Users spill password beans

Network managers are fighting a lonely battle on security with the majority of users and directors carelessly giving their passwords to complete strangers.

In the run-up to InfoSecurity next week, the event's organisers surveyed some 150 travellers at Victoria Station in London to see how diligent they were with their company's security policies.

A staggering two out of three office workers did not hesitate to reveal their company passwords. Many blithely revealed the origin of these passwords, such as "my car, a Porsche Boxter", "my pet's name, Fred", "my native country, Finland", "my name, Hattie".

"I am the boss and everyone knows my password," one managing director said. His IT director standing next to him looked shocked and when asked the same question, refused to answer. "It would give admin rights to the whole system, I never divulge my password," he said.

Without any sign of embarrassment, 50 per cent of respondents said they would download competitive information before moving to a new job or for a friend.

Taking information out of the office in this way not only gives away a vital asset to competitors but contravenes the Data Protection Act.

"Staff are not necessarily uncaring about security, they are just naive or ignorant," said Tamar Beck, director of Infosecurity Europe. "Employers need to provide policies and training to support the expensive security technology they may have already invested in."

Security experts have founded the Human Firewall Council to create awareness for human security issues. Its first public debate will be at Infosecurity in London on 23 April.

Co-founder Neil Barrett, technical director at Information Risk Management, said, "The survey shows that network managers are on their own when it comes to security. It's no use buying expensive locks when people forget to turn the key."

Comment on this story
www.humanfirewall.org
See security comment