Security is?

As someone already pointed out, Security "is not rules, regulations, tools or toys."

Imho, security starts out with attitudes, attitudes that can only come from education of employees. And here is the real problem: This is expensive. In two ways.

First, only employing people that can actually be educated means only accepting people with a little intelligence, AND people that are loyal to their job, not only loyal to their own wallet. Such people cannot idly sit by and accept when the REMF managers purchase sub-standard equipment to allow for a pay-rise for the mid-level management. This basically means that intelligent and lojal people WILL find another employer, if the mid-level management is less loyal to the job than they are.

Secondly, a lot of mid-level management finds that education of employees is a waste of money, that could otherwise have been used to pay for management bonuses. This basically means that greedy midlevel managers have no wish for employees that will give them added security, period.

So, what can we as users do about this? Not much, really. Only thing we can do, is to "vote with our wallets", and avoid buying anything from companies that have this kind of (lacking) standards. The problem here, is that there isn't a single company that marks itself as a "better option", and thus there really isn't any option for us. This means that the option of "voting with our wallets" has been taken away from us, because all the alternatives has the same infection of greedy managers.

But, there is a second alternative (but it's slower!): If each and every one of the customers that are unhappy about this wrote a letter to our parlament/congress/senate/whatever representative regarding our wish for legislation to handle the problem of shops not protecting customer data, we jus might get something done. If we can get to the point where managers responsible for inadequate customer protection can be sentenced to jailtime, we may get somewhere. Because this would remove those managers from their workplace, so they can be replaced. In time, we might even get decent managers in (or rather: We might get all the rotten ones stored away, probably due to some local variant of the third-time laws).

And yes, I believe that the real problem is greed-in-midmanagement. Nothing more, nothing less.

//Svein