Does bug spray stop viruses?

If someone told you household oil cures arthritis, or that butter heals burns, or installing anti-virus is all you need to be secure on your network, would you believe them?

I recently had a shocking conversation with an IT professional working as the sole IT professional at a company in the US. I encouraged him to apply patches to his network and his response was, “I do not need to patch the operating system or applications—I have anti-virus and that protects the network from all security risks.”

At first, I thought he was joking with me. He wasn’t! I asked, “What if a user writes the password on a sticky note and the cleaning crew logs in as them to access secure files—does anti-virus prevent that?” The IT pro said yes he was protected.  Several of his “IT advisors” told him anti-virus was all he needed.

I attempted to get through to him for almost 10 minutes with other examples, sent him links to articles on news sites showing reality, and he kept going back to “his trusted advisors told him not to worry about it.” I asked who the “trusted advisors” were and he didn’t want to divulge their identities but assured me “they are really smart.” I even offered to have a conference call with the IT professional and his advisors, but he felt that wasn’t necessary.

This poor IT professional totally believes his reality. He probably will until something bad happens—and at what expense?

I experience this to varying degrees fairly often with “IT professionals,” and frankly I find it unsettling because executives trust their IT professionals with the safety of their business. Executives need to trust their IT professionals.

Executives please make sure your IT department’s advisors are trustworthy as well!


4 Comments

  • Jim Frey May 12, 2010 at 10:12 pm - Reply

    Some people need to learn the hard way. 36 hours of cleanup after nimda back in the day is what it took for my company to realize we needed to pay attention to security.

  • Mike Foster May 13, 2010 at 5:04 am - Reply

    Thank you Jim for your response. You are not alone. Some day it will be amazing to learn how to help people learn the easy way… and I am interested in knowing how!

  • Rafael Ortiz May 13, 2010 at 6:22 am - Reply

    I seem that a lot of times happend in the island on Mayor companies that think that their IT people are the know-it-all and they feel secure. But the always end learning the hard way after their systems breackdown.

  • Mike Foster May 13, 2010 at 6:52 am - Reply

    Thank you – It is this “false sense of security” that is so expensive in the long run. If people must learn “the hard way,” hopefully it only takes one “hard” experience for them to learn. Some people don’t learn even the “hard way” until something “hard enough” happens. How can we reduce the “hard” way threshold so people learn sooner?

Leave a Reply

Your email address will not be published. Required fields are marked *