Let’s start with a small confession: I used to be a real ignorant when it comes to everything related to data security, passwords, permissions, sharing information on the internet, etc. Probably, still all these issues I could pursue with even greater care but it looks really reasonable now when I look back and compare my current state of knowledge and awareness of threats with that lack of interests and all those bad habits from the previous years. I don’t want to justify myself (or maybe a little), rather it’s one of those thousands situations that confirms an old truth that the example comes from the top.
Monday. Somewhere between a morning espresso and another cold brew coffee. Little brainstorm in our marketing office about how to increase the number of our company LinkedIn profile observers. Going through my account’s settings I found out that I still had access to several LinkedIn profiles belonging to different companies (and clients!) I used to work with a few years ago. Thank God I’m so nice and harmless – first thought appeared. The second one was that I have to share this fact with someone. That’s why you are reading this text right now.
Why I’m actually telling you that? Because I was thinking about it a lot analyzing other similar situations confirming the lack of taking care of cybersecurity – ours, our clients’, our employees’…So that I have realized that the ignorance really annoys me – and what’s even worse – that this disease is extremely contagious. Despite years of work for clients and with a large amount of different data I was not taught to take care of that properly. There were always more important tasks and challenges around. Well, most of people (even those who manage their own business) don’t really care about it, so why should I…? BANG! And that’s how the virus called ignorance is spreading among us…
Password sharing is a nightmare. Many times I’ve been getting a super secret password via SMS or Messenger. Or it was just clearly visible to everyone wrote down on a piece of paper and stuck to the monitor (and it wasn’t only the WIFI password). Those passwords were usually the strong ones (no “password” password or “1234”) but so what if people use the same password everywhere – both privately and at work. They even have their passwords’ list on desktop, next to the company e-mail icon…or wrote them down in a notebook that they can easily lose somewhere. Another thing is that the employees come and go, and what is not uncommon their access and permissions often go with them. According to Osterman Research, 49% of employees use their mailbox after leaving the company. Some companies just don’t care about it. Saying “goodbye” to employee they take back all the company devices and that’s it. But sometimes it’s even worse. I have always been wondering about the companies in which the employee is a main (or the only one) treasure trove of all the passwords and access knowledge. And when he’s leaving the office the whole knowledge disappears. I’ve had few phone calls asking me for a random access or password. Have you?
We should start education from level zero. That’s great if the company enforces changing the password to the device once a month. But so what if the employee will always write in down on the piece of paper putting it on the laptop? The basic issue is the employer’s awareness that the risk exists. The principle of a limited trust is useful not only in everyday life but in business as well. So if you know what can happen without proper care just be like a good, educating father – share your knowledge with your employees, first explain then demand. All so that they don’t have to wonder why after years they still have some archive access. Don’t provoke their imagination about what they can do with that.