eSecurity: Government officials and the ‘Why should I care?’ quotient. A tale of the humble USB drive.

Posted by

I have to say I have a secret love for USB drives. I emptied my bag once and found no less than eight of them in there. These drives are such a great way to back up documents. I remember having copies of various chapters of my PhD thesis in various locations just in case my laptop died, or worse, got stolen. Those sticks gave me such comfort that my work would not be lost.

But as many of you know, using a USB drive is not without risk. I remember running a conference a while ago where we wanted to save the meeting papers on branded USB sticks. This was a great idea until we heard that there had been a recent situation, where USB sticks had been handed out at another conference with complimentary viruses. I had my team virus check each and every one of those USB drives before we loaded the papers, and handed them out to participants. I was not going to be the Government official who infected Government computers around the world.

However, a recent experience has brought it home to me that not all Government officials recognise the risks of the humble stick.

I attended a course just the other week with half a dozen or so officials from all levels of Government. Now these were smart people, but they gave not a moment’s thought to using a ‘shared’ USB stick. The purpose of the stick was to transfer each attendee’s exam responses to the trainer’s computer. We had access to wifi – I know, also a risk – and were given an email address where we could send our response if we wished. I was the only person who took up the email option. Instead, each of the other attendees systematically uploaded their exam and handed the USB back to the trainer. The trainer then downloaded the document and handed the drive on to the next person.

Seriously, would you drink from the same glass as six other people with questionable sanitation habits? I mean do you think that their devices had proper security in place? And there was certainly no virus checking going on. My guess is that that USB stick had been used by countless other officials in previous courses.

Of course the risk is not just to the laptops that had been paid for out of public purses across the country. More than likely, each and every one of these devices will, at some point in the future, be ‘plugged’ back into a Government network. Is this not a national security incident waiting to happen?

So how do we get Mr and Mrs Everyday Australian to GET eSecurity if our own officials can’t exercise some basic judgement and electronic hygiene. I refer to this as the ‘Why should I care?’ quotient.

It’s human nature to either completely avoid OR ignore risks that aren’t well understood. Technology has been, is and will continue to be of great value to our country. With this in mind avoiding the risk is not an option. But neither is ignoring it.

Perhaps a start to an elegant solution to this daunting quotient is for all levels of Government to put concerted efforts into helping their officials understand, rather than ignore, the risk.

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s