Adding Security Makes Systems Unusable!

by | Feb/20/2014

Ask your IT Professional: “Are you implementing the protections that users won’t notice anyway?” …

The reality is that you can have, contrary to what some people believe, both security and productivity at the same time.

Enforcing security policies that dictate strong passwords is a common problem and sometimes results in, understandably, executives responding something like, “That will make our salespeople angry and we can’t afford to slow down their workflow!  Let’s leave the passwords restrictions the way they are.”  As a result, some companies still allow two letter passwords that never have to be changed. Attackers love that!

The IT professionals are right about security being important. But the executives “have the final say.”

Sometimes the key is to discuss changes with the executives that meet two criteria:  First, the change will improve security, and second, the users may not even notice the change.

Here’s a common problem: Putting productivity too far ahead of security such that security gets nearly wiped out.

Password restrictions are a change that most users will notice. Hence, IT professionals may receive a great deal of push-back from users, including executives if the password restrictions have been lax for a long time.

However, users will never notice many, in fact the majority, of security settings.  An example may be, as long as your users aren’t  used to installing their own programs (which is a bad idea anyway), is making users “just plain users” on their own machine rather than having, (the most common way), users being something called “local administrators.”

That modification alone can make enormous improvements in security because it is more difficult for attackers to “trick users into installing viruses on their machines” since users can’t install anything on their machines anyway. And maybe the users won’t notice anyway.

The real issue: It is your role to talk with your IT professionals and ask them, “Are you implementing the protections that users won’t notice anyway?”.

Stay tuned for more about “What to ask your IT Professionals” so that you know the right questions to ask.

Please forward this to your friends and post your comments below…