Monday, September 22, 2008

The General Public's Security Posture

I'm feeling like I made the right decision to take the full-time job and place my own company on the back burner. While I've marketed the heck out of the company, I haven't had a steady stream of clients coming in. I've tried print marketing, joining the Better Business Bureau, online marketing, brochures; all geared towards the target potential client. I've even gone so far as to teach a workshop on securing home pcs using free software (and general security safeguards.) So far, two of the classes have been canceled. And I suspect the third, scheduled for Saturday, will be as well.

I get clients, and most of them are word of mouth. The feeling I get is that people just don't care. People (and smaller businesses) don't want to worry about something that they don't think will happen to them. Or, they are above having an issue.

Sometimes, an acquaintance will say "I just got a new computer, how can I best protect myself?" And, after talking it over with them, discussing the vulnerabilities and threats, I might recommend X, Y, and Z. Or, try this, and this. I'll get a quick thanks. Then, three months later, I'll get a frantic call, "Ohmygosh, nothingworks, themachine'snotright, youhavetocomequickandhelpmeout!!!!!!" Of course, I go, and I ask "what happened with X, Y, and Z?" And the answer is invarirably, "I didn't have time," or "I didn't think it was that important."

And I think that's the beginning of the problem. People just don't care. So, I'm glad I've taken this full-time gig. The clients that pay us HAVE to meet a security baseline. They may not like our answers, but all they are doing is shooting the messanger.

No comments:

Post a Comment