Users Are Too Nice
I really like being un-PC. It is a self protection mechanism, and besides after 25 years of security and infowar, I have a right to be somewhat paranoid.
Cisco says there are 4 classic user mistakes. I beg to differ. They say:
- Tailgating or letting people in to offices or past security ID card checks is rampant. Screw polite. “Yo, dude. I am paranoid. I’m gonna shut the door in your face and you can use your own badge to get it.” (OK, that’s after a few drinks, or when I am losing a football bet, but point made. Be polite if you have to.
- Wireless access points being installed by users. I mean, WTF, mate? C’mon already. This occurs because companies don’t offer a DMZ or a safe route to the Internet for visitors. Simple answer: Install your own wireless network, provide employees with the WPA code and be done with it. Anyone who sets up a wireless network without security or IT approval should be forced to eat nothing but beets and rutabaga for a month.
- Sharing private company data with unauthorized people is the result of poor training… and I daresay, the feeble minded HR-wonks and legal types who are afraid to actually enforce policy. Fire ‘em. Prosecute them.
- Mishandling corp data… like putting in on a USB stick or mobile PDA.
My list is a lot longer. Have you seen the irresponsible passwords allowed to pass muster in many companies? How about letting Microsoft documents to leave a company in native format, not sanitized? Adobe was made for a reason.
I could go on… and I am sure Cisco and I would agree on a lot more problems… I just hated seeing it limited to four.