Posted by & filed under Uncategorized.

It doesn’t matter how thick the walls on your fort are if your people are giving away keys to the door.

You’ve probably read of the attacks on Home Depot, Target, Citibank, Sony Pictures, US Military, AOL, TJ Maxx, VA, T-Mobile, and more in the recent news.  One common element that keeps coming up is that the hackers did not  “break in” to the system.  Rather, they deceived people already inside into giving up their own ID’s and passwords and letting them just walk in the door.

Let’s look at some simple ways that people freely give up the information internally without even being asked.

  1. In one agency, everyone in the agency uses the same password to make things easier.  Then somebody left the agency under less than the best of terms, and even though her account was deactivated, she knew how to log on under other people’s accounts since they all shared the same password.
  2. In another agency, the original default passwords issued by the vendor was never changed by the users.  The result was pretty much the same as above, as people knew far too much about other people’s passwords.

So the takeaway for today is to just think about your password management policies.  Be sure all of your people reset the original default password, and make sure people don’t share their passwords.  Sit down with everyone and explain the policy and make sure they understand it.

Next time: How outsiders trick honest people into giving away their information and how you can fight it..


Leave a Reply

Your email address will not be published. Required fields are marked *