With Security, You Can’t Fix Stupid

With Security, You Can’t Fix Stupid
Facebook may have decided that you shouldn’t see the news, but we think you deserve to be in the know with Lifehacker Australia’s content. To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

IT security threats are complex and evolve rapidly, but that doesn’t mean we don’t know the basic processes involved in keeping technology secure. So why do so many businesses ignore them?

Security picture from Shutterstock

Gartner analyst Earl Perkins poses that question fairly bluntly in a recent blog post, noting that there’s little point in paying for outsourced security services or new tools if basic process discipline isn’t in place:

Unless you take these first, basic steps, we cannot help you. As one recent publication reported bluntly, “you can’t fix stupid”. While it is not my intention to insult some of our readers, I need for this core idea to take root — if you’re not willing to establish a basic cybersecurity foundation to counter the most common and predictable threats facing you, no expenditure on technology, process change, organisational change, or outsourcing will solve the more complex and challenging cybersecurity threats that are arising today.

Technology has an important role to play here, but well-defined processes — for everything from password policy to what happens when staff members leave the company — are equally vital. Hit the link for more of Perkins’ thoughts.

Getting Cybersecurity to Work isn’t Going to Work without Doing the Work [Gartner Blogs]