Which practice is typically considered a reasonable security measure?

Implementing complex login procedures is widely regarded as a reasonable security measure because it enhances the protection of sensitive information and systems. By requiring strong, complex passwords, organizations can make it significantly more difficult for unauthorized users to gain access. These measures often include a mix of upper and lower case letters, numbers, and special characters, along with policies regarding password rotation and expiration. Such practices help to reduce the risk of data breaches and unauthorized access, crucial aspects of maintaining compliance with privacy laws and protecting personal information.

In contrast, using shared passwords across departments can lead to a lack of accountability and increase the risk of a security incident. Disregarding external audits compromises an organization’s ability to assess its security posture and comply with regulatory requirements, making it difficult to identify vulnerabilities. Lastly, allowing employees to work from unsecured locations poses serious risks, as it increases the likelihood of data interception or unauthorized access to sensitive information.