IT security would be so much easier were it not for users. To be specific, it would be easier if users didn’t insist on doing things with their computers and devices. Unfortunately for security teams, it’s hard to have a productive workforce if all they do is sit and stare at their lovely, perfectly safe computers, so security professionals have to constantly take into account users and their risk behaviors.
Not all user interactions are risky, fortunately, and not all risky interactions are equally risky. So which of the unfortunate interactions are most likely to send security professionals diving for their quart-sized bottle of bright pink antacid beverage?
This list springs from a conversation with Corey Nachreiner, CTO at WatchGuard. As with many of these conversations, it began with a short list that grew with, “Oh, and another one is…” repeated a couple of times. After that conversation, Dark Reading had the same chat with other security professionals and found an unsurprising level of agreement that these are bad, bad things.
It’s important to note that not all of these bad interactions are the fault of users. While some undeniably do fall squarely at the feet of the individual behind the keyboard, some are the result of design or implementation decisions by enterprise IT; decisions that users have no real control over. In every case, though, regardless of who is responsible, there are steps enterprise security can take to reduce the impact of these bad interactions. Let’s take a look at the list of bad things, the good options for dealing with them, and how your security team can work to have more secure interactions — and fewer hits off the big pink bottle.
“Many employees will perform some risky behavior within organizations however it really comes to what the risk is exposing and what data it is meant to be protecting,” says Joseph Carson, chief security scientist at Thycotic. How is your organization dealing with these behaviors? And do you think we left some critical interactions off our list? Let us know in the comments — the conversation there should be a very good interaction, indeed.
(Image: Benzoix VIA Adobe Stock)
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio