Tighten Security Against Users’ Foibles:
Big Hacks Prove the NeedTighten Security Against Users’ Foibles: Big Hacks Prove the Need
The late- giant hack of U.S. government agencies and businesses, through SolarWinds and probably from Russia, because it was successful, likely means that, in each organization (hacked or not), IT security managers will have to impose more requirements on most people who just use computers and only do the security they’re forced to do. That executive will need backing from on high up because the new inconvenience will be objected to by most workers until it becomes normal. Their objections will be reasonable; higher security often demands more from users and they have other things they have to do. Nonetheless, like the trend in recent years to require that passwords had to be replaced by strong passwords, other requirements will have to be added.
Perhaps customer service should be tightened against requests for replacement passwords.
Perhaps in incoming email believed to be spam the links should be redirected to an in-house page saying to call IT to use links from that suspicious email (the links would have to be preserved elsewhere, maybe for a long time, to enforce this).
Perhaps someone working from home even at a recognized unique address (assuming it is unique) and wanting to send email on their organizational account should have to register their presence before sending the email and deregister afterwards, not for each email but perhaps for a session, the registration being for IT’s validation of the emails.
Perhaps other ideas will be needed.
Even for less-important less-valuable organizations with less infrastructure, fewer people, and crankier nongeek jerks on staff, security will have to be tightened despite higher costs and burdens on ordinary users.