Comment Re:Get out! (Score 5, Insightful) 84
As a IT security professional that has worked at multiple employers who are covered by DHS regulations of one type or another, I can say the majority of the time the issue is not stuff this stupid, but is in fact entitled executive management and the fact that DHS regulation has no teeth until something happens. Then it is too late. Things like refusing to allow the PC's to be locked down or refusing to set IT policy that works via whitelist where you can use company equipment to access things relevant to work that have been pre-vetted. IT security is not hard if you simply get rid of the fucking egos. Whitelist, fail by default, based systems solve 99% of issues before they occur. They are very very cheap compared to any other system but entitled management prioritizes happiness of themselves or users over security. Listen to music on your phone. Install that app you want on your home PC. Your work equipment should work for only the things that have been pre-authorized and then it becomes very simple and very cheap to maintain security. And DHS needs to put teeth on companies that don't live by those requirements BEFORE the bad stuff happens.