The culture of "not my problem"
So, I wrote in my last post about the problem with employees who are not exactly on board with the security effort. Well, this thread on Slashdot ought to scare plenty of those security directors out there, and might be good food for thought for you integrators out there preparing solutions. Basically, an employee asks how to secure a laptop and other equipment that have to be left out in a cube at night. Many of the posters ridicule her as a former office-owner, others offer solutions (some good, some ridiculous), but here's an example of one of the most popular types of responses: You speak as if this notebook is your personal property. It really shouldn't be. Your company should be supplying you with the equipment you need to do your job, and if the company equipment gets stolen when you're not around, that's the company's f***ing problem, not yours. Yikes. It's hard to secure an environment where the people in it don't really care all that much if it's secure. Of course, when their work computers actually do get stolen, and they lose all the music they've downloaded and pictures they've uploaded, then they scream at the security director for being an idiot who can't secure their environment.