Slashdot Mirror

← Back to Stories (view on slashdot.org)

Humans Continue To Be "Weak Link" In Data Security

Posted by CmdrTaco on from the handcuffs-please dept.

ChiefMonkeyGrinder writes "Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen, new research has found. Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software."

4 of 117 comments (clear)

  1. Not a great thing. by FlyingBishop · · Score: 3, Informative

    None of the IT workers recorded their password on a private document, but three percent did admit to sharing their key with other people.

    You keep your password on a private document in your pocket, you can use a stronger password, and it's a lot harder to lose both your laptop and your password.

    If you do lose one, it's easy to take steps to blacklist the other. You can even use some trivial obfuscation in recording the password so that even if someone gets it, they won't be able to figure out your password.

    Example:


    awfuieri3v
    4u9388535v
    v9tv379vn7
    mc20884v05

    That's just gibberish, but I could easily write that matrix down on a piece of paper, and then pick a path to take through it(it doesn't even have to be a complicated one, for example I could just use columns 2, 4, and 6) and there's not really much chance that someone's going to find my password. Of course there are even better examples where it's not even obvious that you're looking at a password matrix.

  2. Re:Maybe they should tie them to thier wrists by Elky+Elk · · Score: 3, Informative

    In the summary it states 9/10 know of a laptop in their organisation being lost. The organisations in question could have thousands or tens of thousands of laptops.

  3. Re:Maybe they should tie them to thier wrists by bkr1_2k · · Score: 3, Informative

    It doesn't say 9 out of 10 lost or stolen. It says 9 out of 10 people reported that a piece of equipment has been lost or stolen within their organization. There's a big difference between those two statements.

    Of course the issue still remains, people are always going to be the weakest security link. This should come as no surprise to anyone. It has always been that way, and always will be.

    --
    "Growing old is inevitable; growing up is optional."
  4. Re:Security Failings by buruonbrails · · Score: 3, Informative

    It's because people tend to think of their passwords as words, not phrases. It's much easier to remember a simple pass phrase (e.g. "Quick_brown_fox"), than a shorter, but completely senseless random symbol combination (e.g. "gsf12mU&*").