minware reposted this
90% “Russian roulette” security controls are dangerous. By fostering compalacency, they can backfire and make you less secure. Should you use antivirus software? Yes, but… not if you start downloading shady attachments. Should you use a VPN? Yes, but… not if you start sharing passwords or skipping 2FA on VPN-only services. Should you use an intrusion detection system? Yes, but… not if you stop patching as frequentlly. Should you do annual security training? Yes, but… not if you stop using least privilege access control and 2FA. The danger of 90% controls should be part of every security training, and people should be taught to behave as if they don’t exist.
If people followed good computing practices then who would we hack?
So true! Great points
Software Engineer | Tinker
1moSharing credentials during onboarding is so scary when a company lacks simple and secure ways to get sensitive information to their new employees and existing teammates. Setting up an internal instance of something along the lines of PrivateBin would have made things feel a lot safer during these crucial transfers in many small use cases. Very interesting to think about where major cracks might exist in otherwise exemplary looking systems that include many but not totally complementary elements.