ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to Lose Customers with Excessive Security

    Scheduled Pinned Locked Moved News
    securityinfoworld
    26 Posts 5 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @thanksajdotcom
      last edited by

      @thanksaj said:

      Whenever I use incognito mode, or clear my cookies, I have to reverify with Chase. If those cookies aren't present, that's why.

      I've honestly never used incognito.

      1 Reply Last reply Reply Quote 0
      • thanksajdotcomT
        thanksajdotcom @scottalanmiller
        last edited by

        @scottalanmiller said:

        @thanksaj said:

        @scottalanmiller said:

        @Hubtech said:

        our family account, which i rarely log into, has SFA, and it NEVER works. terrible.

        My bank makes me "verify my computer" every time even though it's been verified and saved as my machine a hundred times. It's useless.

        Do you clear your cookies?

        Nope, never.

        And you don't have anything like CCleaner or something being run?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @thanksajdotcom
          last edited by

          @thanksaj said:

          And you don't have anything like CCleaner or something being run?

          Very rarely, nothing scheduled.

          thanksajdotcomT 1 Reply Last reply Reply Quote 0
          • thanksajdotcomT
            thanksajdotcom @scottalanmiller
            last edited by

            @scottalanmiller said:

            @thanksaj said:

            So you're telling me if I block Dropbox and my user copies a file that's sensitive to a flash drive because they want to work on it from a non-secured home PC to a flash drive it's my fault because I've locked down security policy too much? BULL!!! This statement is so blatantly wrong and lacks any kind of understanding about good security policy within an organization it's embarrassing!

            If you block secure options, don't block insecure options and fail to provide good, secure options then yes, totally your fault for causing people to work around security to do their jobs. No different than onerous password policies. It's the ones making the policies triggering bad behaviour in many cases.

            Exactly. IF someone should have the ability to work from home, and their work computer is a desktop, they need to be provided a company laptop with a VPN connection, and need to be saving their work to a central location, like a NAS or a file server. Blocking cloud storage is often the smart course of action. But if you fail to provide a means for users who SHOULD BE ALLOWED to work from home to work from home, then I agree that users will use a flash drive and that's a huge risk. However, if users want to use a flash drive because they want to work from their personal PC and bypass existing policies, that's an HR issue, not an IT one.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • thanksajdotcomT
              thanksajdotcom @scottalanmiller
              last edited by

              @scottalanmiller said:

              @thanksaj said:

              And you don't have anything like CCleaner or something being run?

              Very rarely, nothing scheduled.

              Maybe your bank keeps changing the cookie for whatever reason so that it doesn't pick up on the previous one...I know your primary bank is a fairly small institution so anything's possible...

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @thanksajdotcom
                last edited by

                @thanksaj you can block USB just as easy as blocking cloud storage. Start by blocking USB, not cloud.

                thanksajdotcomT 1 Reply Last reply Reply Quote 0
                • thanksajdotcomT
                  thanksajdotcom @scottalanmiller
                  last edited by

                  @scottalanmiller said:

                  @thanksaj you can block USB just as easy as blocking cloud storage. Start by blocking USB, not cloud.

                  Yeah, but if someone has a legitimate need for USB devices at times, then that can be bad. Granted, that's a niche situation, especially in the age of digital delivery and sneakernet is not as prevalent anymore (thought still used some), it shouldn't be as common.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @thanksajdotcom
                    last edited by

                    @thanksaj said:

                    @scottalanmiller said:

                    @thanksaj you can block USB just as easy as blocking cloud storage. Start by blocking USB, not cloud.

                    Yeah, but if someone has a legitimate need for USB devices at times, then that can be bad. Granted, that's a niche situation, especially in the age of digital delivery and sneakernet is not as prevalent anymore (thought still used some), it shouldn't be as common.

                    Block USB storage, not USB completely.

                    http://support.microsoft.com/kb/823732

                    thanksajdotcomT 1 Reply Last reply Reply Quote 0
                    • thanksajdotcomT
                      thanksajdotcom @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @thanksaj said:

                      @scottalanmiller said:

                      @thanksaj you can block USB just as easy as blocking cloud storage. Start by blocking USB, not cloud.

                      Yeah, but if someone has a legitimate need for USB devices at times, then that can be bad. Granted, that's a niche situation, especially in the age of digital delivery and sneakernet is not as prevalent anymore (thought still used some), it shouldn't be as common.

                      Block USB storage, not USB completely.

                      http://support.microsoft.com/kb/823732

                      Like I said, there are times that there might be a legitimate need for someone to access a USB storage device. Telling people that copying work files to a USB drive to work from a non-work computer or any other desired policies is an HR issue, not an IT one.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @thanksajdotcom
                        last edited by

                        @thanksaj said:

                        Like I said, there are times that there might be a legitimate need for someone to access a USB storage device. Telling people that copying work files to a USB drive to work from a non-work computer or any other desired policies is an HR issue, not an IT one.

