Why Isn’t Security As Important As It Should Be?

One of the most important facets of computing these days is the topic of security. If you are someone who connects to the web in any way then you need to ensure that any device you use is locked down.

Traditionally, it has only been big business that has needed to concern itself with security because cyber criminals were specifically targeting money-making enterprises in order to steal money or valuable data. Nowadays, the landscape is changing and even small entrepreneurs present a worthwhile target to hackers who would attack them. Even the man in the street who does not use his computing device to make money in any way is at risk as cyber thieves target credit cards and bank accounts.

Worse, recent news events have confirmed that even non-monetary information has its value to many different parties. It seems that cyber criminals aren’t the only ones looking to get into your system or steal your data – government has its fingers in that pie too.

Unfortunately, not even corporations always consider computer security the way they should, so its hardly surprising that home users and everyone in-between is still at risk.

The bad guys are out there, looking for a hole in your defences, looking for a way in. If you have something of value on your computer or network then someone is always going to be looking for a way to get their hands on it.

If you are not actively looking to defend your system then who is?

You cannot set your computer or network up with the default settings for security and expect that to suffice. It really isn’t that simple, mainly because too many other people and organisations do exactly that. Default settings are a boon for the bad guys – they’ve long since worked out how to get around them.

In some respects I can almost understand why regular home computer users don’t take security seriously enough. Whilst security professionals may be baffled as to why John Doe doesn’t protect his devices, the truth is that the average person is still not sufficiently aware of the risks. Many people I know still think that bad things happen to other people. Security doesn’t, and won’t. concern them until they themselves fall victim to some sort of ruse or attack. Thats unfortunate but, alas, its just the way it is. More security awareness is certainly needed but, for now, the situation is such that the majority of computer users think security is something they don’t need to worry about.

What is not understandable, however, is why there are still businesses out there that don’t prioritise security as they should.

Many a business still sees computer and network security as a cost; something that eats into the key figure on its profit and loss account.

That of course is true – good security does represent a cost to business – but the real cost is when a lack of protection leads to something far worse, such as a data breach.

The benefits of good security implementation may be hard to quantify but information security professionals do need to think in terms of profit and loss and the overall business strategy.

Whilst they may not be able to go to the board and explain how much money a good security program will make for the company, they can certainly present a case for how much it could save in terms of mitigating data breaches and all the bad PR surrounding them, not to mention any potential issues with any relevant compliance regulations.

So, as you can see, businesses of all sizes, as well as individuals, need to have an eye on security. The fact that not all do can often be down to the fact that they haven’t been attacked themselves…yet.

Presenting the potential costs of a security incident to a recipient, regardless of type, may well be the answer to getting the message across. No-one likes a fear-monger and painting a picture of peril may not be the solution but sometimes putting a financial cost on inaction is necessary.