这位高管认为，网络漏洞太多，安全问题无法彻底解决

如果说有人了解你的“数字”缺陷，可能就是科里·托马斯。托马斯曾在微软和美国电话电报公司工作多年，目前担任Rapid7首席执行官，他对困扰美国公司的安全问题有切身体会（如今他的公司Rapid7也专注该领域，两年来公司年收入几乎翻番，现已超过2亿美元）。近日一次对话中，托马斯解释了为何今后一段时间内严重的黑客入侵事件仍难以杜绝。

《财富》杂志：好像每天都有发生攻击或盗取个人数据的消息。美国公司的网络安全情况如何？

科里·托马斯：社会运用科技的速度超过了可以掌控的水平。对技术的管理和维护是网络安全问题的根源。人们总是争相让一些特性和功能上线，却忽视了负面效应。

这方面已经没希望吗？

存在非常多的已知漏洞，这些相对容易解决。想破坏相关系统的人不用费那么大劲，因为漏洞和缺口太多了。

这会让执法部门的工作变得更困难吗？

是的，但社会总要有一些基本原则。如果因为基础设施安全水平不高，执法部门就放松管制，显然不是解决问题的办法。如果执法工作变轻松，心怀不轨的人破坏起来也更容易。

政府保护自身资产的水平如何？有严重问题吗？

仍有许多问题，但情况正在好转。可以说进展过于缓慢，我也同意。但不能说毫无进展。问题在于进展跟不上风险暴露扩大和发展的速度。

整体情况如此。那么具体到个人呢？在保障自身安全方面你对朋友和其他普通人会有哪些建议呢？

首先是一些基本原则，不要使用重复的密码。可以用密码管理工具，比如LastPass。这是波士顿本地公司LogMeIn开发的软件，跟我们业务比较类似。尽可能使用双重认证。然后就像春季大扫除一样，定期检查对自己最重要的五项互联网服务的隐私设置。可能要花上1-2个小时，但非常值得。很多时候人们并不知道有哪些控制手段。手机设置中都有一个详细描述隐私保护的页面。每年要看一次。（财富中文网） 

本文最初刊登在2018年9月1日出版的《财富》杂志上。

译者：Charlie

审校：夏林

IF ANYONE UNDERSTANDS your digital flaws, it’s probably Corey Thomas. A veteran of Microsoft and AT&T, the Rapid7 CEO has seen firsthand the security problems bedeviling corporate America. (He’s also betting his company on it: Rapid7’s annual revenue has almost doubled over the past two years to more than $200 million.) In conversation, Thomas makes the case for why it may be a while before we stop hearing about major breaches.

FORTUNE: It sees like every day another attack or heft of personal data is reported. What’s the state of cybersecurity in corporate America?

Cory Thomas: Our society deploys technology faster than it can manage it. The management and maintenance of our technology is the root cause of our cybersecurity challenges. In the rush to get some feature or functionality online, people don’t pay attention to the side effects.

Is it hopeless?

There are so many vulnerabilities that we know are out there—it’s low-hanging fruit we can address. People who are trying to compromise systems don’t have to put in that much effort because there are so many holes and gaps.

Are we making it harder for law enforcement to do its job?

We are, but you must have basic principles as a society. Having an infrastructure that is knowingly insecure so law enforcement’s job is easier is clearly not the solution. If it’s easier for law enforcement, it’s easier for everyone else too.

How effective is the government at protecting its own assets? Are there critical problems?

There are still a lot of problems, but things are improving. You can argue—and I do—that progress is going too slow. But I’d be hardpressed to say it’s not being made. The challenge is that it’s just not being made fast enough for the exposure and the risk that we have.

That’s the big picture. What about the small one? What do you recommend that friends and other ordinary citizens do to stay secure?

Start with the fundamentals: Don’t reuse your passwords. Get a password manager like LastPass, owned by LogMeIn, a local company in Boston like us. Use two-factor authentication anywhere you can. And just like you engage in spring cleaning elsewhere in life, periodically review the privacy settings on your top five major Internet services. It will take only an hour or two, but it’s well worth it. Many times, people aren’t aware of the control that they have. You have a whole privacy tab on your phone. Just look at it once a year.

This article originally appeared in the September 1, 2018 issue of Fortune.