facebook linkedin twitter

Computerware Blog

Avoiding Cybersecurity Placebos in Your Business

Avoiding Cybersecurity Placebos in Your Business

When it comes to your business, especially its technology, some of the buzzwords you hear floating around can be pretty convincing, almost intoxicating. Unfortunately, like most buzzwords, many of these are aggrandized beyond their worth to the average small-to-medium-sized business. Let’s take a look at how this can impact a business’ perception of its cybersecurity, as well as dig into the reality behind these terms.

To begin, let’s examine a phrase coined in the early 2000s by cybersecurity technologist Bruce Schneier: “security theater.”

What is “Security Theater?”

Security theater is a simple shorthand for any security efforts put in place that do little to better ensure one’s security, despite making one much more comfortable, generally for some considerable cost. The idea behind it is that security exists as both a reality based in math and science, and as a perception that is based in emotion.

In a 2007 blog article, Schneier cited a personal anecdote where a friend’s newborn was fitted with an RFID tag to help prevent infant abduction during their stay in the maternity ward. However, the rates of infant abduction were astoundingly low at that point. In his blog post, Schneier posits that these bracelets were a form of security theater, meant more to placate the parents when their bundle of joy was out of sight than it was to help prevent the rare case of infant abduction.

While security theater may have perceived benefits, Schneier says, the true concerns come with the costs that are associated with it.

Let’s return to his example of the tracking tags on newborns. With such a low rate of infant abduction, there was realistically little-to-no practical risk of someone’s child being abducted from the hospital. However, as the low-cost RFID bracelets allowed parents to breathe a little easier when their baby wasn’t in the room with them, hospitals found this investment to be worthwhile. Another example that Schneier gives is the introduction of tamper-resistant packaging on over-the-counter drugs in the 1980s. With poisonings getting some significant coverage by the press in this era, the idea that medications would be tampered with was relieved.

It didn’t matter that the statistical likelihood of a drug being altered was negligible, or even that the tamper-resistant packaging wasn’t all that effective anyways. The theater of the tamper-resistant packaging that companies would use helped align the perceived threat with the practical odds.

The Trade-Offs

However, there is a point at which security theater can become detrimental: when the investment (real or perceived) into your security is generating negative returns—or in other words, when your security measures are actually making you less secure. One glaring example from recent years is the 2013 hack into Target, where numerous security teams dropped the ball as numerous failsafe notifications and procedures were ignored. Let’s go into how you might be “overacting,” so to speak, when it comes to some of the security theater you have in your office.

Excessive Password Updates

Forcing your employees to update their passwords each month has long been established as a counterproductive security measure, as this will only encourage them to adopt other behaviors that will directly undermine your resiliency. Perhaps these passwords will become embarrassingly predictable, or your users will resort to writing them down somewhere to keep track of them all. Instead, use other methods of reinforcing your business security, such as multi-factor authentication (MFA) or single sign-on solutions, paired with a more moderate password policy.

That said, we’re not advocating never changing passwords, but the bad habits it causes are much worse than what mandatory password changes do for the greater good.

Alert Overload

A never-ending barrage of security notifications can have a few negative repercussions on your users. Naturally, their workflows will suffer from consistent interruptions, but there is also the fact that these notifications will eventually be tuned out. As a result, if a real issue does eventually present itself, it is more likely to be ignored. An MSP’s services can help to separate the wheat from the chaff, preventing your users from encountering interruption in most cases.

Lacking User Awareness

Think back for a second: when you last had a cybersecurity training session for your users, what was the general format? Was it primarily a lecture, or were your employees involved and engaged in the process? When was your last training initiative? Many companies figure that these seminar-style sessions serve their purpose, but the more effective means of instilling good cybersecurity training is through shorter, more frequent, and (most importantly) more interactive efforts.

Computerware has the tools and resources that can help you to better ensure your security efforts are contributing to your practical security. To find out more about the solutions that we can assist you with, reach out to our team by calling (703) 821-8200 today.

Don’t Get Tricked: Phishing Attacks Pretending to ...
Cybersecurity Training Must Be a Priority


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, July 10, 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cwit.com/

