如果說有人了解你的“數字”缺陷，可能就是科里·托馬斯。托馬斯曾在微軟和美國電話電報公司工作多年，目前擔任Rapid7首席執行官，他對困擾美國公司的安全問題有切身體會（如今他的公司Rapid7也專注該領域，兩年來公司年收入幾乎翻番，現已超過2億美元）。近日一次對話中，托馬斯解釋了為何今后一段時間內嚴重的黑客入侵事件仍難以杜絕。

《財富》雜志：好像每天都有發生攻擊或盜取個人數據的消息。美國公司的網絡安全情況如何？

科里·托馬斯：社會運用科技的速度超過了可以掌控的水平。對技術的管理和維護是網絡安全問題的根源。人們總是爭相讓一些特性和功能上線，卻忽視了負面效應。

這方面已經沒希望嗎？

存在非常多的已知漏洞，這些相對容易解決。想破壞相關系統的人不用費那么大勁，因為漏洞和缺口太多了。

這會讓執法部門的工作變得更困難嗎？

是的，但社會總要有一些基本原則。如果因為基礎設施安全水平不高，執法部門就放松管制，顯然不是解決問題的辦法。如果執法工作變輕松，心懷不軌的人破壞起來也更容易。

政府保護自身資產的水平如何？有嚴重問題嗎？

仍有許多問題，但情況正在好轉。可以說進展過于緩慢，我也同意。但不能說毫無進展。問題在于進展跟不上風險暴露擴大和發展的速度。

整體情況如此。那么具體到個人呢？在保障自身安全方面你對朋友和其他普通人會有哪些建議呢？

首先是一些基本原則，不要使用重復的密碼。可以用密碼管理工具，比如LastPass。這是波士頓本地公司LogMeIn開發的軟件，跟我們業務比較類似。盡可能使用雙重認證。然后就像春季大掃除一樣，定期檢查對自己最重要的五項互聯網服務的隱私設置。可能要花上1-2個小時，但非常值得。很多時候人們并不知道有哪些控制手段。手機設置中都有一個詳細描述隱私保護的頁面。每年要看一次。（財富中文網）?

本文最初刊登在2018年9月1日出版的《財富》雜志上。

譯者：Charlie

審校：夏林

?

IF ANYONE UNDERSTANDS your digital flaws, it’s probably Corey Thomas. A veteran of Microsoft and AT&T, the Rapid7 CEO has seen firsthand the security problems bedeviling corporate America. (He’s also betting his company on it: Rapid7’s annual revenue has almost doubled over the past two years to more than $200 million.) In conversation, Thomas makes the case for why it may be a while before we stop hearing about major breaches.

FORTUNE: It sees like every day another attack or heft of personal data is reported. What’s the state of cybersecurity in corporate America?

Cory Thomas: Our society deploys technology faster than it can manage it. The management and maintenance of our technology is the root cause of our cybersecurity challenges. In the rush to get some feature or functionality online, people don’t pay attention to the side effects.

Is it hopeless?

There are so many vulnerabilities that we know are out there—it’s low-hanging fruit we can address. People who are trying to compromise systems don’t have to put in that much effort because there are so many holes and gaps.

Are we making it harder for law enforcement to do its job?

We are, but you must have basic principles as a society. Having an infrastructure that is knowingly insecure so law enforcement’s job is easier is clearly not the solution. If it’s easier for law enforcement, it’s easier for everyone else too.

How effective is the government at protecting its own assets? Are there critical problems?

There are still a lot of problems, but things are improving. You can argue—and I do—that progress is going too slow. But I’d be hardpressed to say it’s not being made. The challenge is that it’s just not being made fast enough for the exposure and the risk that we have.

That’s the big picture. What about the small one? What do you recommend that friends and other ordinary citizens do to stay secure?

Start with the fundamentals: Don’t reuse your passwords. Get a password manager like LastPass, owned by LogMeIn, a local company in Boston like us. Use two-factor authentication anywhere you can. And just like you engage in spring cleaning elsewhere in life, periodically review the privacy settings on your top five major Internet services. It will take only an hour or two, but it’s well worth it. Many times, people aren’t aware of the control that they have. You have a whole privacy tab on your phone. Just look at it once a year.

This article originally appeared in the September 1, 2018 issue of Fortune.