Office workers give away passwords for a cheap pen
By John Leyden
Posted: 17/04/2003 at 17:01 GMT
Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific
- but still illuminating - survey published today.
The second annual survey into office scruples, conducted by the people organising this month's
InfoSecurity Europe 2003 conference, found that office workers have learnt very little about IT security in
the past year.
If anything, people are even more lax about security than they were a year ago, the survey found.
Nine in ten (90 per cent) of office workers at London's Waterloo Station gave away their computer
password for a cheap pen, compared with 65 per cent last year.
Men were slightly more likely to reveal their password with 95 per cent of blokes, compared to 85 per cent
of women quizzed, prepared to hand over their password on request.
The survey also found the majority of workers (80 per cent) would take confidential information with them
when they change jobs and would not keep salary details confidential if they came across them.
If workers came across a file containing everyone's salary details, 75 per cent of workers thought they
would be unable to resist looking at it, again up from 61 per cent in 2002. A further 38 per cent said they
would also pass the information around the office.
Naughty.
The survey was undertaken by the organisers of Infosecurity Europe 2003 in a quest to find out how
security conscious workers are with company information stored on computers.
Workers were asked a series of questions which included: What is your password? Three in four (75 per
cent) of people immediately gave their password.
If they initially refused they were asked which category their password fell into and then asked a further
question to find out the password.
A further 15 percent were then prepared to give over their passwords, after the most rudimentary of social
engineering tricks were applied.
One interviewee said, "I am the CEO, I will not give you my password it could compromise my company's
information".
A good start, but then the company boss blew it. He later said that his password was his daughter's
name.
What is your daughters name the interviewer cheekily asked.
He replied without thinking: "Tasmin".
D'oh.
Of the 152 office workers surveyed many explained the origin of their passwords.
The most common password was "password" (12 per cent) and the most popular category was their own
name (16 per cent) followed by their football team (11 per cent) and date of birth (8 per cent).
Two thirds of workers have given their password to a colleague (the same as last year) and three quarters
knew their co-workers passwords.
In addition to using their password to gain access to their company information two thirds of workers use
the same password for everything, including their personal banking, Web site access, etc.
This makes them more vulnerable to financial fraud, personal data loss or even identity theft, the
InfoSecurity team point out.
Meanwhile two thirds of workers admitted they had emailed colleagues illicit, unsavoury pictures or "dirty
jokes", up slightly from 62 per cent in 2002. Men were twice as likely to indulge in this activity with 91 per
cent of men sending unsavoury emails compared to only 40 per cent of women.
InfoSecurity's organisers say this behaviour could expose their employer to expensive litigation for sexual
discrimination, low morale and even be viewed as allowing bullying.
Tamar Beck, Director of InfoSecurity Europe 2003, said: "Employees are sometimes just naïve, poorly
trained or are not made aware of the security risk. Employers therefore need to create a culture of
protecting their information and reputation with policies on information security backed up with training to
support the security technology".
---
* Origin: [adminz] tech, security, support (192.168.0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:32
search: