Callias Ars Praetorian
10y
508
Subscriptor++
After 40 years, I still do not understand the reluctance to have one non-internet connected network for things like machinery, et al AND then the network for file shares, email, etc. that is connected to the Internet.

Now. I do understand that support vendors want remote access to the machinery, etc., but I have found remarkable success in saying (something to the effect of) “Hey no problem…it’s just…well, if the machinery or our network is hacked through your interface/accounts, you incur liability and agree to pay damages. OR, Option B, you get yourself onsite and fix it. No need to worry about liability and damages because you’d never let security lapses occur, would you?”

It has worked so, so, so many times over the decades that it just boggles the mind that such a negotiation stance is not a standard operating procedure. Of course, often I worked in high security industries where to play ball, a vendor had to have at least some semblance of their sh*t together.