Security Breach? Not My Fault! (Say IT Managers)

"It's the employees' fault that we have security problems!" said a lot of IT managers in a research by Websense, concerning small and midsize companies. Yeah, it's their fault, I'm sure all of them have as much knowledge as IT managers do, and they do risky stuff on purpose!(not!). If there's a data breach in a company, it's the IT department's fault, firstly for not giving proper training to normal non-tech-savvy employees, secondly, for not deploying proper security measures.

Just think about it, all you need to know about security (as a normal employee) can be explained briefly. You don't need to know how a firewall filters traffic and how it tells between port 8080 and port 28. All you need to know is the basic stuff, like not clicking on dubious links, not allowing certain addresses to connect to your PC and stuff like that. I've seen some firms that simply have a protocol displayed on a large piece of paper on a wall. That is just stupid-proof! There were about 15-20 simple instructions that every employee had to follow. How's that for increasing corporate cyber-security?

The same survey highlighted the fact the workers often browse sites that are not related to their work and sites that present high security risks, as c|net News informs us. Hello? Anyone home? Employees are supposed to work not browse Facebook or Hollywoodtuna or who knows what, I think that IT managers should keep a whitelist of sites that can be accessed and ban any access to sites not on the list. Also, some employees download certain software from peer-to-peer sites - those might be dangerous!

Every company should have a list of programs of its own installed on every computer by default in order for normal employees not to do it by themselves. Let's not forget that some people only use the PC to send e-mails and do tables, they're not tech-savvy, and that's when the IT department comes into place. Users should not be allowed to install anything by themselves in my opinion, not even the simplest "next-next-next-protocol" programs. You don't know how one guy can screw things up by installing some vulnerable software. As I've said before, people are still not paying enough attention to the threats on the Internet!