Users Must Take Stronger Role in Information Security

seekermeister · 16 Jul 2010

Seems to me the article only states what has been obvious for a long time, without any real solutions. IE8 is more secure than older versions, but there is a browser more secure than that, but of course that isn't mentioned.

Tepid · 16 Jul 2010

Doesn't really matter.

The user is ALWAYS more responsible for their personal data than any other entity.
If you post your life on all the blog sites and social network sites, that is your fault, and only yours.

as for the security of any application, that does fall pretty heavily on the developers, but still quite a bit on the user to determine if what they are using, is what they should be using. They need to do the research themselves and keep up with updates.

But alas, no, users want to be secure and expect utopia in all they do of their everyday lives.
Yet want to take no responsibility for it themselves.

fseal · 16 Jul 2010

Hahaha yeah,

My first two thoughts on thatsubject are "No Duh" (what astonishing conclusions they al lcame too!

) followed closely on with "Good luck with that".

I try to teach people the /simplest/ security issues like how to simply secure FF and IE and they CAN'T STAND that that means they need to do extra work to "allow" trusted sites more acess than random ones. Even if that is nothing more than a couple of button clicks.

Whitness the almost constant barrage of people out for blood because of W7's UAC and how many disable it because clicking through is "such a hassle".

We should be on a world wide fully encrypted mail system by now, hell 10 years ago. But when will that happen? Pretty much never as it will require people to securly exchange keys and that is completely beyond the pale.

Depressingly it's pretty much hopeless. The only things that are in any way sure to work are things that happen completely silently and automaticaly and in some cases (like mail) the changes are SO drastic and far reaching that it seems like an amost completely impossible task.

JonM33 · 16 Jul 2010

Good luck on that. Last company I worked for it was notorious for people responding to phishing attempts. They would send their username and passwords out and next thing IT knew our Exchange server was bogged down with spam going outbound.

I personally feel that the employees that did that should have been fired. That is the worst security violation you can have.

Layback Bear · 17 Jul 2010

Here is my thought and no it's not cruel. If a employee doesn't need to go to the net or email shut it down for that employee. I.M. should also be shut down. No personal anything plugged into the companies system, (thumb drives, cd's ect.) Those ports should be locked.

Tepid · 17 Jul 2010

Once upon a time, I used to talk to this systems security guy and tell him that I wanted to login to some of these users PC and place a background on their desktop stating you have been hacked, set a stronger password next time or your fired. ahahaha,, I still want to do that really bad.

JonM33 · 17 Jul 2010

Layback Bear said:

Here is my thought and no it's not cruel. If a employee doesn't need to go to the net or email shut it down for that employee. I.M. should also be shut down. No personal anything plugged into the companies system, (thumb drives, cd's ect.) Those ports should be locked.

I agree. I worked for a company that did that once. The only internet access they had was to company related sites (UPS, Wachovia Bank, etc). They couldn't get anywhere else. Their director had to approve almost full internet access with a valid business reason. I say "almost" because even then they were restricted from porn, gambling, P2P, etc.