Information Security and Ignorant Management?

jmahler asks: "Suppose you work for a fairly decent-sized (but independent) CPA firm in the IT department. Suppose further that you have repeatedly warned the partners of the dangers of having unsecured laptops in the field, and have requested to replace the very thin, and rapidly aging line of defense (and functionality) currently protecting your network from all of the mean and nasty folks on the Internet. Let's continue, then, to suppose that the partners have all agreed to ignore every recommendation put forward regardless of cost or benefit. Is there a good way, beyond memos and emails, to inform the partnership that the water in which they tread could quickly become dangerous? What about absolving ourselves of responsibility for data theft and loss from a laptop 'disappearance' in the field?"

If you're worried, resign.

[Ph33r+th3+g(O)at]

Ideally, with another job already lined up. Or obtain a good errors and omissions policy, because you can bet you'll be sued if they get pwned.

Re:If you're worried, resign.

[Desolator144]

historically, people tend to get really mad and do something when their own work computer breaks or gets hacked so I second that idea. Remember what happened when advertisers got infected with adware displaying their own ads a couple years ago and it kept crashing their computers and they couldn't remove it? Well it's sort of like that I suppose. They know they're doing something they shouldn't (or not doing something they should) but they need a little personal nudge to actually take action.