SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Lax Security is Harmful for Employment

By Steve Jones,

Manure rolls downhill Since I live on a horse ranch with some slight hills, I can attest this to be true. At least, it's true for horses and it's true for short distances. Manure isn't very friction free and often ceases movement quickly. The same isn't likely true for bull droppings, but I haven't done much testing in that area.

Most of us would agree that those that are negligent in their jobs, especially with regard to security, ought to be punished. In some cases, this should lead to termination, though I think many of us technical people would prefer that management who doesn't budget resources for security be the ones punished. 

I mentioned manure rolls downhill, and this article on the after effects of data breaches bears that out. Not only were there record numbers of issues last year, but the typical cost is nearly $4million. That's likely some very expensive breaches and lots of relatively inexpensive ones, but even the low cost ones probably feel expensive to small companies that experience them. In the lists of breaches I've seen, lots of smaller firms (retail, law, etc.) are included, and tens of thousands of dollars might be expensive for them.

One thing that article points out, there are an increasing number of C-level executives being terminated after breaches. I'd like to think that's good, but I'm somewhat pessimistic that the next hire will find ways to improve security. There are lots of impediments to fundamental change in more organizations, so I suspect this trend leads more to short term employment for CIOs and others, and likely higher demands for salaries because of the risk of security issues inside the company. The further puts pressure on budgets, which is another impediment to better security.

Note that it's not just IT execs, but non-IT staff as well. Maybe I'll be wrong and this will make a difference. Of course, IT staff are let go as well, often blamed for issues. There will always be some security issues, but I urge those of you with privileged accounts and access to sensitive data to be careful with your credentials and work to improve security when you see issues. Get written documentation when someone doesn't allow security changes, in addition to noting your requests. This might not stop a data breach, but perhaps it will give you a better chance of not being blamed for security incidents.

Total article views: 57 | Views in the last 30 days: 1
Related Articles

Data Breaches

Security is hard, but are we doing a good job? Steve Jones shares a few thoughts on our security dev...


Is There Interest in SQL Server Security Pre-Cons?

I’m very passionate about security, especially database security. As the numbers with regards to dat...


More On The Target Breach

Over the past week there has been information finally coming out about how the Target breach occurre...


Data Breach Danger

Is a data breach a danger to those identified in the data. A court says no, but Steve Jones wonders ...


Spend More on Security

With a data breach at Marriot, there is a call from one person for companies to spend more on securi...