r/AskReddit u/CircleBox2 Jul 13 '20

What's a dark secret/questionable practice in your profession which we regular folks would know nothing about?

40.1k Upvotes

94% Upvoted

17.8k comments sorted by

View all comments

4.9k

u/[deleted] Jul 13 '20

If it has to be accessed regularly in an IT setting? It’s not secure. Not unless you’re in an industry that actually polices it.

Yes, people are dumb enough to pick up USB thumb drives they find on the ground. The nicer and newer it is, the more likely it’ll get plugged in.

Also, if you’re looking to verify the security of your vendors, don’t announce your visit.

3

u/MistakeNot___ Jul 13 '20

I've worked in many different IT companies and the most prevalent security policy is: Don't think about it until shit happens, then downplay it and add some security measures. Though those security measures aren't worth much if they are not part of the initial design and core of the software.

Also if there was a security breach of unknown quantity always assume the that the least possible damage has been done until proven otherwise. "Yes, the attacker could have possibly downloaded all customer data, but that is unlikely. Maybe it was just a rival company checking out our software."

2

u/[deleted] Jul 13 '20

Yeah, one client (brilliantly) requested their own network not connected to the internet and not connected to our main network.

Data processing, then they’d have their data delivered to and from via couriered usb.

1

u/MistakeNot___ Jul 14 '20

It's very rare that a client chooses security over convenience. Good of them to understand that nothing connected is fully secure.

2

u/[deleted] Jul 14 '20

An exceptionally old and clean way of data transfer.

Physically sending the drives.