"A blind person with a taser just shot my forklift driver!"

Scenario 1

"Hi Bob, welcome to the warehouse. How's your first day going?"
"Yeah great. So what do you want me to do?"
"Well I guess we'll start you on the forklift."
"Um, ok sure."
"So you've driven things with wheels before?"
"Yep, I'm good to go!"

Bob is comfortable driving things with wheels. Has done it before, can't be that hard. He gets in the forklift, goes to pick up a crate. He lifts it up high, and then tries to move the forklift back. But he selects the wrong gear, slams the forklift forward, smashes into the shelving, which them proceeds to topple over, and create a domino effect in the warehouse. He destroys $100k worth of stock. Customers now can't get their stock, so they create new supply relationships with competitors. Staff are sitting idle, but on full pay. There's a significant clean up effort, and all the broken stock must now be replaced and shelved. The company goes broke, and closes down. Bob is not feeling the love.

Scenario 2

"Hi Kate, welcome to the company. How's your first day going?"
"Yeah great. So what do you want me to do?"
"Well we need to get a bit of data entry done, so let's start with that."
"Um, ok sure."
"So, you've used computers before?"
"Yep, I'm good to go!"

Kate is comfortable using computers. She can turn them on, open applications, use email and browse the web in her lunchtime. Later in the week she gets an email from what looks like a government department saying there has been a breach of privacy with one of their clients, and she needs to download a file to view the breach. Concerned, she quickly downloads the file and clicks on it to open it. The file runs a cryptolocker program that begins to encrypt every file on their file server that Kate has access to. Staff are now unable to work. IT and Management is scrambling around trying to find out what happened. IT has to restore all files from the backups that night. But the restore doesn't work - there's a problem with the backups, and this would have been picked up if IT was regularly testing the backup & restore process. So a restore is done from data that is 3 weeks old. Staff are scrambling to recover lost work and input it into the systems. Customers can't get their services, so they go elsewhere and create new supply relationships. Staff are on full pay for 3 weeks, customers are leaving in droves, the company goes broke, and closes down. Kate is not feeling the love.

Morons

Is Bob a moron? No. Is Kate a moron? No. Are they malicious? No. Should they have been trained properly before doing their job? Yes.

Both Bob and Kate were expected to do roles when they were not adequately trained in how to identify and manage the risks of the role. They'll both probably have nightmares for many years to come, and the dole queue just got a bit longer, but it's not their fault.

The Real World

It's interesting that in Scenario 1, Bob in the real world would be unlikely to be operating a forklift without appropriate knowledge of what can go wrong, and how to mitigate these risks.

It's even more interesting that in Scenario 2, Kate in the real is almost certain to be operating a computer without appropriate knowledge of what can go wrong, and how to mitigate these risks.

Both scenarios carry serious consequences (damage costs, loss of productivity, recovery costs, loss of reputation). They can both cause some minor damage and costs to the company if they're lucky, or they can both destroy the company if things go really bad.

Then consider how many staff you have using computers that aren't trained in how to identify and respond to IT security threats. Probably a lot more people than you have forklift drivers! And then consider that your computer users are being actively targeted into clicking on things they shouldn't, because hackers know they aren't trained and also how to fool them. It's not like you've got a blind person in the warehouse trying to shoot forklift drivers with a taser!

The Solution

Train your staff, so they don't click on stuff they shouldn't (up to 85% of IT security breaches are from staff doing that)!

Get in Touch

Contact Details

qassure logo