The Devil’s in the detail, so the saying goes. Wise words which apply with especial force to data security, not that you’d notice in many large institutions (and not just the ones currently in the corner in a dunce’s cap).

Time and again, when sensitive information goes AWOL, you find the focus has been on fixing the big stuff. Staff up an IT department, invest thousands in a sophisticated firewall, buy the right software and you’re home free. At least that’s the apparent misconception. Unfortunately, problems are not solved by chucking enough money at them, as more than one important client of mine has discovered to their cost.

Yes, folks, I have been in the bank where data theft is suspected and found staff sharing workstation passwords. Likewise the broker house where fraud is suspected to find it’s fine for people to bring in USB flash drives. The sight of an iPod connecter dangling out of the front of machines earmarked for analysis has become relatively commonplace. Yet they wonder at my horrified gasps.

We’re talking bog-standard basics here, aren’t we? Or do these people read nothing at all? What on earth is the point of the rest of us manically shredding personal papers with one hand and locking down our digital systems with the other while those professionally in possession of intimate ID facts are happy to dice with danger?

Common sense costs nothing. Perhaps that’s why so little of it is on display in certain commercial premises. Less razzle-dazzle and rather more thought is what’s needed. Preferably before the worst happens. Taking a global view of security is all very laudable and necessary but there’s little point in having your binoculars trained on the horizon when the enemy is banging on your door.

Like charity, security starts at home. So let’s hear it for dealing with the details, the ones in front of us, practically poking us in the eye. Of course, it does mean confronting an uncomfortable issue – one which we all know about but don’t like to mention. That would be the fact that more security breaches are perpetrated from inside an organisation than from outside. But even if all staff members were RUHP (Really Upright, Honest People), who would go to their graves having never entertained the merest notion of ripping off their neighbour’s IP, sloppy habits lead to sloppy thinking. It’s then only a matter of time before some inadvertent laziness causes a crisis.