The door is open for unwelcome visitors
I walked past the open door of an office building belonging to a major IT company this morning. It was before 7am. To make life easier for deliveries a well used wooden wedge propped open the door marked 'fire exit only' and equipped with a badge reader. Maybe there are secondary security doors inside... who knows. If you leave the door open, do not be surprised if unwelcome visitors enter your company (I did not). Quite apart from the security risk, sloppy security not good for the image of an IT company, in fact any company.
The same is true with IT security. Whilst sophisticated attacks are mounting and the cyber criminals are exploiting loopholes in software, a large number of cyber security incidents originate from someone leaving the door open. For example by using a weak password. The most common password used in the world is "123456" according to the password manager service 'Keeper'. Shame on the user who has such a limited imagination and shame on the supplier of the IT system to allow such a password to be entered. However nearly 17% of users are safeguarding their accounts with the digits one to six.
It has also come to light today that thousands of passwords and identities of British Cabinet Ministers, police officers, ambassadors and ministers have been put up for sale on the dark web. The leak shows that many have weak passwords and the hack risk is compounded if the same password is associated with multiple accounts.
The answer is so easy: use a strong password, preferably a randomly generated one and make it unique for each account and change it frequently. That's it.
I do not believe that many of us leave our homes or cars in the morning without locking them, however it appears that as far as IT security is concerned we may as well put our passwords on sticky notes on our screen.
So why do we do it? Is it that we are intrinsically lazy? Are we stupid? Are we under educated?
I do not have an answer and would value your thoughts in response to this article.
In the meantime, be safe, use a strong password and make it unique for every account and do not share it implicitly or explicitly.
#cybercrime #itsecurity
My views are my own.
Education is the kindling of a flame, not the filling of a vessel.
7 年Why people do it? Because the security is badly designed :) if you design it wrong, people will always find a shortcut. https://cdn-images-1.medium.com/max/960/1*pMk3h0dIYMb_I1iJCjriPQ.jpeg
Director at Neil Newman Search
7 年Education. Whilst there may be any number of ways of safely storing the plethora of passwords one needs today, many people do not know what they are. And from personal experience the older you get, the easier it is to forget! The higher up the chain of command, the less technically able some people become, and less willing to ask. We teach the fundamentals to new starters, forgetting that the lessons should include those at the top.
IT Professional
7 年All is done for some reason. It was necessary to check in detail why the door was open, then give a comment on security issue. I completely agree about taking the maximum precaution of using strong passwords, controlling physical access and security at all. But, as you have said, all this is in the basics.
Leading Consult Partner - Strategic Markets
7 年So true and so Sad. Thanks for reinforcing the basics