Business Continuity Tip of the Month

Open sesame (part 2)

In a previous tip we discussed how hackers exploit weak passwords to gain unauthorised access to IT systems.

The common perception of a hacker is someone outside your organisation gaining access via the network, most likely the Internet. However most “hackers” are not strangers working from the outside. In fact, 80% of hacking comes from within, carried out by employees or ex-employees.

The following are just a few of the ways in which many organisations unwittingly help internal hackers to do their dirty work :

  • Passwords set to “never expire”, so they never get changed.
  • Users choosing names of family members or pets as their passwords. Most of these aren’t very difficult to guess if you know the person.
  • Users writing down passwords that are difficult to remember.
  • Users leaving their terminals logged in but unattended.
  • Poor staff termination procedures, which allow ex-employees to access systems after their employment has ended.

If any of these practices are prevalent in your organisation you are at risk. Tightening up your procedures will go a long way to improving the security of your systems.

So don’t just concentrate on the external threats. Have a look around inside too, and consider the enemy within.