The life of a small- or mid-sized business’s IT manager certainly would never be described as “easy.” These are the people you’ve charged with keeping the company’s computer systems running and secure.
It’s a tough job. So please forgive them for how they’ve decided, and how you’ve allowed them, to set up your company’s password policy.
Why? Because it’s pretty likely that the password policy they recommended actually puts you at greater risk.
One of my favorite phrases is “snatching defeat from the jaws of victory.” The slight modification of the old idiom to reflect an action that transforms guaranteed success into abject failure.
It is also the perfect way to understand how it’s possible for even the most effective, well-written, well-intentioned, and strategically developed cybersecurity policies to become irrelevant.
I’ve seen so many ways a company can completely negate their own cybersecurity. Usually, it involves some level of management errors, the most common being that “these policies don’t apply to me.”
However, there are many ways, some much less obvious, for management to undermine their company’s own cybersecurity policies.
And, by extension, making their company, their employees, their customers, and themselves less secure. (more…)