I’ve done a couple of posts this week on security, but I’d like to touch upon something that not only has implications to security but also to just about everything (including, if you’re a small business, profit)- PEBKAC!
PEBKAC is a fun acronym coined by computer support specialists which means “Problem Exists Between Keyboard And Chair”. It’s used to describe problems where the fault lies solely with the user and not with anything software or hardware related, and it most often has negative connotations in terms of the user’s perceived ability to think rationally or understand technology.
But why bring it up?
Quite simply- PEBKAC is one of the most devastating, unfortunate events that can happen to a business. PEBKAC is what causes even the most secure server to go down, or the most stable program to crash hard. It’s a fact that some people simply aren’t super tech-savvy, and don’t understand that they can’t have their password be their middle name or something like “password12345?. This isn’t their fault, and always resist the urge to blame them; it is in fact the duty of the tech-savvy individuals to engage and train people who aren’t.
The best way to go about avoiding PEBKAC is to be open, honest, and understanding about security policies to users. It doesn’t help to just say “Passwords must be at least 14 characters long with numbers, symbols, and upper-case letters”; it does help to add “This is because there are certain programs that can guess passwords in seconds, and passwords that are long with symbols and numbers are much, much harder to guess”. Chances are that the users will remember the explanation (The scarier the better) instead of viewing the password policies as random and draconian restrictions.
Another big point to mention- do not allow anyone not in the technical loop to dictate security policies! I read an article a year or so ago about a company that was compromised because its manager forced the IT department to allow blank passwords. If anyone recommends this, kindly inform them about the security implications; if they still persist, well… unemployment is a wonderful teacher, I’m told!
As someone renting a dedicated server or even several dedicated servers, chances are your company has started to grow and has not fully solidified its security policies. Take this time to draft up sensible policies with informative reasons for each rule, and keep this in mind as your system grows and scales to reduce PEBKAC and help you stay safe!