You are here: Home Blog ClearView IT Avoiding Cybersecurity Placebos in Your Business

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Avoiding Cybersecurity Placebos in Your Business

ClearView IT Blog Security
0 Comments
Avoiding Cybersecurity Placebos in Your Business

When it comes to your business, especially its technology, some of the buzzwords you hear floating around can be pretty convincing, almost intoxicating. Unfortunately, like most buzzwords, many of these are aggrandized beyond their worth to the average small-to-medium-sized business. Let’s take a look at how this can impact a business’ perception of its cybersecurity, as well as dig into the reality behind these terms.

To begin, let’s examine a phrase coined in the early 2000s by cybersecurity technologist Bruce Schneier: “security theater.”

What is “Security Theater?”

Security theater is a simple shorthand for any security efforts put in place that do little to better ensure one’s security, despite making one much more comfortable, generally for some considerable cost. The idea behind it is that security exists as both a reality based in math and science, and as a perception that is based in emotion.

In a 2007 blog article, Schneier cited a personal anecdote where a friend’s newborn was fitted with an RFID tag to help prevent infant abduction during their stay in the maternity ward. However, the rates of infant abduction were astoundingly low at that point. In his blog post, Schneier posits that these bracelets were a form of security theater, meant more to placate the parents when their bundle of joy was out of sight than it was to help prevent the rare case of infant abduction.

While security theater may have perceived benefits, Schneier says, the true concerns come with the costs that are associated with it.

Let’s return to his example of the tracking tags on newborns. With such a low rate of infant abduction, there was realistically little-to-no practical risk of someone’s child being abducted from the hospital. However, as the low-cost RFID bracelets allowed parents to breathe a little easier when their baby wasn’t in the room with them, hospitals found this investment to be worthwhile. Another example that Schneier gives is the introduction of tamper-resistant packaging on over-the-counter drugs in the 1980s. With poisonings getting some significant coverage by the press in this era, the idea that medications would be tampered with was relieved.

It didn’t matter that the statistical likelihood of a drug being altered was negligible, or even that the tamper-resistant packaging wasn’t all that effective anyways. The theater of the tamper-resistant packaging that companies would use helped align the perceived threat with the practical odds.

The Trade-Offs

However, there is a point at which security theater can become detrimental: when the investment (real or perceived) into your security is generating negative returns—or in other words, when your security measures are actually making you less secure. One glaring example from recent years is the 2013 hack into Target, where numerous security teams dropped the ball as numerous failsafe notifications and procedures were ignored. Let’s go into how you might be “overacting,” so to speak, when it comes to some of the security theater you have in your office.

Excessive Password Updates

Forcing your employees to update their passwords each month has long been established as a counterproductive security measure, as this will only encourage them to adopt other behaviors that will directly undermine your resiliency. Perhaps these passwords will become embarrassingly predictable, or your users will resort to writing them down somewhere to keep track of them all. Instead, use other methods of reinforcing your business security, such as multi-factor authentication (MFA) or single sign-on solutions, paired with a more moderate password policy.

That said, we’re not advocating never changing passwords, but the bad habits it causes are much worse than what mandatory password changes do for the greater good.

Alert Overload

A never-ending barrage of security notifications can have a few negative repercussions on your users. Naturally, their workflows will suffer from consistent interruptions, but there is also the fact that these notifications will eventually be tuned out. As a result, if a real issue does eventually present itself, it is more likely to be ignored. An MSP’s services can help to separate the wheat from the chaff, preventing your users from encountering interruption in most cases.

Lacking User Awareness

Think back for a second: when you last had a cybersecurity training session for your users, what was the general format? Was it primarily a lecture, or were your employees involved and engaged in the process? When was your last training initiative? Many companies figure that these seminar-style sessions serve their purpose, but the more effective means of instilling good cybersecurity training is through shorter, more frequent, and (most importantly) more interactive efforts.

ClearView IT has the tools and resources that can help you to better ensure your security efforts are contributing to your practical security. To find out more about the solutions that we can assist you with, reach out to our team by calling 866-326-7214 today.

Tweet
Tags:
Security Business Computing Cybersecurity
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 05 July 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Data Backup Ransomware Smartphone communications Upgrade Microsoft Office Smartphones Small Business Network Mobile Devices Managed IT Services Communication Data Recovery Quick Tips Productivity Social Media VoIP Users Mobile Device Tech Term Automation Business Continuity Facebook Windows 10 Passwords Holiday Disaster Recovery Covid-19 Managed Service Apps Windows 10 IT Support Browser Cloud Computing Outsourced IT Miscellaneous Data Management Remote Work Internet of Things Managed Service Provider Government Saving Money Operating System Workplace Strategy Artificial Intelligence Networking Managed IT services Windows Gadgets Server Remote Bandwidth Encryption Blockchain WiFi App Business Technology Virtualization Spam Information Mobile Device Management History Employee/Employer Relationship Apple Information Technology Gmail Office Two-factor Authentication Budget Office 365 Data Security Health Cybercrime Analytics BDR Big Data Conferencing Wi-Fi Access Control Employer-Employee Relationship Cost Management Patch Management Compliance Remote Monitoring Remote Computing Document Management Voice over Internet Protocol Save Money Help Desk Hacking IT Management Training Hacker Vendor Vendor Management Best Practice Hard Drive Customer Service Vulnerabilities Unified Threat Management Retail Firewall Alert Augmented Reality Word Hiring/Firing Legal Project Management Outlook IBM Website Password Data storage Mobile Office Data loss Managed Services BYOD Search... Computing Applications Money Storage Social Sports SaaS DDoS Monitoring Twitter Paperless Office Antivirus Healthcare Maintenance iPhone Law Enforcement End of Support Education Cortana Windows 11 User Printer Content Filtering Remote Workers Websites Router Mobility Chrome Meetings Windows 7 Free Resource Travel Virtual Reality The Internet of Things YouTube Social Engineering Cryptocurrency Google Maps How To Black Market Scam Mobile Computing Cleaning Laptop Robot Marketing Data Breach VPN Running Cable Update Virtual Desktop Avoiding Downtime Experience Holidays Chromebook Taxes Drones Automobile Multi-factor Authentication Cooperation Video Conferencing How To Disaster Saving Time Virtual Machines Microchip Physical Security Computer Repair Flexibility HIPAA Bitcoin Lithium-ion battery Computers Professional Services Hack Start Menu Telephone Identity Theft Downloads Notifications Computer Care Unified Communications Processors Managed Services Provider Vulnerability Excel Google Docs Bluetooth Software as a Service Virtual Private Network Distributed Denial of Service Data Protection Office Tips PowerPoint Current Events Memory Private Cloud Administration Virtual Assistant Solutions Presentation Wireless Technology Specifications eWaste Images 101 IT Consultant Politics Integration Display Settings Machine Learning Tech Terms Downtime Safety Processor Customer Relationship Management Solid State Drive Co-Managed IT Managed IT Employees Digital Entertainment email scam SharePoint Videos Navigation Surveillance Books Digital Payment Addiction Worker Workplace Strategies Managing Costs Language Mobile Security Society Access User Tip Legislation SSID News Monitors Visible Light Communication Media Time Management Evernote Development Reading Public Cloud Network Management Employer/Employee Relationships Virtual Machine Windows 8 Staffing Audit IP Address Reviews Spyware Proxy Server Optimization Emails Fake News Displays Computing Infrastructure Advertising 2FA Relocation File Sharing Service Level Agreement Teamwork Data Storage Smart Technology Troubleshooting Management Hypervisor Work/Life Balance Device security Tech Support Redundancy Shopping Cache Wireless Headphones Medical IT Microsoft Excel Going Green SQL Server Business Cards Paperless Unified Threat Management Tech Workers Competition PCI DSS In Internet of Things Error Licensing Recovery Printing Gig Economy Bookmark Humor Hacks CCTV Network Congestion Download Azure Writing Piracy LiFi Business Communications Touchscreen Entrepreneur Term Internet Service Provider Reliable Computing Application Regulations Compliance Supply Chain Business Owner Managed IT Service Computer Malfunction HTML Documents Emergency Vendor Mangement Business Intelligence Browsers Memes Nanotechnology Upload Software License Human Resources Google Play Net Neutrality Scalability Samsung Financial Data Administrator Uninterrupted Power Supply Workplace Social Network Text Messaging Webcam Proactive IT Securty Domains Risk Management Business Mangement Data Analysis IT Bring Your Own Device Screen Reader Trends Mobile Technology Google Apps Security Cameras Tablets Telework Scams Inbound Marketing Customer Resource management Devices Music Tip of the week Google Calendar Smartwatch Fileless Malware Communitications Supercomputer Microsoft 365 Gamification Company Culture Virus Procurement Public Speaking FinTech Botnet Cables Telephone System Motion Sickness Regulations Streaming Media Comparison CES Google Drive Electronic Payment Directions IT Assessment Rental Service Backup and Disaster Recovery Micrsooft Content Value Flash Desktop Keyboard Supply Chain Management Knowledge Hard Drives Organization Corporate Profile Point of Sale Electronic Medical Records Cyber security Telephone Systems Accountants Business Growth Television Telephony intranet Smart Devices Employer Employee Relationship Phone System Database Cabling Shortcuts Wireless Shortcut Remote Working Heating/Cooling AI Tablet Environment Health IT Trend Micro Banking G Suite Equifax Google Wallet Hard Drive Disposal Windows XP Mouse Digital Security Cameras VoIP Social Networking Electronic Health Records Messenger Tracking Tactics Transportation Deep Learning Be Proactive Username Wasting Time eCommerce Business Metrics Web Server Computer Accessories Startup Modem Hosted Solution Freedom of Information

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here