You are here: Home Blog ClearView IT Avoiding Cybersecurity Placebos in Your Business

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Avoiding Cybersecurity Placebos in Your Business

ClearView IT Blog Security
0 Comments
Avoiding Cybersecurity Placebos in Your Business

When it comes to your business, especially its technology, some of the buzzwords you hear floating around can be pretty convincing, almost intoxicating. Unfortunately, like most buzzwords, many of these are aggrandized beyond their worth to the average small-to-medium-sized business. Let’s take a look at how this can impact a business’ perception of its cybersecurity, as well as dig into the reality behind these terms.

To begin, let’s examine a phrase coined in the early 2000s by cybersecurity technologist Bruce Schneier: “security theater.”

What is “Security Theater?”

Security theater is a simple shorthand for any security efforts put in place that do little to better ensure one’s security, despite making one much more comfortable, generally for some considerable cost. The idea behind it is that security exists as both a reality based in math and science, and as a perception that is based in emotion.

In a 2007 blog article, Schneier cited a personal anecdote where a friend’s newborn was fitted with an RFID tag to help prevent infant abduction during their stay in the maternity ward. However, the rates of infant abduction were astoundingly low at that point. In his blog post, Schneier posits that these bracelets were a form of security theater, meant more to placate the parents when their bundle of joy was out of sight than it was to help prevent the rare case of infant abduction.

While security theater may have perceived benefits, Schneier says, the true concerns come with the costs that are associated with it.

Let’s return to his example of the tracking tags on newborns. With such a low rate of infant abduction, there was realistically little-to-no practical risk of someone’s child being abducted from the hospital. However, as the low-cost RFID bracelets allowed parents to breathe a little easier when their baby wasn’t in the room with them, hospitals found this investment to be worthwhile. Another example that Schneier gives is the introduction of tamper-resistant packaging on over-the-counter drugs in the 1980s. With poisonings getting some significant coverage by the press in this era, the idea that medications would be tampered with was relieved.

It didn’t matter that the statistical likelihood of a drug being altered was negligible, or even that the tamper-resistant packaging wasn’t all that effective anyways. The theater of the tamper-resistant packaging that companies would use helped align the perceived threat with the practical odds.

The Trade-Offs

However, there is a point at which security theater can become detrimental: when the investment (real or perceived) into your security is generating negative returns—or in other words, when your security measures are actually making you less secure. One glaring example from recent years is the 2013 hack into Target, where numerous security teams dropped the ball as numerous failsafe notifications and procedures were ignored. Let’s go into how you might be “overacting,” so to speak, when it comes to some of the security theater you have in your office.

Excessive Password Updates

Forcing your employees to update their passwords each month has long been established as a counterproductive security measure, as this will only encourage them to adopt other behaviors that will directly undermine your resiliency. Perhaps these passwords will become embarrassingly predictable, or your users will resort to writing them down somewhere to keep track of them all. Instead, use other methods of reinforcing your business security, such as multi-factor authentication (MFA) or single sign-on solutions, paired with a more moderate password policy.

That said, we’re not advocating never changing passwords, but the bad habits it causes are much worse than what mandatory password changes do for the greater good.

Alert Overload

A never-ending barrage of security notifications can have a few negative repercussions on your users. Naturally, their workflows will suffer from consistent interruptions, but there is also the fact that these notifications will eventually be tuned out. As a result, if a real issue does eventually present itself, it is more likely to be ignored. An MSP’s services can help to separate the wheat from the chaff, preventing your users from encountering interruption in most cases.

Lacking User Awareness

Think back for a second: when you last had a cybersecurity training session for your users, what was the general format? Was it primarily a lecture, or were your employees involved and engaged in the process? When was your last training initiative? Many companies figure that these seminar-style sessions serve their purpose, but the more effective means of instilling good cybersecurity training is through shorter, more frequent, and (most importantly) more interactive efforts.

ClearView IT has the tools and resources that can help you to better ensure your security efforts are contributing to your practical security. To find out more about the solutions that we can assist you with, reach out to our team by calling 866-326-7214 today.

Tweet
Tags:
Security Business Computing Cybersecurity
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 06 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Network Security Privacy Data Cloud Business User Tips IT Support Internet Hardware Innovation Malware Email Hosted Solutions Efficiency Workplace Tips Computer Microsoft Google Collaboration Android Phishing Business Management Cybersecurity IT Services Backup Data Backup Ransomware communications Smartphone Small Business Microsoft Office Upgrade Smartphones Network Mobile Devices Communication Managed IT Services Data Recovery Productivity Quick Tips VoIP Users Social Media Mobile Device Tech Term Automation Windows 10 Facebook Business Continuity Covid-19 Disaster Recovery Passwords Holiday Browser Windows 10 Apps Managed Service IT Support Miscellaneous Cloud Computing Outsourced IT Managed Service Provider Data Management Remote Work Internet of Things Saving Money Operating System Government Networking Windows Gadgets Workplace Strategy Artificial Intelligence Managed IT services Server App Blockchain Virtualization Spam Mobile Device Management Information Remote Business Technology Bandwidth Encryption WiFi Gmail Budget Office Two-factor Authentication Office 365 History Apple Employee/Employer Relationship Information Technology Access Control Big Data Wi-Fi Data Security Conferencing BDR Health Analytics Cybercrime Voice over Internet Protocol Save Money Help Desk Patch Management Hacking Remote Monitoring Employer-Employee Relationship Hacker Cost Management IT Management Vendor Training Remote Computing Compliance Document Management IBM Website Mobile Office Managed Services Data loss BYOD Search... Best Practice Computing Project Management Vendor Management Hard Drive Retail Money Alert Customer Service Unified Threat Management Firewall Hiring/Firing Applications Legal Outlook Augmented Reality Password Vulnerabilities Word Data storage Healthcare Update Remote Workers Travel Virtual Reality Router Social Engineering Windows 7 Cryptocurrency Free Resource Black Market Mobile Computing The Internet of Things YouTube Cleaning Paperless Office Marketing Robot Antivirus How To Running Cable Maintenance Laptop Storage Websites Meetings Twitter Mobility Data Breach Sports Social SaaS DDoS Law Enforcement User End of Support Google Maps Scam Printer iPhone Education Cortana Windows 11 Monitoring Chrome VPN Content Filtering Tech Terms Google Docs Bluetooth Managed IT Saving Time Distributed Denial of Service PowerPoint Processors Digital Administration Managed Services Provider Office Tips Private Cloud Computers Memory Bitcoin Taxes Virtual Private Network Presentation Telephone Specifications IT Consultant Current Events Politics Machine Learning Settings Customer Relationship Management Excel Solutions Physical Security Wireless Technology Co-Managed IT eWaste Entertainment Solid State Drive Integration Images 101 Display Downtime Virtual Assistant Safety Start Menu Computer Care Chromebook Downloads Drones Employees Automobile Virtual Desktop Vulnerability Avoiding Downtime Experience Software as a Service Holidays Processor How To HIPAA Data Protection Microchip Cooperation Flexibility Video Conferencing Disaster Virtual Machines Hack Computer Repair Identity Theft Notifications Multi-factor Authentication Professional Services Unified Communications Lithium-ion battery G Suite Business Communications Administrator Service Level Agreement Internet Service Provider LiFi Text Messaging Computing Infrastructure Azure Proactive IT Tablet Entrepreneur VoIP Application Supply Chain Tracking Management Regulations Compliance Bring Your Own Device Inbound Marketing Mouse Device security Managed IT Service Documents Wireless Headphones Memes Microsoft Excel Business Intelligence Web Server Tech Human Resources Going Green Net Neutrality Business Cards Music Workplace Digital Payment Error Financial Data SharePoint Securty Electronic Payment IT Domains Worker Bookmark Risk Management Term Google Apps Botnet Download Piracy Access Micrsooft Time Management Scams Public Cloud Telework Rental Service HTML Nanotechnology Communitications Flash Phone System Microsoft 365 Browsers Smartwatch Google Play Upload Procurement Telephone Systems Audit Software License Business Growth Spyware Public Speaking Cables File Sharing Social Network FinTech Screen Reader IT Assessment Streaming Media Redundancy Data Analysis CES Security Cameras Trends Supply Chain Management Banking Mobile Technology Value Google Wallet Cache Keyboard Deep Learning Computer Accessories Unified Threat Management Hard Drives Point of Sale Workers Customer Resource management Organization Messenger Devices Cyber security Smart Devices Tip of the week intranet Fileless Malware Shortcuts CCTV Gamification Remote Working Business Metrics Printing Company Culture Wireless Hosted Solution Shortcut Touchscreen Heating/Cooling Environment Telephone System AI Books Regulations Trend Micro Backup and Disaster Recovery Electronic Health Records Windows XP Language Emergency Transportation Society Social Networking Computer Malfunction Directions Digital Security Cameras Be Proactive Content Desktop Wasting Time Vendor Mangement Monitors Modem Visible Light Communication Samsung Electronic Medical Records Reading Accountants eCommerce Database Surveillance Windows 8 Uninterrupted Power Supply Webcam Videos Workplace Strategies Troubleshooting Managing Costs Business Mangement Displays SSID Advertising Tablets Health IT Relocation Equifax Media Tactics Development Work/Life Balance Hard Drive Disposal Employer/Employee Relationships Tech Support Supercomputer Username Google Calendar Virtual Machine Staffing Startup Optimization Virus Freedom of Information IP Address Reviews Navigation 2FA In Internet of Things Addiction email scam Teamwork Motion Sickness Smart Technology Data Storage Hacks Business Owner Comparison Mobile Security Hypervisor Network Congestion Google Drive Legislation Writing News Medical IT User Tip Shopping Reliable Computing Evernote Paperless Network Management Knowledge SQL Server Corporate Profile Telephony Competition Employer Employee Relationship PCI DSS Television Licensing Recovery Emails Humor Fake News Cabling Proxy Server Gig Economy Scalability

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here