Only a total approach will do

A recently reported attack against a foreign-owned bank in the City of London poses some serious questions for readers who have responsibility for the security of their company's assets. But to be fair, the questions need to go right to the top.

How many SC readers are willing to bite the bullet and make themselves unpopular with the board and their colleagues? How do you begin to explain that investments in IT infrastructure security solutions over the past decade might count for very little? Nonsense? Well, maybe.

Who in today's organisation is going to invite the board to consider that, without a fully integrated approach to security, your company remains wide open to a successful attack.

There are straightforward lessons to be learned from both past and recent incidents.

Take an integrated approach – get all areas working together, including HR and legal.

Invest in vetting your staff – you might be delighted to hire three programmers from overseas for the price of one local resident, but how reliable are their credentials?

Do not ignore the staff who carry out routine, non-technical work – the cleaning, security and facilities staff are probably not the highest-paid workers on your payroll, but they have access to your most valuable assets.

Devote time, effort and resources to raising the security awareness of the entire workforce. Help everyone understand that they too have a crucial role to play in securing the company.

To those who say they have more important things to do, or suggest that company culture is focused only on making vast sums quickly, it's worth reminding those at the top how the mighty have fallen in recent corporate scandals.

A total approach to security might save their reputation and their business one day.