10 Stupid Moves That Threaten Your Company's Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
10 Stupid Moves That Threaten Your Company's Security
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 5   >   >>
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/27/2016 | 9:54:08 AM
Re: Even Password Management tools can cause problems.
@Broadway, I take it your career is not in HR and you have very little experience working with outside Sales people. :-) The skill set for being a good people person and exceling in Sales has nothing to do with being tech savvy.  Our business unit is not very big and we have people who stay 30-40 years. Think about teaching your parents good computer security skills. I don't know about you but I had trouble teaching my Mom how to turn the darn thing on and make sure it had an internet connection. "Stupid" is a relative term the way I'm using it.

And you are way wrong if you think that has anything to do with success. This company has been around since before you were born and has reinvented itself several times since I've been here. We sell globally and our product (brass alloy wire) is in things you use everyday. Think about next time you zip up your jeans, that's just one small place we supply wire for.

To these people, computer security (and computers in general) are just a means to an end. a necessary evil. If you think any of them go to bed worrying about creating a secure password you need to get more involved in your company's real business, what gets you your paycheck.

Now if you work for company who's data (financial, medical, etc) is your business, then your comment is much more relevant. But manufacturing, no. I could could give you every bit of IP we have and it would do you no good, you'd have to spend 100 million in capital to setup a facility to earn 5 million in profit every year. Doing that would really make you stupid.
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
1/26/2016 | 11:25:06 PM
Re: Even Password Management tools can cause problems.
TerryB, I suppose if you have "you can't fix stupid" people on your staff, then maybe you (being a company) deserve what happens to you. Sure, you can argue that every organization has bottom-barrel employees, but should you be giving them access to your system? Maybe give them a pad of paper, not a laptop.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/26/2016 | 3:41:56 PM
Re: Even Password Management tools can cause problems.
Joe,

Brilliant! Just Brilliant way of putting things here!

I could'nt put it any better of saying what you just said here.

Loved your "mypassword1" ,"mypassword2" touch especially!

Beyond Phenomenal.

LOL!!!

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/26/2016 | 2:57:16 PM
Re: Even Password Management tools can cause problems.
Sunita,

As someone who has had the oppurtunity to work/train with such systems including Logging systems I can tell you that eventually most SMBs just ignore most of the Alerts they generate(on Insider threats) for better or worse.

It seems that there is a limit to how much you can(and can't) Trust your employees.

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/26/2016 | 2:53:11 PM
Re: Even Password Management tools can cause problems.
TerryB,

Lots of very-very good points here!

I am reminded of a presentation from RiskIQ (on Social Media protections) I recently came across;there they focussed intensely on Defensive Registrations of Social Media accounts as well as Automation of protections and safeguards put in place.

Even there they constantly focussed on keeping your Users as aware/educated as humanly possible.

Just don't expect that to be your first and last line of defense!
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/26/2016 | 2:46:08 PM
Re: Even Password Management tools can cause problems.
Sunita,

That is a very serious problem,No doubts about that one.

Unfortunately,Until we see more and greater education/awareness amongst ordinary consumers(the most expensive smartphone is not neccessarily the best);this issue will not be solved.

This is an area where Training&education can most definitely help for sure.

 

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/26/2016 | 2:29:28 PM
Re: Even Password Management tools can cause problems.
Sunita,

Yes!

Its quite funny,until its you the one who is at the recieving end of the hack!

That unfortunately is the Ground reality we(in IT Security) are facing currently and have to deal with new and more and more complex threats with each and every passing day as we speak.
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/26/2016 | 2:26:06 PM
Re: Even Password Management tools can cause problems.
@sunita, everything can fail but think about it. Help Desk would rarely have reason to "cold call" a user to get his password. Usually that is in response to user entering a ticket. So probability of phisher hitting user when he has open ticket is incredibly low.

That said, I like your idea of some technique to verify, especially at large companies where you don't know your IT. We are small enough that thankfully is not a problem.

But if hacker had enough inside info, knew Help Desk person's email and could craft a bogus email appearing to come from that person, most of users would fall for that without batting an eye. Heck, I don't see what would stop me from replying if I thought I was talking to one of guys in Corp land that I know. But I'd like to think email has gotten good enough to stop that kind of spoof, that you could reply to one person and it go somewhere else. Links in email, yeah, those can go anywhere and you could train against that. But just hit "Reply"? If so, there really is no defense other than some inside verification, as you suggest. Good point.
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
1/26/2016 | 2:14:47 PM
Re: Even Password Management tools can cause problems.
@Ashu: What makes me laugh is when your $200 smartphone has an iris or a fingerprint scanner and not databases or computer information security systems which are worth thousands of dollars.
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
1/26/2016 | 2:12:19 PM
Re: Even Password Management tools can cause problems.
@Broadway: Training can limit human error and callousness but cannot entirely make it extinct. As long as humans exist, so would such slip ups.
<<   <   Page 3 / 5   >   >>


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Commentary
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll