Comments on: The weakest security link? It's you

Despite their role as the last gatekeeper of IT security, many employees lack training and understanding.

[Jonathan]

Yah training lacks.

My company which will remain nameless, we don?t do any security training. Hell we fired our dedicated trainer 3 years ago and the lack of training shows. When I deploy a new system to a new user I gave them a brief overview of the system and for laptop users how to handle their laptops in the airport. I also stress these are not your computers and please do not load software on them but the reality is non of what I say has been approved by my company and is a poor substitute to a real class. Hell when these semi official worms showed up that looked like they came from corp people were tying to install the file from the password protected zip file left and right. I put out an e-mail, per my manager?s approval because he assured me out company would NEVER distribute software via e-mail, stating that never install software via e-mail. We use an alternative rollout method. And what happens? Less then 2 months later they roll out a patch via e-mail. Stupid idiots.

The corporations do it to themselves

I have been in IT, or an IT director for the last 7 years.
The companies I have worked for would never pay for the proper security. My job was to implement as much security as possible with the budget I was given.
Oddly, in the last 3 years companies have been so tight that the no longer purchase high-quality network gear - they would rather have a problematic $400 router than a solid $3000 managed router.
I spend about 15% of my week reacting to issues caused by bad security, bad practices, or to a surprise event that we had no infrastructure to manage.
IT managers should be empowered to find and resolve all possible security flaws.
They should be able to do anything needed to protect the company and its customers.
And, they should not have to work 60hrs. a week to get it all done - there is software for that!

[Tex Murphy PI]

Customer mentality hard to change

You can train the people till you're blue in the face - but if they really don't care about it, nothing is going to change.

Although I frequently remind my customers not to instinctively open every attachment that enters their inbox - they still do so anyway.

One Salesman even said that he was exempt from that rule - because he was sales, and he has to open every single attachment that comes in.

I'm so happy that these hackers are considerate enough to make sure that he doesn't get any of their nasty viral/trojan attachments.

As I said, training goes a long way, but it only takes an idiot to screw everyone over.

And yes, his system got infected several times after that conversation.