Reply to post:

Too many staff have privileged work accounts for no good reason, reckon IT bods

Drew Scriver

Sounds like an ad hominem attack to me. It really doesn't matter what this company sells; it matters whether they're right.

Quite frankly, the percentage of people with too much access that they found is an average. From experience I can tell you that some companies are much closer to 100%...

As for your statement that "locking everything down is rarely a good idea", that's simply misguided. Access should be based on "default deny", not on some expectation.

Regarding your complaint about "systems are so locked down that you really struggle to do your job", you may be surprised that such an approach is not considered to be secure.

Security has three requirements: Confidentiality, Intergrity, and Availabliity. If you can't get to the stuff you truly need to get to it cannot be considered secure.

Unfortunately, and you are right in this, too many people think that full security means locking everything and throwing away the key.

Oh, how I wish companies would require everyone (including the brass!) to take basic cyber security training. Just an hour or to convey the basic principles would put an end to a lot of the issues.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon