In light of the tragedy in Belgium columnist Rob Enderle writes that it is more important than ever to rethink our security efforts. People seem to think security is someone else’s problem, but the reality is that security is something we all need to own. Credit: REUTERS/Christian Hartmann I’ve had some rather unusual security training over the years. One of my earliest jobs was in security and law enforcement, and my course of study in graduate and undergraduate school included covering some of the largest security disasters in corporate history. Oh, and I was an internal auditor leader for a time when we had a tight emphasis on security. And, I’ve actually been a body guard.One of the things I’ve learned is that security is as much a mindset as anything else. Whether you are talking about personal security or securing your firm or country it is a heads-up game. The most successful are those that are constantly looking for abnormalities and are willing to do what is necessary when they see one to discover if there is a problem. Those that simply depend on tools or others to keep them secure likely aren’t. While these folks may lead far less stressful lives, their sense of security is a sham. Rethinking business travelLosing an employee, co-worker, and/or friend is not only traumatic to the people around them, but can set back company efforts related to that person significantly. Having this happen if the trip was avoidable is particularly painful. Over the last few years video conferencing solutions have become both far better and far less expensive. The cost of one system can actually be less than the cost of one trip. Terrorists seem to be attacking central transportation hubs in cities and unsecure transportation methods like trains. One way to keep employees safe is to just keep them, as much as possible, from being in either place.Rethinking work at homeWe seem to yo-yo around the work-at-home option, but most managers now seem to have a grasp of what jobs work best from home and how to monitor employees so they can tell the difference between those who can successfully do this and those who can’t. This not only lowers the risks associated with travel it can substantially reduce the cost of maintaining offices at centralized locations and hoteling. In addition, tools have improved dramatically over the years so that an office or cubical can now be automatically provisioned individually for an employee when they first log in to the office. [ Related: 8 must-have tools if you work from home ]Rethinking employee security trainingEmployees are facing a number of increasing threats both physical and electronic. I recently was made aware of Lockey, a new ransomware product that not only encrypts local storage but every piece of attached, both physical and virtual, storage as well. Given users are tricked into installing tools like this, firms should aggressively limit user access to just what they need and when they need it. Also, users need to be regularly trained to recognize and report attempts to phish them for any reason so that other employees, security and management can be made aware of an attack in progress. More typically what happens is we sound an alert only when an attack has been successful not during an attempt and, given the amount of damage that is being done, that is simply too late. Belgium reminds us that an attack can be physical as well, and actively looking for people who are behaving unusually and reporting them may not just save the company, it could save the employee’s life. While I sadly expect that we won’t take this seriously until more of us have lost loved ones, for those who can get ahead of this problem the reward of avoiding guilt will be well earned. Security is nothing to laugh atI have a number of funny security stories I could share, but there is little to smile about with what seems to be going on today. Being stupid can have mortal consequences. At the heart of much of the problem is that people seem to think security is someone else’s problem. If there is one overarching thing we can do, it is to accept that security is something we all need to own because with threats like what we are now seeing out of Europe and what we have seen here, that is the only reliable way we can actually be safer. Something to think about this weekend. Related content news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Electronic Health Records Electronic Health Records news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Hacking Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe