Even the best technology can’t offset weak employee passwords and carelessness.
If your company is like most, you’re spending an awful lot of your information technology budget on security: security products to protect your organization, security consultants to help you understand where your weaknesses lie, and lawyers to sort out the inevitable mess when something goes wrong. That approach can work, but it fails to consider the weakest link in your security fence: your employees.
We’ve come a long way since the days of the Blaster and Zapper worms in the early 2000s, malware that infected computer systems and caused pure chaos in corporate networks for people not yet hardened enough to question the links and attachments that arrived in their inboxes. Yet as we’ve put together the agenda for Structure Security, a conference focused on information security to be held on Sept. 27 and 28 in San Francisco, it’s a topic that has come up again and again: How the best-laid plans designed by security experts can still be derailed by users with sloppy passwords or a tendency to leave smartphones or laptops in cabs.
If you’re a large company, you can invest in protecting your users from themselves. You can require smartphone users who want to access your network to let your operations people remotely erase sensitive data in the event of a theft or loss. Or you can insist users change their passwords every 30 days and require a 16-character password with letters, numbers, symbols, and doodles. For a lot of small to medium-size companies, however, cultural resistance to security overreach and a lack of resources to enforce even high-minded policies can result in significant loss of proprietary information, money, or both.
Read more here: fortune.com/2016/06/20/employees-computer-security/