• Samantha - THC

Is It Really That Complicated?

If there was one aspect of my job, I had to say I enjoyed the most, it would be that I get to see organisations progress.

Sometimes though, I can't help but notice things might not have moved quite as far as they would have hoped. It happens. Businesses change direction, the hunger for growth is all important and things get in the way of solving some of the problems in the background.

The problem is, this can leave you exposed to risks that if left untreated, might cause bigger problems further down the line.

In reality, one of the most common things to get in the way of making much needed changes is overcomplicating an issue.

I'll give you an example...

Last time I saw this particular client, they had not long moved into their new office. A rented office in a shared building. It was nice. Nice and light, all the IT kit they needed, a range of hot desks and break out rooms. It really was a good space for them. The worrying thing was, I walked straight into the building, then straight into their office. Completely unchallenged and not a single lock between their new home and the outside world!

Ok, lets forget that I was there doing an Information Security audit for a moment, they had only just moved in and they "had a few bits left to sort out..."

However, I went back there last week (almost a year to the day since I last saw them) and sure enough I still walked straight into the office. No locks, no checking in etc etc etc. Naturally, I wanted to know why they hadn't managed to do anything about this significant security risk. The answer I got was very typical of what I see far too often.

"Well, we wanted an entry card system but, it was difficult to get connected to the network. So, we looked at a key-fob system but, it was quite expensive and we would have to programme all of the fobs ourselves. So, we thought about biometrics but..."

Get the idea?

Sure, they had looked at lots of very complicated options but, still had nothing to solve the actual problem of people walking in off of the street. It was when I suggested to them that got a mechanical coded lock to fit to the door, there seemed to be a light bulb moment. Like, why didn't we think of that?

Whilst looking for an advanced technical solution, they had forgotten what problem they were trying to resolve. When it came down to it, a simple lock would reduce the risk, cost no more than a few pounds and be installed in no time at all.

The temptation to over complicate things can do this. It can stop you from actually making any real progress. It doesn't end with just the technical solutions though.

In my line of work, I see countless Procedures, Work Instructions or S.O.Ps, which have been written in immense details but, do little more than tell people how to follow the on-screen prompts. Procedures written for processes that simply don't need them (I once saw one for who attends the funeral should a member of staff dies in service.) Procedures with a great long history of the process but, that we have to dig through to find any meaningful instruction or control...

It quite often is just an over complicated level of documentation that doesn't do anything to improve the actual controls. I have seen some ridiculously over complicated processes over the years, they always end up with the highest preventable failure rate.

It's not that complicated. Look at what the problem is, find some simple controls, actually take steps to solve the problem. Most of all though, just keep it simple.

Like so many things in life, business management systems don't need to be over complicated.

If you would like to talk with one of our team about how we can help get things back to basics, please get in touch.

#ISO #InformationSecurity #ManagementSystems #SimpleISO #SimpleManagementSystem

18 views0 comments

Recent Posts

See All