How many of your employees are keeping passwords, log-ins and other information on sticky notes under their keyboards? Easy enough to find out.
How many of your employees are keeping passwords, log-ins and other information on sticky notes under their keyboards? Easy enough to find out.There's a great 1938 Sammy Fain/Irvng Kahal standard called "I'll Be Seeing You," whose most haunting lyric includes the words "In all the old familiar places." (Nice Sinatra/Tommy Dorsey version here.)
Want to see the "old familiar places" for passwords and other sensitive information in your employees' workspaces? Take a look under their keyboards.
And on the backs of monitors, the bottoms of desk drawers, inside the drawers themselves, pretty much anywhere that sensitive information can be "hidden in plain sight."
Time to take a password-focused look around the workplace.
Don't be surprised at what you find. I was in a small business recently and passed a work cubicle which was notable for its neatness, orderliness... and the 3-ring notebook whose spine bore the printed label PASSWORDS, ETC.
"...exercise extreme caution when writing down or storing passwords. Stories of hackers obtaining passwords through shoulder-surfing and dumpster diving are not urban myths, they are real. Users should resist the temptation to write down passwords on Post-It notes stuck to their monitors or hidden under their keyboards."
Passing time doesn't dim the appeal of those "old familiar places, though. Nor evidently, does security professionalism. A few years ago security firm Cyber-Ark surveyed a couple of hundred IT professionals, and in the course of finding out just how much snooping they were doing into employees' private files (lots), they found out just how many security pros in their survey base were writing passwords on Post-its. Answer: also lots.
As Cyber-Ark reported: "More than half of people still keep their passwords on a Post-it note, in spite of all the education and reminders to do differently. What's shocking about this year's annual survey was that the 50% number now applies to IT Professionals as well!" (The passwords the pros Post-it-ized included administrative passwords, as well as individual ones.
Not that the sticky note approach doesn't have its adherents.
Last year, F-Secure blogger Sean Sullivan made a strong case for writing strong passwords down, and for writing them down on Post-its. The trick was that you don't write the whole password down. Read about this approach in detail here.
The post closed with a familiar refrain:
"Don't put the Post-it on your monitor! And not on the underside of your keyboard either… everyone's familiar with that location too."
But Sullivan also had some solid advice on where to store the written password: your wallet.
Think about it: people keep things in their wallets that they really care about protecting, however they feel about their passwords. Good tip, worth passing along.
Take a look around your workplace's "old familiar places" sometime soon. Just don't be surprised what you find there.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.