Business Continuity Tip of the Month

Open sesame (part 2)

In a previous tip we discussed how hackers exploit weak passwords to gain unauthorised access to IT systems.

The common perception of a hacker is someone outside your organisation gaining access via the network, most likely the Internet. However most “hackers” are not strangers working from the outside. In fact, 80% of hacking comes from within, carried out by employees or ex-employees.

The following are just a few of the ways in which many organisations unwittingly help internal hackers to do their dirty work :

  • Passwords set to “never expire”, so they never get changed.
  • Users choosing names of family members or pets as their passwords. Most of these aren’t very difficult to guess if you know the person.
  • Users writing down passwords that are difficult to remember.
  • Users leaving their terminals logged in but unattended.
  • Poor staff termination procedures, which allow ex-employees to access systems after their employment has ended.

If any of these practices are prevalent in your organisation you are at risk. Tightening up your procedures will go a long way to improving the security of your systems.

So don’t just concentrate on the external threats. Have a look around inside too, and consider the enemy within.

 


Subscribe

Did you know that Acumen’s Consultancy Director, Andy Osborne, publishes an expert tip each month for people with an interest in developing a business continuity capability?

Why not subscribe now and have Andy’s ‘Tip of the Month’ delivered to your inbox.

Andy also writes the occasional blog, which is somewhat more light-hearted, but with a serious business continuity message. Subscribe to ‘Oz’s Blog’ instead and receive an email notification when Andy posts a blog, in addition to the Tip of the Month emails.

 

Please note that by submitting this form you are opting in to allow us to use your information to contact you and to store and handle your information as per our Privacy Policy