Let’s face it folks: Security can be “too inconvenient” and when your boss doesn’t want to adhere to your security policy it’s going to be difficult to enforce. Just ask President Trump.
Politico reported that Trump could be the biggest cybersecurity risk to the U.S. government. Why? We all know he likes to Tweet. And he’s not too enthusiastic about staffers who want to put better security around his phone use.
Trump reportedly noted that security procedures are “too inconvenient.”
We’ll stop there with the Trump talk because there are bigger lessons to be learned here: Humans are the weakest security link and there’s a trade-off between usability and thwarting threats. In an ideal world, even bosses would listen to the security pros, but the reality is a bit different.
Do you honestly think Trump is the only CEO who rebuffs his cybersecurity team?
The average enterprise has multiple employees going rogue when it comes to security. Toss in mobile devices and social media accounts and you have the fodder for cybersecurity headaches. Trump just illustrates the point. And when the boss isn’t following procedure the whole food chain ignores security.
To anyone following enterprise security this realization isn’t a newsflash. Social engineering aimed at humans–always good for a cybersecurity incident–have led to a rise in ransomware, according to Verizon.
Meanwhile, securing mobile devices is an increasingly huge headache. Insider errors were at the heart of 17 percent of data breaches, according to Verizon.
Now you can argue that Trump should be following protocol given all the state actors that would find him a compelling target. But the reality is that all of us have a bit of Trump in us when it comes to cybersecurity. In the Trump example the stakes are simply higher.
What your security policies should look like
Tech Pro Research security policies: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness | Password management policy | Information security policy | IT physical security policy | IT leader’s guide to cyberattack recovery | EU General Data Protection Regulation (GDPR) compliance checklist