Security

A hard lesson from Microsoft: Your security is only as good as your employees

Recent news about Microsoft's security breach revealed that human error was to blame. Don't let this happen to you. We'll tell you how to protect your company from security tangles.


Microsoft recently revealed how a hacker managed to infiltrate its network fortress and stroll around for more than one week, accessing secret source code.

The problem? An employee forgot to create a password when configuring a server, according to a report from the Seattle Times.

"It's not the technology, folks; it's the people," remarked Bob Herbold, Microsoft executive vice president and chief operating officer. "When we trace them back, it's always human error."

Now there’s a quote to bolster your security policy.

Whether the security breach is caused through malice or carelessness, the results are the same: Your company is exposed.

We don’t mean to brag, but TechRepublic has preached about this for some time now. The moral is clear: The biggest security threat to companies and governments remains the people within the organization so make sure to proselytize security and take the proper precautions.

How? Here are three articles from TechRepublic to help you begin:
  1. "A new approach to the old problem of enterprise security" explains further why a culture of security is important and how you can determine whether employees are security-conscious.
  2. John O'Leary, the director of education for the Computer Security Institute and a Certified Information Systems Security Professional, shares his tips for creating security awareness throughout the organization in “Three basic steps to help you create a culture of security.”
  3. Litigation, legislation, and lawsuits: The reality of internal security breaches” describes seven practical steps you can take to protect yourself.
When a hacker attacks or an employee steals sensitive information, you’ve got more than a network problem: You have a potential pubic relations nightmare. Customers may be remiss to trust you, and stockholders may become skittish if it becomes public knowledge. Knowing this, would you still report the incident? Post your thoughts below.

Editor's Picks