Jinfo BlogTwo-thirds give password for chocolate

Tuesday, 22nd May 2007 Sign in to MyJinfo or create an account be able to star items Click for printable version Subscribe via RSS to get updates as soon as Blog items are added Tweet about this item on Twitter Share on Facebook Share on LinkedIn

By Tim Buckley Owen

« Blog


Corporate information managers are frequently the gatekeepers of many passwords, and many are probably looking forward to spearheading web 2.0 applications throughout their organisations as well. But if you think you have your security pretty well sewn up, perhaps now’s the time to think again. It’s not a question of firewalls, encryption or technology. Security can be put at risk by simple human behaviour. A survey of 300 commuting office workers and IT professionals for Infosecurity Europe - http://www.infosec.co.uk/page.cfm/T=m/Action=Press/PressID=640 - found that 64% could be induced to give away their passwords in exchange for a bar of chocolate and a nice smile. The approach was just a bit subtle, but didn’t really take too much effort. Researchers simply asked people if they knew what the most common password was and then what theirs was. Only 22% of IT professionals revealed their password at this point compared to 40% of the commuters. But then the researchers would ask if it was based on a child, pet, football team or whatever, and would have a guess at what it might be. This time, a further 42% of IT professionals and 22% of commuters fell for it. Perhaps we shouldn’t be too surprised at the ease with which people were prepared to do something that they would never even contemplate if they thought a bit about it. The latest Information Security Breaches Survey - http://www.pwc.com/uk/eng/ins-sol/publ/pwc_dti-fullsurveyresults_execsum06.pdf - carried out by consultant PriceWaterhouseCoopers for the Department of Trade & Industry, shows that a quarter of companies don’t carry out any background checks when recruiting staff, and one in eight does nothing to educate staff about their security responsibilities. Small wonder then that the majority of corporate fraud is committed by trusted senior managers – people to whom you probably wouldn’t hesitate to give a password if asked. According to ‘Profile of a Fraudster 2007’, a survey by KPMG Forensics - http://www.kpmg.co.uk/pubs/ACF23E1.pdf - senior management and board members represent 60% of all fraudsters. ‘This result highlights a risk that every company faces,’ the report concludes: ‘Executives are entrusted with sensitive company information and yet are also often in a position to override internal controls’. If the risk is bad now, how much greater is it going to become as companies embrace social media? A final piece of research, by content security specialist Clearswift - http://www.clearswift.com/news/item.aspx?ID=1162 - suggests that almost half of businesses have no idea whether they have lost confidential information via social media outlets, and that nearly a fifth of IT and business decision makers don’t have a policy governing appropriate internet use, including social media sites. And when management does finally get wise to the risks, there’s a danger of over-reaction. Over 40% of organisations currently either discourage or actually forbid blogging.

« Blog

Benefit from our research

Content and Community

Connect your team with the practical tools, original research and expertise to build and support information strategy in your organisation.

A Jinfo Subscription gives access to all Content (articles, reports, webinars) and Community.

Subscription benefits


Our proven processes, resources and guidance will help your team make the shift from transaction centre to strategic asset.

Read case studies, and start the conversation.

Consulting benefits