By Daniel Hunter
A YouGov survey, commissioned by an IT training company QA, has found that women are more likely than men to fail basic security protocols for keeping their password confidential in the workplace.
Compared with their male work colleagues, women are: 26 percent more likely to write down their passwords so they don’t forget them; 40 percent more likely to share their password with friends and family; and 42 percent more likely to share passwords with a colleague.
The survey also found that men were no angels either. When it comes to being careful with their passwords almost a fifth (19 percent) of men also admit to writing them down so they don’t forget them. However, women are 29 percent more likely to be unaware whether their company has an IT security policy, than men.
The survey findings, released at Europe’s largest IT security show (Infosecurity Europe), provide a worrying backdrop to the newest cyber-security threat facing British firms today — social engineering. This is when crooks take advantage of human nature — in this instance lax attitudes towards password confidentiality — and use these to pull off a scam, steal confidential company data, or deliberately bring down the network.
Bill Walker, technical director at QA, works across commercial and Government organisations on cyber security and information assurance related issues and has been speaking recently at QA’s cyber security seminars that have been touring the country. He believes that organisations need to look inwards, not just outwards, to address the threat posed by the rapidly growing number of social engineers.
He said: “Despite the billions of dollars spent on the latest security IT, from next generation firewalls to intrusion detection systems, one of the biggest risks facing businesses comes from its staff publicising passwords and inadvertently helping the bad guys get inside. Once they’re in, they can wreak havoc often before anyone even notices.”
The stakes are high, claims Walker. The theft of high-value intellectual property, perhaps a patented formula or other innovation, could lead to a company losing its competitive advantage and, ultimately, result in commercial failure.
To help protect against this, says Walker, every member of staff must learn to take all aspects of security seriously, particularly when it comes to password confidentiality.
“This is an issue we wouldn’t have had to deal with twenty years ago, because we didn’t have so many passwords — at home and at work - to remember,” he explains. “Although password overload is a very real issue for everyone, if they’re not careful individuals risk leaving the proverbial back door to the business open, and potential access to the company crown jewels.”
Walker and his cyber-security training team regularly encourage UK businesses to adopt a holistic approach to security that merges the latest innovations in technology with a security-aware workforce.
He concludes: “Once everyone understands the role they can play within the bigger picture of keeping a business secure, the risks can be minimised and the bad guys can be kept firmly out.”
Join us on