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Business Computing Privacy Internet Cloud Software Data Hackers Business Management Hardware Microsoft Network Security Workplace Tips Backup Hosted Solutions Managed Service Provider Productivity Business Productivity Email Malware IT Services Saving Money Efficiency Google Computer Small Business User Tips Innovation Collaboration VoIP IT Support Data Backup IT Support Smartphones Quick Tips communications Network Mobile Devices Business Continuity Microsoft Office Gadgets Data Recovery Social Media Android Disaster Recovery Cybersecurity Upgrade Mobile Office Server Communication Virtualization Phishing Smartphone Mobile Device Management Miscellaneous Holiday Ransomware Vendor Management Passwords Managed IT Services Apps Windows Tech Term Outsourced IT Windows 10 Operating System Unified Threat Management Facebook Users Mobile Device Remote Monitoring Internet of Things Automation BDR Remote Computing Data Management Apple Managed IT services Analytics Mobile Computing BYOD Windows 10 WiFi The Internet of Things Cloud Computing Marketing Artificial Intelligence Training History Firewall Browser Save Money App Business Technology Encryption Alert Help Desk Big data Spam Office 365 Information Technology Two-factor Authentication Office Health IT Consultant Bandwidth Managed IT Windows 7 Hard Drives Content Filtering Going Green Budget Maintenance Printer Gmail Bring Your Own Device Government Antivirus Cybercrime Access Control Cost Management Hiring/Firing Windows 8 Outlook Information Lithium-ion Battery Best Practice Saving Time Healthcare Computers VPN Tech Support Virus Managed Service Wireless Technology Recovery Employer-Employee Relationship Search Retail Hacking Money Document Management iPhone Data Security It Management Blockchain Data Loss IBM Humor Networking Customer Service Travel Augmented Reality Education Project Management Update Remote Work Computing Phone System Avoiding Downtime Voice over Internet Protocol Mobility Compliance Hacker Solid State Drive Data storage Proactive IT Flexibility Computer Repair Running Cable Patch Management Intranet Customer Relationship Management Twitter Legal Data Breach Wireless Vendor PowerPoint Regulations Applications Storage Website Risk Management Covid-19 Conferencing SaaS Administration File Sharing Hard Drive Current Events Save Time Value Password Downtime Law Enforcement Comparison Tablet Social Engineering Management Company Culture Fax Server Black Market Social Networking Vulnerabilities Cryptocurrency Meetings Laptop Private Cloud Excel User Virtual Desktop Scam Wi-Fi Business Growth Cooperation Telephony Social Machine Learning Telephone Systems DDoS Digital Paperless Office Sports Websites Net Neutrality Disaster Word End of Support Business Intelligence Hosted Solution Robot Digital Payment Software as a Service Google Maps Monitoring Cortana Router Securty Inbound Marketing Vulnerability Computer Accessories Virtual Reality Politics Automobile Emails Bitcoin Data Protection Trending Managed Services Provider Bluetooth Chromebook Smart Devices Processors Multi-factor Authentication USB Mouse Telephone Computing Infrastructure Hack Pain Points Lifestyle How To Presentation Downloads How To Google Docs Statistics Managed Services Memory Download Programming Employee/Employer Relationship Managed IT Service Specifications Safety Network Congestion Experience Redundancy Monitors Cleaning Office Tips Microchip Taxes Documents Teamwork Heating/Cooling Processor Distributed Denial of Service Gaming Console Entertainment Evernote Streaming Media Virtual Assistant YouTube Distribution Public Cloud Licensing Webcam Unified Communications Settings Text Messaging Start Menu Tech Terms Solutions Chrome Cost Identity Theft Mobile Technology Professional Services eWaste Uninterrupted Power Supply Co-managed IT IT service User Error Integration Entrepreneur online Currency Webinar Fileless Malware Hybrid Cloud Legislation switches Error Writing In Internet of Things Troubleshooting Spyware Mobile Payment IT Plan Holidays Enterprise Resource Planning Music Virtual Private Network Proxy Server Azure Accountants A.I. Upgrades FinTech HIPAA Leadership Electricity Printing Modem email scam Strategy Addiction Development Adminstration Environment Pirating Information Scalability Data Storage Competition LinkedIn Term LiFi Motion Sickness Electronic Payment Electronic Medical Records Transportation Directions Display Wireless Headphones Business Owner cache Television Recording Migration Optimization Connected Devices Messenger Tracking Procurement Archive Dark Web Free Resource Equifax Fleet Tracking Deep Learning IP Address WannaCry Skype SSID Network Management Work/Life Balance Rental Service Video Conferencing Device security MSP Cabling PCI DSS Application Corporate Profile Processing Visible Light Communication Web Server Communitications Human Resources Time Management Freedom of Information Best Practives Health IT Supply Chain Management Wasting Time Nanotechnology IT consulting Social Network Administrator Upselling Assessment SharePoint Point of Contact Logistics Desktop Virtual Machines Finance Books Workers Tip of the week Bookmark Startup Asset Tracking Google Calendar Microserver Business Cards Cyber security Service Level Agreement Supercomputer Internet Service Provider Video Surveillance Employer/Employee Relationships CIO Username Worker Regulations Compliance Digital Signature Saving ZTime VoIP Google Play Unified Threat Management Telephone Service Backup and Disaster Recovery Advertising Flash IT Assessment Touchscreen News Remote Working Knowledge Recycling Managing Costs Screen Reader Windows XP Customer Resource management Consultation Get More Done Analytic Microsoft 365 Staffing Gamification Google Wallet Reading Samsung Printer Server Browsers Smart Tech Displays G Suite Harddrive Technology Tips Product Reviews Turn Key Medical IT Piracy Trend Micro Upload Society Employer Employee Relationship Debate User Tip Proactive Maintenance HTML Micrsooft Financial Data Audit Security Cameras Fiber-Optic Threats Database Hacks Physical Security Electronic Health Records GPS PDF Fake News Trojan Read Tablets External Harddrive Best Available Keyboard Organize Navigation Virtual Machine Telephone System Banking Botnet Memes Data Warehousing Mobile Security Drones Relocation Emergency Device Management Hard Drive Disposal Data Analysis Employees Multi-Factor Security Sync Domains Access Software License eCommerce Trends Managing IT Services SQL Server Devices Telework Thin CLient Public Speaking Computer Care Business Managemenet GDPR Fraud Managing Risk Tactics Permissions Language Notifications CCTV Surveillance 3D Ebay Microsoft Excel Content Management Reliable Computing Remote Workers Smart Phones Shortcut Tech Hypervisor Business Metrics Computer Malfunction IT Google Drive Windows Server 2008 UTM Content 3D Printing Personal Information CrashOverride Financial Capital Managing Stress Printers Regulation Productuvuty