Differences

This shows you the differences between two versions of the page.

--- thinking_about_security [2019/08/09 19:13] – neil
+++ thinking_about_security [2019/08/15 14:12] – neil
@@ Line 2: / Line 2: @@
 ====Key points:====
   * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]]
+  * [[think_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]
+  * [[think_about_security#Talk to your clients|Talk to your clients]]
   * [[thinking_about_security#Security is ongoing|Security is ongoing]]
@@ Line 10: / Line 12: @@
 What's important is that you are adequately protected against the realistic risks facing you.
+====Be realistic, and think about client experience ====
+Security is important. So is client experience.
+Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience.
+There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests.
+====Talk to your clients ====
+If your clients are themselves experts, consider letting them take the lead.
+If you are for a very tech-savvy client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.
+Likewise, if they send encrypted attachments, then you likely want to do so as well.
+(You might always want to //offer// encrypted communications, to raise awareness for clients who are less tech-savvy.)
 ====Security is ongoing====