I see these types of listicles on LinkedIn or Twitter a few times a week:
5 tips to protect your business against cyber crime
Ten ways to prevent a data breach and protect your small business
3 tips to keep your company secure from hackers
They are written by *security experts* and they say effective security is as easy as:
- Running su -c ‘yum update’ every week.
- Picking a good password.
- Blocking everything from China.
The only way to respond to these articles is:
The truth is SECURITY.IS.HARD!
When an *expert* writes an article based on the premise that effective security is achievable by following a canned security framework they devalue the whole security industry. Implementing security in any organization is about performing the unique risk analysis and that cant be achieved through a checklist.
So the next time you see one of these listicles just say…