10.13
The Recap
A female riding a motorized wheel chair was advised by officer to stay on sidewalks until the chair had all proper safety equipment installed.
The Lesson
I read this particular police report and thought duh! I apologize for my bluntness, but of course you must have proper safety equipment to be road worthy. Then it hit me, we are more and more dependent on our customers interfacing with our business using a web browser. Sure each browser has it’s pros and cons, but at some point each one makes and big leap and it can not be overlooked that older versions are not secure enough based on the evolving threat landscape. So at some point, as security professionals, we have to push our organizations to no longer support older browsers. Yes, this may cause some pain because the customers have to go through the process of updating their systems. However, we would be remiss to both our organization and the customers to allow an insecure connection into our systems.
We always have to walk a fine line of balance in being accessible to our customers while maintaining security, but there are just those times where we have make security the first concern. This means the critical role we need to play in the change is to help sell “security” as a benefit, not a hindrance. No, we shouldn’t over promise, but we should make sure there is a value placed on the pain we are about to cause. It is always a challenge to sell security, but customers have a choice of where to do business which means we really need to understand how to convey value. If we can sell security to customers, pitching security internally should be a piece of cake. Just remember to make sure every one is “security” worthy before driving into your system.
