The life of a small- or mid-sized business’s IT manager certainly would never be described as “easy.” These are the people you’ve charged with keeping the company’s computer systems running and secure.
It’s a tough job. So please forgive them for how they’ve decided, and how you’ve allowed them, to set up your company’s password policy.
Why? Because it’s pretty likely that the password policy they recommended actually puts you at greater risk. (more…)
One of my favorite phrases is “snatching defeat from the jaws of victory.” The slight modification of the old idiom is the perfect way to understand how it’s possible for even the most effective, well-written, well-intentioned, and strategically developed cybersecurity policies to become irrelevant.
In my experience, I’ve seen a company’s management find so many ways to completely neutralize their own cybersecurity policies. For the most part, they involve some level of egotism oftentimes associated with management, the most obvious being the idea that “these policies don’t apply to me.” However, there are many ways, some much less obvious, for management to undermine their company’s own cybersecurity policies.
And, by extension, making their company, their employees, their customers, and themselves less secure. (more…)