Your company’s Chief Financial Officer may be able to quote quarterly revenue figures verbatim for the last twelve years, but when it comes to remembering his network password, he’s flummoxed. There is a misperception among some (though certainly not all) high ranking executives that the IT service desk keeps all the data secure, so there’s really no problem with having “password” as a password.
“Just wanted to let you know I fixed our little security problem. My password is now ‘Password’ with a capital P.”
Unfortunately, this misperception on the part of even one person can put extremely valuable information at risk. When the lock on an executive’s office door is the only thing standing between a committed hacker and millions of dollars worth of information, it’s time to educate higher-ups about the risks they take when they don’t take computer security seriously.
Preventable Security Breaches Still Happen Every Day
Drop in on any online forum where service desk workers swap tales, and you’ll find harrowing stories of massively valuable data that can be accessed with the username “admin” and the password “password.” Those two words in some cases grant full admin privileges. Yikes!
As just one example, in 2007, Internal Revenue Service workers readily turned over sensitive information to a fake caller pretending to be a technical support worker. It was actually a study by the Treasury Inspector General for Tax Administration trying to quantify how readily IRS workers gave up passwords. Of 102 people called (including managers), 61 gave up their usernames and changed their passwords to the password suggested by the caller. All the caller did was ask for help correcting a non-specified “computer problem” without offering any proof of actually being an IRS IT worker. Only eight of the 102 tried to validate the identity of the caller.
Computer Security Myths
One problem is that a lot of people still believe common myths about computer security, and sometimes the IT service desk worker has to disabuse people of these beliefs in order to keep company data safe. Here are some common computer security myths:
- Myth: My anti-virus software and firewall keep hackers out.
- Fact: While these things are important, they do not guarantee protection against a data security breach.
- Myth: There’s nothing important on my machine, so why bother?
- Fact: Even if there is no personal or financial information stored on your computer (which is unlikely), a hacker could access your computer and use it to attack other computers on the network.
- Myth: My computer is slow because it’s old and needs to be replaced.
- Fact: This is true sometimes, but a sudden computer slowdown often means malicious processes running in the background, indicating you may have picked up spyware or are the target of a denial of service attack.
Tactfully Educating People in Suits
Even if one of your company’s executives is doing something profoundly stupid in regard to computer security, you have to be tactful about broaching the subject. It isn’t easy to tell someone something they don’t want to hear, but you can do it in a way that makes them glad for the information once you’re done. Here are some tips:
- Diplomacy is better than aggression. “I need to schedule some time with you soon to talk about computer security” is far better than, “Some 10-year-old in Korea is probably hijacking our client database at this very moment.”
- Assertiveness is OK. “Can this wait? I’m leaving for Phoenix tomorrow,” sometimes has to be answered with, “No. I’m worried there may be a very real security issue with your computer.”
- Approach the person as a collaborator. See them as helping you solve a problem, rather than an opponent you have to school.
- Stick with the facts. Have concrete examples of how the problem can escalate and what needs to be done to prevent that.
Good Asset Management Software Can Help
Your IT asset management software can do a lot to help keep data security at your company strong. Vendors are constantly releasing patches and updates to address vulnerabilities and fix security issues, and if your IT asset management software allows you to install these updates on all affected machines, or better yet, allows automatic updates, you can minimize the chances of a security hole going unpatched.
If you choose your IT service desk software wisely, you’ll find that the top Software as a Service (SaaS) vendors constantly monitor for security violation attempts, logging and auditing data and using top scanning technologies to look for evidence of existing and new threats. Today’s best service desk solutions also help you securely manage mobile devices like smartphones and tablets that are part of your IT asset inventory.