I often say that your information security practices are only as strong as the weakest element, which in some/many cases is the human. The reason I am writing this is due to an article just read titled: “Exclusive: Snowden Swiped Password from NSA Coworker”. While it is an interesting story, it is not a one-of by any stretch of the imagination. It does however, reinforce the need for companies to continually improve how they monitor their systems and employees.
Thee article presents a scenario where Snowden asked a coworker to enter his password onto Snowden’s computer, which he allegedly did. This allowed Snowden to capture the password and thus use it to access protected information. While I do not have firsthand knowledge of this situation, I do find it to be possible and probable. I have been made aware of situations in companies where I have worked, that as a friend, one person logged in for another or even gave the credentials to the friend so that friend could do an "urgent task".
In my view, security is a team sport and part of the team effort is the players need training and coaching, and the coaches need to monitor the players and ensure they are doing as trained. Infractions of the rules will cause severe damage to the organization and in some cases, individuals.
Every company has security policies of some sort. Many have ways to monitor and detect unauthorized attempts to access information, but it is still the human factor that is the weakest link. Perhaps it is now time to take the approach that fingerprints and retina scans are required to access certain information. I am not sure why this was not the case with the Snowden incident, but if we are to ensure protection and strengthen our practices, perhaps this level of security is warranted. I leave that discussion, to you.
What say you? Do you have a story to tell? What are your thoughts on this topic? Do you have a topic of interest you would like discussed in this forum? Let me know. If you are looking for some great research information from our industry, feel free to visit our research site and download some of our Industry Watch Reports today at www.aiim.org/research
Bob Larrivee, Director of Custom Research – AIIM
Email me: blarrivee@aiim.org
Follow me on Twitter – BobLarrivee
www.aiim.org/training
I will be speaking and teaching at the following events:
• 2014 AIIM Conference, April 1-3, 2014 in Orlando, FL
• Fusion 2014, May 5-8, 2014 in Dallas, TX
• NIRMA 2014, August 10-13, 2014 in Las Vegas, NV
#InformationGovernance