Business Continuity Tip of the Month

Open sesame (part 2)

In a previous tip we discussed how hackers exploit weak passwords to gain unauthorised access to IT systems.

The common perception of a hacker is someone outside your organisation gaining access via the network, most likely the Internet. However most “hackers” are not strangers working from the outside. In fact, 80% of hacking comes from within, carried out by employees or ex-employees.

The following are just a few of the ways in which many organisations unwittingly help internal hackers to do their dirty work :

  • Passwords set to “never expire”, so they never get changed.
  • Users choosing names of family members or pets as their passwords. Most of these aren’t very difficult to guess if you know the person.
  • Users writing down passwords that are difficult to remember.
  • Users leaving their terminals logged in but unattended.
  • Poor staff termination procedures, which allow ex-employees to access systems after their employment has ended.

If any of these practices are prevalent in your organisation you are at risk. Tightening up your procedures will go a long way to improving the security of your systems.

So don’t just concentrate on the external threats. Have a look around inside too, and consider the enemy within.



Why not subscribe now and have Oz’s Business Continuity Blog and/or Andy’s Tip of the Month delivered to your inbox?

(Note : subscribing to Oz’s Blog includes Tips of the Month. Select ‘Tip of the Month’ if you only want to receive the tips without Oz’s Blogs).


Subscribe me to:

Please note that by submitting this form you are opting in to allow us to use your information to contact you and to store and handle your information as per our Privacy Policy