People, not just computers, are key to IT security
1 min read
Making staff the key tool in information management – and not just computers – is the most effective way to avoid data breaches, say researchers from Loughborough University.
The surprise finding comes as a result of a partnership with Leicestershire County Council, under which academics from Loughborough examined how staff training and changes to organisational culture can improve information management.
Academics from Loughborough's Department of Information Science, led by Dr Mark Hepworth and Dr Tom Jackson, spent several weeks at the Council, observing staff, conducting interviews and running workshops.
The project found that people fall into character types, loosely defined as Miss Retention, Mr Sharer, etc – meaning some people hoard information on their computers, while others save it in shared drives with, if necessary, password protection.
Understanding these styles enabled the council and university to develop a range of interventions. A series of 'talking heads' case studies were filmed, an e-learning package for teaching information security developed and workshops created.
"Council staff use information all the time, but some people make better decisions than others, in terms of how they store or share it," comments Claire Everitt, the council's senior information management officer.
"Our knowledge transfer project with Loughborough University has given us an honest insight into the different ways in which information is handled across the council and with our partners. It has helped staff challenge their perception of information... This will enable us to devise clear, consistent standards."
"In many organisations, the emphasis is on technological solutions and the role [they] can play in managing and providing access to information, rather than the organisational culture and individual capabilities," comments Loughborough's Dr Mark Hepworth.
"More emphasis should be placed on people, giving them the opportunity to think about how they handle information and the impact of this on their work," he continues.
"Unless organisations take a proactive step to enable staff to make a radical shift in thinking and to take a systematic approach to managing their information, little will change."
