The biggest threat to cybersecurity in corporate IT departments isn’t the Chinese government or hackers in Eastern Europe, says the head of one of Silicon Valley’s hottest security-software startups. It is pathetic basic hygiene.
Orion Hindawi, president of Tanium, said it’s shocking how few companies take the most obvious measures to keep their networks secure. “If you look at the attacks we’ve seen, and we’ve seen thousands, many of the companies didn’t do the things they’re supposed to,” Hindawi said Monday afternoon at the Fortune Global Forum in San Francisco. He said, for example, that Microsoft sends out regular security patches, pieces of software code intended to thwart new known threats, and that too few companies implement them rigorously.
There are other basic tactics too many companies are ignoring. Hindawi said companies don’t implement multi-factor authentication protocols. These are techniques that force users to enter more than simple passwords to get into their corporate networks. He also said too few companies install anti-virus software on all computers. Imperfect though it may be, Hindawi said, having anti-virus software is better than not having it.
Hindawi said the surprising thing about the deficiencies of corporate security programs is that today’s problems are the same ones he saw 15 years ago. He also said companies can do a far better job of educating their employees on basic security behavior. Companies should be communicating, for example, that “if someone sends you a picture of a cat, don’t click on it.”
For more about cybersecurity, watch this Fortune video: