Passwords, ain’t you sick of them! They are so inconvenient. You have so many to remember and you are forced to change them at the most inopportune moment. They are getting longer and more sophisticated, with different characters and capital letters in the wrong place. Password1 is no longer enough.
We all know that we need them though, or at least some way of proving that we have the right to enter the requested software or device. They are the locks on our doors and windows and as cyber crime becomes more and more sophisticated then so must our defences against it.
Yet there is another very important reason why passwords are important and that is to protect us from those people already inside our organisation. Not all crime on computers is cybercrime. Most fraud is carried out using IT systems as that is the way business is carried out. Emails, invoices, purchase orders etc. are all produced on computers now and these are the fraudster’s stock in trade.
According to Bank Info Security, occupational fraud, mostly through employee theft, is a growing global problem for all public and private sector organisations. About 5% of revenue is lost to these fraudulent activities.
This means that good passwords are essential to protect you not only from an external threat but an internal one as well. According to Cleveland Police, at the recent North East Fraud Forum event, passwords can be used to prove that an individual has committed an offence. Sharing, weak, and common passwords undermine the Police’s ability to prove who has perpetrated the fraud. No proof, no case.
Fraudsters find ways to abuse weak processes and systems. A weak password policy is manna from heaven to them.
Stop worrying only about the external threat, it may be the person sitting next to you that you need to hide your password from.
Thoughts from a Guerrilla Worker 