Two-thirds give password for chocolate
Jinfo Blog
22nd May 2007
Item
Corporate information managers are frequently the gatekeepers of many passwords, and many are probably looking forward to spearheading web 2.0 applications throughout their organisations as well. But if you think you have your security pretty well sewn up, perhaps nowâs the time to think again. Itâs not a question of firewalls, encryption or technology. Security can be put at risk by simple human behaviour. A survey of 300 commuting office workers and IT professionals for Infosecurity Europe - http://www.infosec.co.uk/page.cfm/T=m/Action=Press/PressID=640 - found that 64% could be induced to give away their passwords in exchange for a bar of chocolate and a nice smile. The approach was just a bit subtle, but didnât really take too much effort. Researchers simply asked people if they knew what the most common password was and then what theirs was. Only 22% of IT professionals revealed their password at this point compared to 40% of the commuters. But then the researchers would ask if it was based on a child, pet, football team or whatever, and would have a guess at what it might be. This time, a further 42% of IT professionals and 22% of commuters fell for it. Perhaps we shouldnât be too surprised at the ease with which people were prepared to do something that they would never even contemplate if they thought a bit about it. The latest Information Security Breaches Survey - http://www.pwc.com/uk/eng/ins-sol/publ/pwc_dti-fullsurveyresults_execsum06.pdf - carried out by consultant PriceWaterhouseCoopers for the Department of Trade & Industry, shows that a quarter of companies donât carry out any background checks when recruiting staff, and one in eight does nothing to educate staff about their security responsibilities. Small wonder then that the majority of corporate fraud is committed by trusted senior managers â people to whom you probably wouldnât hesitate to give a password if asked. According to âProfile of a Fraudster 2007â, a survey by KPMG Forensics - http://www.kpmg.co.uk/pubs/ACF23E1.pdf - senior management and board members represent 60% of all fraudsters. âThis result highlights a risk that every company faces,â the report concludes: âExecutives are entrusted with sensitive company information and yet are also often in a position to override internal controlsâ. If the risk is bad now, how much greater is it going to become as companies embrace social media? A final piece of research, by content security specialist Clearswift - http://www.clearswift.com/news/item.aspx?ID=1162 - suggests that almost half of businesses have no idea whether they have lost confidential information via social media outlets, and that nearly a fifth of IT and business decision makers donât have a policy governing appropriate internet use, including social media sites. And when management does finally get wise to the risks, thereâs a danger of over-reaction. Over 40% of organisations currently either discourage or actually forbid blogging.About this article
- Blog post title: Two-thirds give password for chocolate
- Link to this page
- View printable version
What's new at Jinfo?
The AI agents are coming!
Community session
16th July 2024
GenAI in the news, access to private company data evolves and suppliers are getting to grips with AI
Blog posting
5th June 2024
Preqin's for sale. If you're a client, do this now
YouTube video
20th June 2024
- Jinfo Community session (TBC) (Community) 25th September 2024
- The AI agents are coming! (Community) 16th July 2024
- US private company data – what’s new? (Community) 18th June 2024
Learn more about the Jinfo Subscription