Slashdot Mirror

← Back to Stories (view on slashdot.org)

Humans Continue To Be "Weak Link" In Data Security

Posted by CmdrTaco on from the handcuffs-please dept.

ChiefMonkeyGrinder writes "Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen, new research has found. Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software."

6 of 117 comments (clear)

  1. Security Failings by Y2KDragon · · Score: 5, Insightful

    Strong password requirements are a big part of the problem. We can teach people how to make more complicated passwords. But the draconian policies set by some sites makes it almost impossible to maintain any degree of security. Make the password requirement difficult enough, and people HAVE to write it down and keep it in an insecure location just to make it usable.

    1. Re:Security Failings by L4t3r4lu5 · · Score: 5, Insightful

      Make it long, make it simple.

      Passphrases are the way forward. Ih4t3MSoft may well satisfy Microsoft's Secure Password policy of 7 characters, one upper, one lower case, one non-alphabetical. However, it's nowhere near as secure (from a brute-force perspective) as ihaterubbishmicrosoftsoftware.

      N.B. Not Anti-MS trolling, just picking phrases as they come to mind.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    2. Re:Security Failings by Aceticon · · Score: 5, Insightful

      Draconian IT Security policies that end up achieving the opposite effect are caused by the same underlying problems as the theatrical Security that's currently done in most airports:

      • If a Well-Balanced Security policy is in place and Something Bad happens, they blame the Security guys. If a Draconian Security policy is in place and Something Bad happens they can blame the person that "went around the security" (i.e. wrote a password in a piece of paper)
      • When a new widget/software is proclaimed as the next silver bullet, if Security gets it and Something Bad happens, they're the ones blames, if they do get it, then they can blame the widget/software
      • The guy that prevented thousands of Bad Somethings never got promoted to management, since Nothing Happened. They guys that get promotions are the ones that make an Heroic Recover when Something Bad happens
      • Billions of man-hours wasted can easilly be ignored when spread over many people as many small hassles.

      The blame here is in Management - rewards and punishement are distributed on the basis of easilly observable artifacts of The Work instead of looking at the hard to define and hard to measure Results.

      This problem is very common in all kinds of professions and in most countries ...

  2. Ponemon by tepples · · Score: 5, Funny

    the Ponemon Institute

    Laptops: gotta steal 'em all.

  3. Encryption and you by Kaldesh · · Score: 5, Insightful

    I really fail to see why so many of these companies fail to use common sense. The first thing we do as an IT staff in my organization with laptops is encrypt them. Use something like Truecrypt, enable full drive encryption and set a good password. Laptop gets stolen? You're out the cost of the physical hardware that was taken from you... but the data that was on the machine? You can rest easy that you took every precaution you could to keep it safe. Of course, I work in the health care field so, any laptops, tablets, netbooks etc that have any ePHI (Electronic Protected Health Information), have to be secured. We just take our security practices a step further and do it to all of them. Which is worse? Having your users gripe a bit about an extra password? Or having data stolen? It's saved us once already as a laptop was stolen last year on a business trip.

  4. Yes by rolando2424 · · Score: 5, Funny

    Skynet

    --
    Okay seriously I've just run out of pointless things to say.