Sharing Log-In Details Presents a Security Threat
It seems that far too many information workers still don't fully understand the importance of keeping their log-in details confidential. In a recent study of 2,000 white-collar employees in the United States and the United Kingdom, security software vendor IS Decisions found that alarming numbers of workers don't believe their log-in details represent a security threat. What's worse, an even greater percentage of managers feel the same way. IS Decisions' report, "From Brutus to Snowden: A Study of Insider Threat Personas," also found that age is a significant determining factor, with younger workers being much more likely to share log-ins and passwords than their older colleagues. The findings serve as a reminder to IT security teams that understanding the behavior of their own users should be one of their most important jobs. "The recurrent theme is lack of education," said IS Decisions CEO François Amigorena. "This highlights the need for a tailored approach to tackling internal security that addresses everyone in an organization, from top to bottom." The company recommends some steps for dealing with this challenge, including making employees more familiar with security policies, restricting concurrent access and instituting harsher punishments for offenders. There's also one tongue-in-cheek piece of advice: Passwords are like underwear. They should be changed often, not shared with friends, kept as mysterious as possible and not left lying around.