Security Corner

Oct 20 2010   5:49PM GMT

Why Trusting Users With Security is a Bad Idea

Ken Harthun Ken Harthun Profile: Ken Harthun

I have seen it happen time and again; I educate the people I support about proper security practices and they go on and do dumb things anyway. Trusting users with security is a bad idea. It’s a bad idea because it doesn’t work. Security is hard. It takes thought and effort. People don’t want to have to think about it. They want instant gratification and they want it to be easy.

So, what’s the solution? Do we lock everything down so it’s impossible to get in trouble? That has been proven unworkable. Do we switch to dumb terminals for mission-critical apps? Perhaps, but that’s cost prohibitive for small businesses.

The solution that works for my clients is a simple one:

  • There is an Internet usage policy in place and incorporated into the employee’s employment agreement; it is strictly enforced.
  • Server-based anti-malware with real time threat monitoring and notification is in place.
  • Proven anti-spam filtering is in place.
  • URL filtering is in place to block known malicious and prohibited sites.

In the last five years, where the above is implemented, I have had to respond to a security incident on only one occasion and that one was an internal breach by an employee who attempted to steal a customer list.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: