If your organization is convinced that users must be severely inconvenienced for the sake of security, it's (probably) not doing it right. It doesn't just ruin productivity and drive away the best employees, it also is probably harming security.
any thoughts on a minimal set of best practices for security in an organization? (a few people remote accessing a main computer, but no web applications).
-
-
The start is always: keep all systems ludicrously up to date and patched, use two factor authentication, use password safes so you don't have to re-use passwords, back up everything. From there, details depend on the exact nature of what you're doing and what your threats are.
-
BTW, backups should be automated (so you don't think about them), updates should be set to apply automatically (so you don't think about them), etc. Stuff that takes you time is stuff you probably won't do.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.