My wife and I went shopping for a new bag recently. For her
it is important that there is a zippered top because it is more secure. That
made it difficult because most of what we saw were without.
I felt it was not needed because a bag is so personal that you will always guard it closely. She disagreed saying there are always situations where it would be exposed without total supervision and a zippered top buys that extra security and time needed then.
I have to agree because it is an example of using a technology to supplement good security practice. My wife’s bag is almost always slung over her shoulders when she is out and she hardly ever puts it down and the zip remains shut. It might be considered overkill and looking at the choice of bags most people seem to think a zip is not necessary.
I can think of two reasons why the zip is a good idea. It makes it a tougher target for opportunistic thieves who can easily look elsewhere especially with so many zipless bags about. It also prevents the contents of the bag from falling out and this avoids a heap of pain when it comes to replacing things like driver’s licence, credit cards and the lot.
When something is considered worthy of protection, the security habits and technologies that surround it have to be considered. The habits can be taught and practised until they are 2nd nature. The technology can be chosen to support the habits but only to the point that the activity is not unduly affected.
You can make a habit of keeping your bag closely tucked to you. You can add a zip for those times when you are unable to guard it fully and to securely contain what’s in there. But you won’t use a lock, which is most times overkill.
Protecting information has many parallels with this situation. The debate about the effectiveness of user awareness training versus the use of technology still carries on. I think both are necessary. User awareness has to be done constantly in an effort to develop secure habits surrounding information.
Technology has to be assessed for its suitability to the business process. There are most likely more than one option for protecting data in a situation and it is the duty of the company to choose the solution that allows them to realise commercial activity in the safest possible manner.
Comments