Process process process

Question: When is encrypted data still unsafe?

Answer: When it’s too damn hard to use it

Cambridgeshire County Council has today become the latest Authority to receive a slap on the wrist from the ICO. It seems that the Council encrypts its memory sticks, but for some reason a member of staff couldn’t use them, and retreated to the old way of using a non-encrypted stick, which was then lost.

The detail from the ICO states that staff encountered problems using the technology. This is NOT surprising. I know nothing about handling adults with learning difficulties. Why should I? Equally, why would someone who works in Adult Learning know anything about encryption?

Technology of any kind to non technologists is a pain. It’s confusing, frightening and gets in the way. It doesn’t have to be this way. Cambridgeshire should be applauded for its education programme for staff. But something hasn’t worked, and without the detail, it’s hard to attribute blame. But this is me, so I’m going to try anyway.

I am afraid part of the problem falls at the feet of the vendor of their stick encryption. Software and hardware vendors have a tendency to assume that just because people use Facebook, they are IT literate. At Sophos, our engineers don’t build anything that needs the user to click too many buttons to make it work. And if our customers do find it too hard, they have the right to hit us with sticks. The best IT products are a bit like cheese: if you have to think about how it works, you won’t use it. Apple and Google have it right – the interfaces are simple things of joy – they are intuitive and let you get on with life.

My message? Take the trouble to get your staff to try out new software gizmos before you buy them. If the staff can’t use them with minimal instruction, you are going to fail, and you have an expensive whizzy white elephant on your hands. And the net result isn’t project failure, it’s some poor sod’s personal details lost and potentially at risk.


About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Data Breach, Data Breach Fine, ICO, Legal, Security, Sophos. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s