk' and paint the shortcomings of users in all colors," Junk says. "This user bashing is very convenient and saves thinking about solutions that finally take the responsibility away from the employee effectively. Security and usability must be united. Working with secure tools must also be fun and convenient, otherwise security will ultimately fall by the wayside as well," concludes Günter Junk.
More information: www.virtual-solution.com
