Slashdot Mirror

← Back to Stories (view on slashdot.org)

Senior Managers Are the Worst Information Security Offenders

Posted by Unknown on from the security-is-for-little-people dept.

An anonymous reader writes "As companies look for solutions to protect the integrity of their networks, data centers, and computer systems, an unexpected threat is lurking under the surface — senior management. According to a new survey, 87% of senior managers frequently or occasionally send work materials to a personal email or cloud account to work remotely, putting that information at a much higher risk of being breached. 58% of senior management reported having accidentally sent the wrong person sensitive information (PDF), compared to just 25% of workers overall."

16 of 181 comments (clear)

  1. Seen it on the job: by Hartree · · Score: 5, Informative

    This is supposed to be some great revelation?

    They're also the ones who can get security policy overridden so that something can be easy for them. Regardless of the problems.

    1. Re:Seen it on the job: by Ben4jammin · · Score: 5, Insightful

      It will be a revelation to senior management.

      They will in fact need reports such as this to recognize the reality that all us IT workers have known for years. See, the fact that you don't understand that is why you are likely not in senior management :)

    2. Re:Seen it on the job: by Penguinisto · · Score: 5, Insightful

      Sad, but true.

      I remember a CEO of a moderate-sized corp (!?) who didn't see the need for locking down his Blackberry.... until he lost it one night while out on the town. Took me all of five minutes to crawl out of bed and wipe/lock the device remotely via BES, but the funny part was that it took that incident (and a gentle explanation of why I wiped his device - he originally wanted me to "locate" it for him) before he figured out that security was more than just a buzzword that got in his way.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    3. Re:Seen it on the job: by Grey+Geezer · · Score: 4, Funny

      Yes, It's not just electronic communication either. A senior manager where my wife once worked wrote the code for the entry door keypad...on the keypad, because memorizing it (or writing it down on a piece of paper he would have to dig out of his pocket) was too much trouble. True story. (I'm sure you all have stories as bad or worse than this one.)

      --
      The USA is only 4X older than me...perspective
    4. Re:Seen it on the job: by MickyTheIdiot · · Score: 4, Insightful

      So the moral of the story is we should all get together and set up a Gartner-like "consulting" firm where we make C*O's pay million dollar consulting fees and (unlike Gartner) they get the common-sense information they can get from any security text book since the C*Os will only listen to advice that they pay a bazillion dollars for. They are mentally incapable of listening to the smart IT guy in their department that they pay $40k a year.

    5. Re:Seen it on the job: by Penguinisto · · Score: 4, Funny

      It means I don't particularly worry if anyone does or not. ;)

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    6. Re:Seen it on the job: by cusco · · Score: 5, Insightful

      I work in physical security. Executives are bad, but the absolute worst are doctors. There is a local hospital where the keypad code (1234) for the 'Doctors Entrance' hasn't changed in 23 years, because the doctors refuse to remember their own 4-digit code. Every attempt to change it has resulted in surgeons immediately marching into the executive offices and threatening to quit (really). Even an irate and armed ex-husband entering the hospital through that door didn't convince them. Getting them to use a key card is almost impossible unless they can have one card to leave in the Mercedes, another for the Porsche, and another in their desk that they can retrieve by tailgating into the building. /rant

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    7. Re:Seen it on the job: by Ben4jammin · · Score: 4, Interesting

      I once had to remove all the copy codes on all the copiers in the building because apparently the CFO was incapable of memorizing a 5 digit number...I wish I were making this up.

    8. Re:Seen it on the job: by CthulhuDreamer · · Score: 4, Funny

      The CEO of a company I used to work for claimed the VPN was inconvenient, so he would basically sync our entire file server to his laptop every day - marketing, finance, development projects, the works. His laptops were also constantly being misplaced or stolen, so who know how many copies of everything we had are floating around out there. Every business trip was a major security breach in the making.

    9. Re: Seen it on the job: by Bengie · · Score: 5, Insightful

      The value of money is relative to the cost of living. Keep your $100k/year job with $300k house and 3 hours commute. I'll stick with my lower paying job in a smaller town with a $100k house that is much larger than yours and 5 minute commute.

    10. Re:Seen it on the job: by whoever57 · · Score: 4, Interesting

      It will be a revelation to senior management.

      No, it won't. Senior managers are very often less intelligent than the people they oversee. What senior managers possess is greater (but misplaced) confidence in their own abilities and/or some level of sociopathy. These conditions lead to willful bindness of their own failings.

      --
      The real "Libtards" are the Libertarians!
    11. Re: Seen it on the job: by the+grace+of+R'hllor · · Score: 5, Funny

      Move to Detroit. I've seen free-standing houses for less than $5000 on some real estate sites. Plus it's in a colorful, lively neighborhood.

  2. Shocking... by fuzzyfuzzyfungus · · Score: 4, Insightful

    Who would have thought that immunity from consequences would lead to carelessness?

  3. Re:Sampling bias by Trepidity · · Score: 4, Insightful

    Trying to get them to follow any kind of IT policy is nearly futile as well. Many recognize the need for an IT policy in the abstract, and will be happy to sign off on something that the average worker has to follow, but they see themselves as a special case that needs more freedom to operate as they see fit.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  4. Epic facepalm moments by Solandri · · Score: 4, Interesting

    A former boss of mine had a bad habit of hitting Reply instead of Compose when writing new emails. I noticed I'd get emails from her which were totally unrelated to the mail she'd hit Reply on. I warned her several times that that could be dangerous since hitting reply automatically includes the previous email(s) as a quote.

    Then one day it happened. She decided to send out a mass email to all staff, and composed it by hitting Reply on one of my emails. I got into work, checked my email, and did the biggest head-desk of my life. She had replied to one of my emails where we'd been discussing employee bonuses and pay raises, including extensive deliberation over what we were going to tell certain employees in their annual performance review. That lengthy discussion was quoted and got sent to the entire staff. Fortunately the damage wasn't as severe as it could have been - the four employees we'd discussed in the email thread were all good employees so most of our comments had been positive.

    On the up side, it broke her habit. She never composed a new email by hitting Reply again.

  5. Re:anybody on a Helldesk can testify to this by cusco · · Score: 4, Informative

    Having to unblock AOL so that the marketing exec could send/receive company documents to his personal email account was annoying. The subsequent flood of spam was the only thing that let my boss get away with blocking AOL again. The marketing exec was surprised at our reaction, he just thought that was the way email systems were supposed to be.

    This was the same idiot who needed his laptop reinstalled three times in four months when he installed the latest version of AOL's client software the same day it was released.

    --
    "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin