Open sesame (part 2)
In a previous tip we discussed how hackers exploit weak passwords to gain unauthorised access to IT systems.
The common perception of a hacker is someone outside your organisation gaining access via the network, most likely the Internet. However most “hackers” are not strangers working from the outside. In fact, 80% of hacking comes from within, carried out by employees or ex-employees.
The following are just a few of the ways in which many organisations unwittingly help internal hackers to do their dirty work :
- Passwords set to “never expire”, so they never get changed.
- Users choosing names of family members or pets as their passwords. Most of these aren’t very difficult to guess if you know the person.
- Users writing down passwords that are difficult to remember.
- Users leaving their terminals logged in but unattended.
- Poor staff termination procedures, which allow ex-employees to access systems after their employment has ended.
If any of these practices are prevalent in your organisation you are at risk. Tightening up your procedures will go a long way to improving the security of your systems.
So don’t just concentrate on the external threats. Have a look around inside too, and consider the enemy within.