                        So you think it is okay to blanket block cloud storage but not USB? That makes no sense. There is far more likely to be a legitimate need to access cloud storage than USB storage. And it is far less risky to do cloud than USB. Few things are as risky as USB.

                        Why would you give one the benefit of the doubt and not the other? Why do you feel one is an IT issue and the other an HR issue? Both are equally HR concerns tied to IT capabilities to block.

                        However, one is modern and sensible to use much of the time. The other is not. One can have corporate controls on it, the other reasonably cannot.

                        thanksajdotcomT 1 Reply Last reply Reply Quote 0
                        • thanksajdotcomT
                          thanksajdotcom @scottalanmiller
                          last edited by thanksajdotcom

                          @scottalanmiller said:

                          @thanksaj said:

                          Like I said, there are times that there might be a legitimate need for someone to access a USB storage device. Telling people that copying work files to a USB drive to work from a non-work computer or any other desired policies is an HR issue, not an IT one.

                          So you think it is okay to blanket block cloud storage but not USB? That makes no sense. There is far more likely to be a legitimate need to access cloud storage than USB storage. And it is far less risky to do cloud than USB. Few things are as risky as USB.

                          Why would you give one the benefit of the doubt and not the other? Why do you feel one is an IT issue and the other an HR issue? Both are equally HR concerns tied to IT capabilities to block.

                          However, one is modern and sensible to use much of the time. The other is not. One can have corporate controls on it, the other reasonably cannot.

                          USB still has its uses, although the age of flash drives and sneakernet is nearing its final end.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @thanksajdotcom
                            last edited by

                            @thanksaj said:

                            USB still has its uses, although the age of flash drives and sneakernet is nearing its final end.

                            "Still has its uses" is a handy excuse. But this isn't about if something "has a use", it's that you are out of hand accepting blocking anything modern without considering that it has its uses while not accepting blocking of a less useful, more risky, legacy storage mode whose use is likely less than 1% that of cloud storage.

                            Regardless of it either has any use, your acceptance of the one and willingness to block the other don't match. Why is the one that makes less sense okay and the one that makes more sense not okay?

                            thanksajdotcomT 1 Reply Last reply Reply Quote 0
                            • thanksajdotcomT
                              thanksajdotcom @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @thanksaj said:

                              USB still has its uses, although the age of flash drives and sneakernet is nearing its final end.

                              "Still has its uses" is a handy excuse. But this isn't about if something "has a use", it's that you are out of hand accepting blocking anything modern without considering that it has its uses while not accepting blocking of a less useful, more risky, legacy storage mode whose use is likely less than 1% that of cloud storage.

                              Regardless of it either has any use, your acceptance of the one and willingness to block the other don't match. Why is the one that makes less sense okay and the one that makes more sense not okay?

                              The fact is that the answer of totally blocking both is likely not the best answer. Some things are still given to people via USB because of the size of the file(s). If you have a 64GB flash drive, and have 50GB of data, it's a lot quicker to give it to someone via a flash drive than via a download from any cloud storage provider.

                              Having an HR policy that makes sense for your organization and then having IT put the necessary blocks in effect to assist in enforcing it is the best policy. It's not that there is any one master right or wrong answer. It would vary company to company.

                              scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @thanksajdotcom
                                last edited by

                                @thanksaj said:

                                The fact is that the answer of totally blocking both is likely not the best answer.

                                I don't understand. If you are okay blocking the useful one of the two, why would it ever be allowed to not block the less useful and more risky? This just doesn't make sense. If you are willing to block cloud storage you should be blocking USB by default, no question. Blocking only one doesn't make any general sense. Blocking both or neither, does.

                                thanksajdotcomT 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @thanksajdotcom
                                  last edited by

                                  @thanksaj said:

                                  Some things are still given to people via USB because of the size of the file(s). If you have a 64GB flash drive, and have 50GB of data, it's a lot quicker to give it to someone via a flash drive than via a download from any cloud storage provider.

                                  Because you are working as an IT professional in a business that doesn't have a network? What kind of scenario are you picturing here?

                                  1 Reply Last reply Reply Quote 0
                                  • thanksajdotcomT
                                    thanksajdotcom @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    @thanksaj said:

                                    The fact is that the answer of totally blocking both is likely not the best answer.

                                    I don't understand. If you are okay blocking the useful one of the two, why would it ever be allowed to not block the less useful and more risky? This just doesn't make sense. If you are willing to block cloud storage you should be blocking USB by default, no question. Blocking only one doesn't make any general sense. Blocking both or neither, does.

                                    Scott, just drop it. This discussion has run its course.

                                    1 Reply Last reply Reply Quote -1
                                    • 1
                                    • 2
                                    • 2 / 2
                                    • First post
                                      Last post