Now I want a shirt that says Human error.
Used this as a slide in a security talk I used to give! Says a lot.
Permissions. Security is never about convenience. No one wants to hear that they can’t have access, but they just can’t. There’s a reason why even permissions for IT are usually broken into so many fragments. Anyone can fuck everything up if they have the permissions to do so.
Security is literally also about Availability
Loved my last CEO. He was plenty tech literate, but when something new came up, “I don’t want access to that.” When auditing accounts, “Nope. Delete my account.”
Had a VP that was the head of IT at one point that used to tell a story how he took the whole company down on his first day. He was a disciplined person as well. (Was in the British Royal Navy, then later the U.S. Navy). They were in the middle of moving a lot of their services over and had a 3rd party company contracted to install some kind of new switches if I remember correctly. They set it all up, left him with the information and contact info I guess for assisting whoever was going to managing them. Well he apparently tried to log into one and managed to factory reset it somehow on accident. No idea how he did that on accident. But the company managed things from the Virgin Islands to North Carolina all the way west to Texas. It was corporate headquarters, so… No paychecks for thousands of employees across 100+ sites and the whole 9 yards. Thankfully a quick fix once so everything was back up the next day, but that’s how you make a good first impression.
Still no idea why they had a 3rd party installing those switches though… Definitely something we managed in house by the time I got there
Cybersecurity engineer here: I work for a defense company’s data protection arm and you have NO IDEA how true this is. The really good companies spend almost as much in employee training as they do in software/hardware.
But you wanna know what’s even a bigger problem than human stupidity? GREED I’d say about 50% of the companies out there have very little or no security because why invest in something that produces no profits?
I don’t write my password to a post-it by error. It’s fully intentional.
I do it because I’m forced to change it every 3 months, to a random 9 letter series. I have to write it down, i have no hope of remembering it.
This. Password changes are cretinous theatre, nothing else.
[Internet slap] USE A PASSWORD MANAGER!
IT would prefer you just remember it, but if you do need to write it down… Try to put some effort into encrypting/hiding it.
KeePass is free, ask your companies nerd herd about it.
And Dave likes free USB sticks.
This is just the warm up. HAL 9000 is up next.
