When vendors suggest unsafe things and say it’s best
practice, I have two questions to ask.
“How many any other organizations allow you to do that?”
“Why do you think that can be done here?”
Outsourcing business processes doesn’t mean outsourcing
risk.
Plaintext passwords.
Over-privileged access.
Poor data handling.
These aren’t best practices anywhere.
Just excuses for poor practice.
Your organization's customers won't care about the vendor.
The breach will still be yours to own
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment