Egregious Security Practices in the Workplace

You are currently viewing a placeholder content from Youtube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

Unblock Video here! Accept required service and unblock content

In this episode of the Security Swarm Podcast, host Andy and his regular guest, Eric, talk about the worst workplace security practices they’ve seen. From weak password policies to unsecured devices and poor data management, they share real-life stories and insights that will make you cringe – and hopefully inspire you to tighten up your organization’s security posture.

They also discuss the importance of employee security training, the challenges of software patching, and the dangers of “security by personality” – when people make decisions based on gut feelings rather than data. It’s a candid, sometimes humorous look at the security nightmares that keep IT pros up at night.

Whether you’re an infosec professional or just someone who wants to keep your company’s data safe, this episode is packed with valuable lessons. Grab a pen and paper – you’ll want to take notes on what not to do when it comes to workplace cybersecurity.

Key Takeaways:

• Weak password policies can lead to poor password hygiene, like using predictable patterns or writing down passwords. However, the risk profile should be considered – what may be a security risk for one organization may not be for another.
• Effective employee security training is crucial, but it needs to be the right amount – too little leaves employees vulnerable, while too much can lead to disengagement. Training should cover both technical security concepts and social engineering awareness.
• Unsecured devices, especially mobile ones, can create significant security risks through shadow IT and data exposure. Proper device management policies and user education are needed to mitigate these threats.
• While ignoring software updates is a common security pitfall, the underlying issue is often that patching infrastructure and processes are not well-developed. Vendors need to improve the tools and experience around keeping systems up-to-date.

Timestamps:

(00:00) Welcome to the Security Swarm Podcast

(03:19) Exploring Weak Password Policies

(11:26) The Importance of Employee Security Training

(19:16) Unsecured Devices: A Dangerous Vulnerability

(27:34) Mismanaging Data: Risky Business

(37:40) The Perils of Ignoring Software Updates

(45:30) Security Decisions Driven by Personality, Not Data

Episode Resources:

Password Verifiers

Security Risks of Always on Remote Access

GM shared our driving data with insurers without consent, lawsuit claims