What is the BIGGEST cause of data breaches?

People I talk to often think data protection is a matter for computer managers and such people.  This is not so.  The biggest cause of data breaches, according to an IBM survey, is human error.  And the humans making the errors are mostly NOT in IT departments.  We all have our moments.  We all forget basic security measures like keeping passwords safe, like not leaving computers switched on when we are out of the room, like not leaving confidential documents on the photocopier, and like not downloading stuff from insecure sites.

So when I write or talk about data protection, please don’t think I am talking to somebody else.  It could be your turn to cause a loss of data next.

The Essential Guide

I see the Essential Guide has now started an edition for Warrington Central.  I hope it will be a success.  There are so many businesses as well as individuals in the central area that I am glad there is a magazine like this for that area.  Although I use the Internet, as I am now, I still like something I can hold in my hands and read.  I think there are still a lot of others like me.  Give it a try1

Think Local!

As we are all getting lots of messages from politicians and others about the election in May, it is not surprising that most of the attention is being paid to the national scene.  After all, the make-up of the next Parliament and therefore of the Government, will make a big difference to many things.

However, let us not get so focussed on that as to overlook the local scene.  Remember that county, borough, district, unitary and parish councils are also coming up for election at the same time.  Not to mention the Welsh Assembly and the Scottish Parliament.

This could be a great opportunity to take a long hard look at your local council(s) and ask whether a change of ruling party would be a good thing. Or not, in some cases, of course.

Parties apart, what about individuals?  How have your local ward councillors been performing?  Are they working for the community or for their friends or favourites?  Are they honest or is there that nasty smell of sleaze?  Do they do anything other than collect their allowances?  How about letting in some fresh air?

Do not miss this opportunity to make your vote count at home as well as in Westminster.

Think Bike!

For some time now, we have been hearing how vulnerable cyclists and motorcyclists are on the road, and how easy it is for motorists to fail to notice them or anyway to take appropriate action to avoid them.  I entirely agree with the aims of this campaign.  I need to remind myself from time to time to look out for cyclists and motorcyclists when I am driving.

What about the other side of the coin?  When I am a pedestrian I often have near-misses with cyclists on pavements, footpaths and in pedestrianised areas.  They tend to come from behind without warning.  They tend to be silent.  They do not seem to make any allowance for a pedestrian turning unexpectedly into their path.

I am old enough to remember when a bike always had to have  a bell or hooter.  A simple, cheap and effective way of alerting pedestrians to their approach. Good Risk Management.  When did this go out of fashion?  Why?

Can we have a campaign to remind cyclists to “think pedestrian”?

Is Risk Management godless?

Some people think it strange that I can be involved in Risk Management and also think of myself as a Christian.

Surely, if I have faith, I must believe that whatever happens is a result of God’s Will.  Like the old song says, “In His Hands, He’s got the whole World”.  So why try to manage risks?  Why not rely on prayer?  Why not accept whatever fate God had planned for me?

I think these are reasonable enough questions, but I know that for me there has never been any contradiction between trusting in God and in making decisions based on logic applied to the available information, identifying and evaluating risks, and selecting suitable measures to control them.

One of the Temptations that Jesus experienced was to throw himself off a high building in the knowledge that God would preserve him.  His reply was that you should not put God to the test.  He seems to have been implying that if somehow he had accidentally fallen, then God would have found a way to save him, but it would have been wrong to act so irresponsibly as to do it deliberately. (See St. Matthew Chapter 4 verses 5 to 7).

We can see another example in the Easter story, when Jesus took steps to avoid being caught by his enemies, so that he would not die before it was necessary.  That is why he sent his disciples ahead to arrange for the donkey to ride on Palm Sunday, and again to arrange the place for the Last Supper. (See St. Matthew chapter 21 verses 1 to 7 and  chapter 26 verses 17 to 19).  He was not taking unnecessary risks.  Only necessary ones.

So go and read Load The Dice with a clear conscience.


A Health & Safety message too far.

I believe that Health & Safety is one risk, or rather one group of risks, that we all need to manage carefully.  I want to see the number of accidents at work, and elsewhere, continually reduced.  However, like any risk, it needs managing with a sense of proportion and to be balanced against other risks.

I have just heard that someone has sent out advice to supermarkets about the risks arising from the sale of daffodils.  Apparently, it is feared that if these are placed on sale near fruit and vegetables, they may be assumed to be edible.  The advice went on to point out that daffodils often contain toxins which can make people ill if they eat them, although I believe this is rarely for long and  never fatally.

