The InformationWeek -- Blogs

Security

Topics:   Security

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

Pssst. What's Your Password?


Posted by George Hulme, Nov 14, 2008 08:23 PM

Your company invests heavily in provisioning and identity management software. Password are to be changed every 90 days or so. The goal is to make sure accounts are secure and users are accountable for their actions. Problem is: Everyone is sharing passwords.

Well, not everyone. But a lot of corporate workers are, if a recently released study is to be believed. From Tim Wilson, in today's DarkReading:

Account sharing -- the act of giving one's account information to others to save time or money or to bypass security processes -- is pervasive behavior in most organizations and online services, experts say. The problem: Most organizations don't know when it occurs or how widespread the practice is.

In a data leakage study released Wednesday by Cisco Systems, researchers reported that 44 percent of end users have allowed others to use their company-issued computers without supervision. Most of the respondents said they gave access to co-workers, but a significant portion also gave access to friends or family, and 5 percent admitted to giving out their passwords to individuals outside the company.

Did you catch that? Nearly half of all end users let others use their systems without supervision. Now, as harmless as letting your husband use the corporate-issued laptop for his own work research or the kids look up some facts for their schoolwork may seem, the fact is that it shouldn't be going on. All it takes is for a teenager to download a single maliciously crafted Flash movie, and you just potentially hosed the security of your company. If they run a forensic analysis of what happened, the blame is going to fall on you.

While being that lax with corporate-issued equipment is shocking enough -- 5% of those surveyed admitted to handing out their passwords to people outside the company. That's just negligent and dangerous enough to blow a hole through the best-planned security program.

« Thoughts On The T-Mobile G1 | Main | A Critical Look At Content Management Interoperability Services »



Sign Up Now
For InformationWeek News Alerts




This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


 
 

  1. Detecting Scalability Problems With Intel Parallel Universe Portal
  2. Just Say No To SFAQL Parallelism
  3. QuickThread: A New C++ Multicore Library
Join The InformationWeek Group On LinkedIn


                           


  1. AT&T, T-Mobile, Verizon All Offering Black Friday Sales
  2. HP Picks Worst Name Ever For New Smartphone
  3. Apple Says Users To Blame For iPhone Virus
  4. Best Buy Rolls Out $99 Android Sale
  5. Google's New Chrome OS Partner: Ubuntu

  1. Apple Accepts PhoneGap For iPhone Development
  2. Apple Seeks Permanent Halt To Psystar Mac Clones
  3. NIST Director Sees Key Role In Emerging Technologies
  4. Sprint Gets Nod To Buy iPCS
  5. FCC Chair Wants More Broadband
  6. Gartner: Data Center Problems Ahead

 
  Ars Technica
Boing Boing
Channel 9 Forums
CRN Blogs
Dr.Dobb's Portal: Blogs
Engadget
Gizmodo
GrokLaw 		  Lifehacker
Schneier on Security
Slashdot
TechCrunch
Techdirt
Techmeme
Valleywag
  DECEMBER 2008
NOVEMBER 2008
OCTOBER 2008
SEPTEMBER 2008
AUGUST 2008
JULY 2008
JUNE 2008
MAY 2008 		  APRIL 2008
MARCH 2008
FEBRUARY 2008
JANUARY 2008
DECEMBER 2007
NOVEMBER 2007
OCTOBER 2007
SEPTEMBER 2007