Tuesday, 22nd May 2007
Tim Buckley Owen
Corporate information managers are frequently the gatekeepers of many passwords, and many are probably looking forward to spearheading web 2.0 applications throughout their organisations as well. But if you think you have your security pretty well sewn up, perhaps now’s the time to think again.
It’s not a question of firewalls, encryption or technology. Security can be put at risk by simple human behaviour.
A survey of 300 commuting office workers and IT professionals for Infosecurity Europe - http://www.infosec.co.uk/page.cfm/T=m/Action=Press/PressID=640 - found that 64% could be induced to give away their passwords in exchange for a bar of chocolate and a nice smile. The approach was just a bit subtle, but didn’t really take too much effort.
Researchers simply asked people if they knew what the most common password was and then what theirs was. Only 22% of IT professionals revealed their password at this point compared to 40% of the commuters.
But then the researchers would ask if it was based on a child, pet, football team or whatever, and would have a guess at what it might be. This time, a further 42% of IT professionals and 22% of commuters fell for it.
Perhaps we shouldn’t be too surprised at the ease with which people were prepared to do something that they would never even contemplate if they thought a bit about it. The latest Information Security Breaches Survey - http://www.pwc.com/uk/eng/ins-sol/publ/pwc_dti-fullsurveyresults_execsum06.pdf - carried out by consultant PriceWaterhouseCoopers for the Department of Trade & Industry, shows that a quarter of companies don’t carry out any background checks when recruiting staff, and one in eight does nothing to educate staff about their security responsibilities.
Small wonder then that the majority of corporate fraud is committed by trusted senior managers – people to whom you probably wouldn’t hesitate to give a password if asked. According to ‘Profile of a Fraudster 2007’, a survey by KPMG Forensics - http://www.kpmg.co.uk/pubs/ACF23E1.pdf - senior management and board members represent 60% of all fraudsters.
‘This result highlights a risk that every company faces,’ the report concludes: ‘Executives are entrusted with sensitive company information and yet are also often in a position to override internal controls’.
If the risk is bad now, how much greater is it going to become as companies embrace social media? A final piece of research, by content security specialist Clearswift - http://www.clearswift.com/news/item.aspx?ID=1162 - suggests that almost half of businesses have no idea whether they have lost confidential information via social media outlets, and that nearly a fifth of IT and business decision makers don’t have a policy governing appropriate internet use, including social media sites.
And when management does finally get wise to the risks, there’s a danger of over-reaction. Over 40% of organisations currently either discourage or actually forbid blogging.
Document the value chain, and transform the way you think about, manage and report on your product portfolio and your information service contributions to your organisation goals.
Focus on Value Chain
Risk assessment is a required process for a healthy information department. It gauges the ability of your services, team, portfolio and overall value to withstand stress.
Focus on Risk Assessment
Sorry, there seems to be a problem with Webinar and Community listings. Please let us know, by email to firstname.lastname@example.org. Thank you.
Our proven processes, resources and guidance will help your team make the shift from transaction centre to strategic asset.
Designed around the most common challenges and pain points for time- and resource-strapped information teams
Supercharge remote productivity and value
Holistic content portfolio management
Future-proof your information service
A tailored overview of our research and active discussion with your Jinfo analyst.
Measure your starting point to articulate your strengths and set priorities for future improvements. Assessments gauge risk, capacity, value and more.
Read case studies, and start the conversation:
Connect your team with the practical tools, original research and expertise to build and support information strategy in your organisation.
A Jinfo Subscription gives access to all Content (articles, reports, webinars) and Community.