Common Cybersecurity Practices That Produce Unexpected Results
I read a recent article from the Harvard Business Review that listed the most common cybersecurity safeguards that are less effective against insiders than against outsiders. I thought I’d share this list :
- Access Controls - Rules that prohibit people from using corporate devices for personal tasks will not keep them from stealing assets.
- Vulnerability Management - Security patches and virus checkers will not prevent or detect access by malevolent authorized employees or third parties using stolen credentials.
- Strong Boundary Protection - Putting critical assets inside a hardened perimeter will not prevent theft by those authorized to access the protected systems.
- Password Policy - Mandating complex or frequently changed passwords means that they often end up stored in places that are easy pickings for someone with physical access.
- Awareness Programs - Simply requiring employees to attend a class or read the company’s IT security policy annually will not magically confer cyberawareness on them. Nor will it prevent staff members from taking harmful actions.
Thanks to authors David Upton and Sadie Creese for these reminders that prevailing practices need to always be evolving in today's threat environment.
Tags: cyber security , cybersecurity ,