Mich,
Good point at the start about passwords being a bad solution as the gate to electronic treasures. But definitely a security wonk's POV on the need to spend on security related items/activities within a business.
Here's why.
For all my years in advising clients about how to do things, I found that many listened and were happier down the road for following the direction proposed. That was, unfortunately, a subset of all the clients. Here is the "business (dis)logic" that seems to happen with most business people:
- I see there is a risk
- There are lots of risks in business
- I have more pressing needs for the available money right now
- I'll consider this later on
- Besides, security breaches happen to other people, not us.
These executives seem to consistently make decisions that are short-sighted (some would say reactive) and worry about other things (the door not being locked) tomorrow. Their thinking: why spend money on something that, while real, has a low probability of happening? Their goal is to stay around for a couple of years, pad their bonuses, then go on to their next venture, leaving any problems such as these for the next sucker, er, executive.
In a perverted sort of way, this does make sense. If you'll allow me to play "executive" for a moment, here's the response I would give you:
"Mich, you make some good points. We'll consider this proposal for next year's capital budget. In the meantime, I'll just send out an Email, reminding everyone of the importance of locking the door. That will solve the issue, for the most part, for now. If it continues, we'll dock the pay of whoever forgot to lock things on the way out. That's a cost effective solution [i.e., $0] and we [the company] can save money if these clowns we have as employees can't remember to lock the door."
THAT has been my reality over the decades. And while I agree with your assessment and suggested remedial action, it'll likely get little attention from the company's executives. Only when lack of action directly affects their pocketbook will these executives take action.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Make sure the basic lock design is tamper-proof
A $100 lock may not be the answer as we recently learned in our facilities. Because of ADA guidelines, most doors these days have lever style handles. One quick swing of a sledgehammer or other heavy object can break the lock mechanism and render the door unlocked. Regardless of the use of an electronic access system, you need to make sure you buy a more secure lock that will remain locked if this is done - as we learned when all of our IT equipment was recently stolen in one of our buildings. The landlord had initially refused to pay for the more expensive $500 locks. This was in addition to the key fob access system that we already had to make sure the doors remained locked but served as no protection from an actual break-in.
access to spaces
I would be interested in hearing how to secure a large area (office or storage) which has multiple locked areas within the larger controlled space. For example, a laboratory with experimental information/equipment in each of these smaller areas. In such an environment the 2000/lock x n becomes substantial. Further if there is a policy on changing passwords or keys periodically the multiplicity of accessing individuals makes it difficult to get everyone to update / change. are there any lock systems that you have uncovered that are connected to a network or electronioc bius tructure so that change is concurrent (or nearl so)?
Post new comment