I am not aware of many cases of daffodil poisoning, yet they have been on sale in lots of shops at this time of year ever since… well for a long time.  I would anyway have thought that I was not alone in knowing that daffs are flowers not foodstuff.

Do people really need protecting from themselves to this extent?  Are there not many more serious risks, in terms of both probability and severity, that we should be trying to manage?

Let us all try to develop a sense of proportion.

How to help criminals!

I have been reading about Ricky Hatton’s misfortune in having been burgled while on holiday, losing some very valuable items.

Now, I have been the victim of a burglary on two occasions in my lifetime and both when I was on holiday, so I really do empathise with Ricky, even though I did not lose anything of that sort of value. [Note to burglars: I still do not have anything in my house worth stealing.  Honestly!]

Like a lot of people, I reviewed my security arrangements after each event.  Yes!  It would have been better if I had done it before the burglary.  Isn’t hindsight wonderful.  However, perhaps we should all review our security arrangements every now and then.

I noticed that Ricky had tweeted about his holiday plans.  Perhaps this helped the burglars time their visit.  When I was young, you know, before decimalisation, the Common Market, and computers, the police used to advise people to cancel the milk and papers before going away, so as to avoid such obvious visible clues to their absence as piles of papers or lots of milkbottles on the doorstep.  As the world has “progressed” and fewer of us have milk or papers delivered, it is probable that the main source of information for criminals is the social media.

I said “criminals” rather than “burglars” because information is useful to many kinds of criminals, including identity thieves, hackers and con-men as well as old-fashioned burglars.

So let us all be wary about what we blog and tweet about, remembering we can never be sure who is going to read it.

Personally I would never want to upset Ricky, let alone steal from him.  I hope they catch them.


How to deal with malware

Many of us have had unwanted software, whether malicious or just inconvenient, land on our computers and then find we cannot get rid 0f it.  Often it comes on the back of something you had chosen to download.  It is particularly common if you order a free product from a supplier other than its principal provider.  Look carefully before you click, as they may have manes similar to the main, responsible business, like Macrosoft.  (I just use that as an illustration. If there is a genuine firm called Macrosoft and they do not send out malware, I apologise!)

How to get rid of it?   You can try using Uninstall but that might not work.  Some suppliers make sure there is no Uninstall facility on their software.  There are sophisticated tools out there, but a simple way is to reset your computer to a date prior to when the malware appeared.  Of course, you need to be sure you are not going to lose any vital work done in the interim, by copying the file in question to another computer or saving it online, but,  sometimes having to re-do some work is a price worth paying.

The sooner you spot the malware and take action the better.

Personal Protection

Because I talk a lot about business risks, some people think I would not be interested in advising on risks applying to them as individuals.  This is not true.  Firstly, there is usually a link between individual risks and those affecting businesses or the wider community or the world, and secondly because I am always happy to be able to offer even a small bit of useful advice to anyone who needs it.

I was recently asked about personal safety.  As it happens I know someone who specialises in that field and I would gladly refer anyone to him if it became clear that you needed someone with more expertise than myself.

However, it is worth noting that if your concerns about personal safety relate to a situation arising from your work, your employer has a duty to address the problem, at least after you have drawn it to his or her attention.  If he thinks there is nothing he can or should do, that is his decision, but if he is wise he will conduct  a risk assessment and record it, so he can show his inaction was not just negligence but the result of a logical process. If an accident or incident did occur, your employer would be hard-pressed to defend a claim if he had dismissed your concerns without any sort of assessment.  If he had done an assessment, the Court would have to decide whether it had been adequate, and that would depend on many things.

If it does not concern your employment, I would still be happy to talk it over with you and examine possible ways of managing the risk that might be open to you.

If you have any concerns about any kind of risk, at work or elsewhere, do get in touch and let us see if I can be of help.

An initial interview is always free.

You’ve got cyber security covered, but what’s in the mail?

I have just heard that the Ministry of Justice has lost some highly sensitive information on discs being sent in the post.

This, after the totally embarrassing loss of millions of items of personal details by HMRC a few years ago on discs being transported by courier.

Will they ever learn?

We have no choice but to provide details to the police and government agencies when instructed to do so.  But at least we can be better than them.  If it is sensitive, deliver it in person, or use a really trustworthy courier.  Also why not encrypt the data so if it gets lost it is no use to anyone else.  Of course, you need to take a back-up copy so you are able to function normally even if you lose it.

It is no use worrying about cyber security if you do not pay attention to low-tech security too.