Humans Continue To Be "Weak Link" In Data Security - Slashdot

Slashdot

Humans Continue To Be "Weak Link" In Data Security 117

Posted by CmdrTaco on Monday March 15 2010, @08:46AM
from the handcuffs-please dept.

ChiefMonkeyGrinder writes "Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen, new research has found. Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software."

This discussion has been archived. No new comments can be posted.

Humans Continue To Be "Weak Link" In Data Security

Search 117 Comments Log In/Create an Account

Comments Filter:

Usernames in browsers (Score:4, Interesting)

by Sigma 7 (266129) writes: on Monday March 15 2010, @08:53AM (#31480730)

I noticed that browsers have a neat habit of storing userames that you've used on various sites, and help pre-fill the username field with that information.
It would be much more helpful if those usernames didn't bleed across servers; it would really cut down on potential exploits, and helps me remember which one of my usernames for a given site is correct (especially before I crack open the encrypted volume to lookup the real username/password combo.)

Share
twitter facebook
Human is the weak link in anything (Score:5, Interesting)

by Opportunist (166417) writes: on Monday March 15 2010, @08:59AM (#31480778)

Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error. Why we let these insecure parts remain a critical part in anything is beyond me.

Share
twitter facebook
Re:Encrypt your sh*t. Or you aren't a professional (Score:2, Interesting)

by FlyingBishop (1293238) writes: on Monday March 15 2010, @08:59AM (#31480786)

Like what? The code for the project I'm working on? Or are you suggesting I encrypt my entire production database that I can access over a VPN from my notebook?
If you have shit on your laptop that needs encryption, you aren't a professional.

Parent Share
twitter facebook
Re:Security Failings (Score:4, Interesting)

by somersault (912633) writes: on Monday March 15 2010, @09:07AM (#31480856) Homepage Journal

Then have them store it in a more "secure" location like in their wallet or their keyring. Some people can't even look after those adequately of course.. but at least you'll know if you've lost them that you should change your passwords.

Parent Share
twitter facebook
Re:Encrypt your sh*t. Or you aren't a professional (Score:5, Interesting)

by c0mpliant (1516433) writes: on Monday March 15 2010, @09:13AM (#31480916)

Can't agree more. Encryption is such a basic and fundamental requirement that if you're security team isn't working on a way to encrypt your data now, they should have it already done.

A question that should be asked more though that it currently is, is why do you need this data on easily stolen device. For example, why do customer records need to be on a laptop, why is this confidential document on a USB stick?
In my work place, no one can transfer anything off our internal network via data transfer. USB sticks will not be detected by machines. There are no open ethernet cables so if you try to connect a laptop to the cable running into your machine, it wont work. If anyone wants anything taken from the network, they need to raise a request and then if its granted, they will get the data encrypted and placed on a USB stick or laptop of their choice. We have a record of where things were taken from, when they were, requested by whom, authorised by whom. Users may find it slightly inconvenient but our data is secure, controlled and even in the event on a lost laptop or USB stick, we know that its encrypted to a high standard

Parent Share
twitter facebook
Re:Security Failings (Score:5, Interesting)

by bickerdyke (670000) writes: on Monday March 15 2010, @09:33AM (#31481114)

If IT departments really would care about password security, and insist on complex passwords AND not writing them down, they should start treating a forgotten password as something normal, and not a chance to ridicule that poor guy who forgot it again.
Whats worse for security? Resetting that poor guys password twice a week or have him trying to avoid is by using a post it under his keyboard?

Parent Share
twitter facebook
Re:Hmmm ... (Score:4, Interesting)

by The_Wilschon (782534) writes: on Monday March 15 2010, @09:55AM (#31481352) Homepage

Better if you could remove data mobility from the equation. If somebody leaves their laptop in an unlocked office or a box of hard disks in the back seat of their car, it's quite likely to get stolen. So, knowing that that sort of thing will happen, it seems to make sense to force all sensitive data to be stored on physically and cyberly(just woke up, can't think of the proper word here, nurrrr) secured file servers.

Parent Share
twitter facebook
Re:Not a great thing. (Score:2, Interesting)

by NonUniqueNickname (1459477) writes: on Monday March 15 2010, @11:05AM (#31482172)

We could try to figure out your "secret path" through the matrix and try to finesse a solution. OR we could cat | sort | uniq your matrix, find your reduced charset (02345789acefimnrtuvw - only 21 characters) and brute force it.
Get a longer password. Get a bigger matrix with more noise.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

473 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

[A computer is] like an Old Testament god, with a lot of rules and no mercy. -- Joseph Campbell