A good reminder for employers about maintaining cybersecurity comes from a recent Washington Post article (“This is why the government keeps getting hacked” by Jeffrey Neal) about the breach at the Office of Personnel Management. Sometimes the simplest things can cause huge problems . . .
The lock on the door is irrelevant if users of a system fail to close the door. For example, agencies are mandating use of smart cards and a Personnel Identification Number (PIN). But what happens when someone cannot remember the PIN? Too often the PIN is written on a Post-it note or piece of tape on the card. All it takes is one card with a PIN written on the back to given an intruder access to a system. The problem is even worse for agencies who still have user IDs and passwords. How many people have passwords “hidden” under a desk pad, keyboard or in a drawer where, of course, no one will ever find them? And how many people are disciplined for that offense? I’ve never seen an employee disciplined for what is, in effect, blowing a hole in the agency’s security efforts. We have to start holding everyone accountable for behavior that weakens security.
Does this sound like your workplace? I suspect it does.