The Case for Imperfect Cyber Security

Imagine this scenario:

Deep underground, in the bowels of Cheyenne Mountain, in one of the United State’s government’s most secure and shielded facilities, there’s a vault.

The vault is guarded with lasers and biometrics and trigger-happy, stern-faced soldiers.

Inside the vault is one computer. It’s not connected to the outside world in any way. No internet. No Wi-Fi. No USB ports. It has an obscure operating system that was purpose-built for doing just one thing.

There is only one person cleared to use the computer. Each time she needs to use it, she has to pass through the front gate of Cheyenne Mountain, go through the entire complex with all its internal security, down the long elevator to the very bottom, and then past all the additional security surround the vault and one its lonely occupant.

It’s at least 90 minutes just to lay hands on keyboard.

And she can’t bring anything in with her. No bag. No paper. No phone.


Is this a secure computer?

Pretty much.

Is it a usable computer?

Not so much.

Ain’t no one got time for that

At the end of the day, computers are tools we use to get stuff done.

We need them to be safe enough to do our work, but not so restrictive that they put an undue burden on our ability to actually work.

And what’s “safe enough,” exactly?

It’s different for each business, of course, but here’s a good starting point:

  • Patching and updates – Are all the obvious vulnerabilities addressed?
  • Antivirus and firewalls – Do you have automated systems blocking intrusion attempts?
  • Backups – Can you quickly restore business functions in the case of disaster?

These simple steps dramatically reduce the possibility of an automated attack – the vast majority of attacks by far – breaching your computer.

Is a highly motivated, talented, and well-funded hacker going to be able to exploit your computer for nefarious purposes?


But those kinds of attacks represent maybe .01% of malicious traffic.

Day-to-day cyber security is mostly a case of beating automated attacks to the low-hanging fruit on your computer, while not spending a ton of time and money on it, and being able to concentrate on getting things done.

Does that sound good to you? I can help! Check out my tutorials and services.