A very useful technique from the quality assurance profession is the 'five whys'. This originated in Japan and has now been picked up around the world particularly by the car industry. It is a simple approach to problem solving and more importantly continuous improvement. When something goes wrong, you ask the question of why it happened five times, each time trying to probe the reason for the failure. When it works well, it should lead you back to the real fundamental problem. For example:
- why has this gear box failed?
Because gap between the plates was too wide.
- why was it too wide?
The specification was not tight enough.
- why was the specification too generous?
The engineer was not fully trained in statistical process control.
- why was his training indadequate?
The HR department did not include it on their job specification.
- why did the HR department not draw up the best training plan?
Senior management did not appreciate the importance of this particular skill.
As you can see, this process reveals a lot about this companies set up and also generates a whole series of actions. Yes the specification needs to be changed, but so does the way the staff are managed and so does the attitude of the company's senior management.
Let's apply this approach to the recent news story about the phone company Talk Talk being hacked.
- why was Talk Talk hacked?
Because their security was the weakest of the potential targets for this kind of attack. (We can assume that the hackers tried other companies.)
- why was Talk Talk's security below the industry norm?
Because inadequate resources had been devoted to it by the senior management.
- why was security a low priority?
Because the management were unaware of the potential risk.
- why were they unaware?
Because they didn't have the knowledge of the industry and its pitfalls
- why did they lack this knowledge?
Because they were drawn from a business elite whose background does not prepare them for the reality of modern technology.
If we look at the background of the woman in charge of Talk Talk we discover that she is from an aristocratic background, is a Conservative life peer and was educated at Oxford. I have to say I was impressed by her bravura performance on the media defending her company's position. I don't think she is at all without talent. But clearly the results speak for themselves and Talk Talk will vanish in the near future.
I don't have to worry about Talk Talk as such having no connection with them, though this kind of thing does tend to turn out to have surprising impacts when the dust has settled. But there is still some valuable learning to be drawn from the exercise. For a start don't be fooled by the confidence of people from an elite background. I find it hard not to be impressed by Oxbridge types and posh accents. But the reality is that they are no different in ability to any other group, and for some purposes are actually at a disadvantage. I need to watch this when employing people and when casting my vote. We certainly don't need any more of them in parliament than we already have.
More fundamentally, don't be complacent about security generally. I am are bit easy going with my personal data. It is important to remember that the small number of people who devote themselves to lives of crime are still numerous enough.
Finally, just to remember that whatever I do one of the companies I deal with can leave me wide open at any time. I really should get around to drawing up plans for what to do if any of my bank accounts get messed up. After all, they are all run by the same plausible but incompetent people who have wrecked Talk Talk.
No comments:
Post a Comment