undefined | Better HN

0 pointsangiolillo1mo ago0 comments

Many years ago I watched someone marched out of the room in handcuffs by military police for plugging a USB thumb drive in the wrong computer.

My current situation isn't anywhere near that strict, and I agree that many security postures are dumb and overbearing, like unnecessarily frequent password rotation. But honestly, preventing employees from sharing company documents with random third parties doesn't seem all that unreasonable.

0 comments

vidarh1mo ago

I agree, but a lot of companies risk exactly that by creating policies that people are likely to have reasons to want to bypass.

E.g. Calendar sharing. It's a paintpoint if you often have irregular working hours and have to match up a personal and work calendar. At least allow sharing busy/not busy... By not doing so, you create an environment where people are tempted to find workarounds that might be much worse.

Part of your security posture needs to be to consider how to prevent friction in areas where reducing it removes incentives for non-compliance.

j / k navigate · click thread line to collapse

0 pointsangiolillo1mo ago0 comments

Many years ago I watched someone marched out of the room in handcuffs by military police for plugging a USB thumb drive in the wrong computer.

0 comments

vidarh1mo ago

I agree, but a lot of companies risk exactly that by creating policies that people are likely to have reasons to want to bypass.

Part of your security posture needs to be to consider how to prevent friction in areas where reducing it removes incentives for non-compliance.

j / k navigate · click thread line to collapse