Cybersecurity is such an everpresent concern that one would think every organization would be diligently patching every hole. The reality is much different.
I was recently accompanying a CISO at one of our country's critical infrastructure providers. In that short half-hour walk, I could not help but to point out all the simple things that we came across.
First, I walked into the facility and passed the guard at the front desk. I was not made to sign in; I simply got into the elevator with others who were badged employees.
While on the elevator, I overheard a young woman talking on her cell phone about the company's performance metrics. I exited the elevator and walked through the sliding glass doors as other badged employees were exiting.
I also noticed that there was the back door that was propped open by a box, and the door to the main telecommunications room had its door open as well.
Moving on, there were all the documents left on the multi-function printer/copiers. As we made it down the hallway on the executive floor, there was a hefty stack of documents sitting beside the shredder and no one was around.
Then there was the unsecured laptop sitting on the desk logged on in a cubicle just inside one of the open doors with no one around. Also on that desk was a USB thumbdrive with a conference logo on it.
All of these things are security risks. Perhaps it is time to take a step back away from the computer monitor, take a walk and look at the simple things!
