Password sticky note9/22/2023 ![]() Leave Your Laptop In Your Car And 9 Other Bad Cyber Security HabitsĢ. The #1 Thing IT Managers Would Do To Strengthen Their Information Security Policiesġ. The #1 Cyber Security Threat To Information Systems Today.ģ. The #1 Thing Employees Do That Compromises Their Own Company's Cyber SecurityĢ. The survey reached 276 IT professionals and was completed in December 2014.ġ. *The survey, commissioned by Sungard Availability Services, was conducted by SurveyMonkeyĪudience. And as an added incentive, consider this: perhaps I’ll stop by some evening when you’re all away to see how you’re doing. ![]() The four tips above will help your employees make the shift to stronger password security. Password security is all about modifying employee behavior. Take the time to explain how password sharing places the company at risk: those scrawled-on sticky-notes are the keys to the kingdom for corporate hackers. Telling people “don’t” without telling them “because” is a waste of breath. Why have separate passwords for different applications at all? When companies make the move to single sign-on, where a single password provides access to multiple systems and applications, people tend to be less likely to share their password because it would give the other person an “in” to systems they don’t want them to access – such as email or personnel files. If you make it a priority to process permission requests, people are more likely to go about things the right way, rather than jotting their passwords down and sharing them. For all you folk in IT, you want to streamline – and broadcast – the process for getting people access to the applications they need. People aren’t going to stop sharing passwords because a nameless person in IT bleats “Hey, don’t do that!” They’re going to stop sharing passwords when the CEO, CIO, CISO and the rest of the top guns say, “You will NOT share passwords – and if you do, you’re going to get more than a slap on the wrist.” Make it clear that there are no exceptions to this password security policy. So what do we do about password sharing? Here are four tips that can really help frustrate penetration testers like me … and the malicious hackers we represent. Password sharing is a security risk because the password gets written down, and what is written down can be seen by the wrong pair of eyes. Now you can understand that protesting, “I would only share my password with a person I trust completely!” is irrelevant. ![]() Do you think I – and any real hacker – don’t know where to look?) (By the way, “hiding” sticky-notes under a keyboard or in a drawer or under the desk is a complete waste of time. I’m happy, too, because I will quickly find that sticky-note and then I have access to that application as well. After all, why go to IT now? The assistant can get in, the tasks can get done, and everybody is happy. Here’s the kicker: chances are, the assistant will keep that password – with the manager’s full knowledge and acquiescence. The assistant uses the password to get into the application and perform the task. And, because it’s easier than going to IT and asking for the necessary permissions, she hands her password to the assistant on a sticky-note. But one day, she asks the assistant to perform a task in the application. She has an assistant who does not have access to that application. ![]() For instance, there might be an application that a manager uses for her job. ![]() The question is, why do people share their passwords? And what can we do about it to strengthen password security?įirst, why do people share their passwords? Frequently, it is because someone needs a resource they don’t have permission to access. Considering how many times I find passwords clearly printed on sticky-notes and placed conveniently near computers, I completely understand why nearly 51% of those surveyed in a recent study commissioned by Sungard Availability Services* noted that employees sharing passwords is a direct threat to their company’s security policy. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |