Feeds

Office workers give away passwords for a cheap pen

Security? What's that?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific - but still illuminating - survey published today.

The second annual survey into office scruples, conducted by the people organising this month's InfoSecurity Europe 2003 conference, found that office workers have learnt very little about IT security in the past year.

If anything, people are even more lax about security than they were a year ago, the survey found.

Ninety per cent of office workers at London's Waterloo Station gave away their computer password for a cheap pen, compared with 65 per cent last year.

Men were slightly more likely to reveal their password with 95 per cent of blokes, compared to 85 per cent of women quizzed, prepared to hand over their password on request.

The survey also found the majority of workers (80 per cent) would take confidential information with them when they change jobs and would not keep salary details confidential if they came across them.

If workers came across a file containing everyone's salary details, 75 per cent of workers thought they would be unable to resist looking at it, again up from 61 per cent in 2002. A further 38 per cent said they would also pass the information around the office.

Naughty.

Social engineering

The survey was undertaken by the organisers of Infosecurity Europe 2003 in a quest to find out how security conscious workers are with company information stored on computers.

Workers were asked a series of questions which included: What is your password? Three in four (75 per cent) of people immediately gave their password.

If they initially refused they were asked which category their password fell into and then asked a further question to find out the password.

Another 15 per cent were then prepared to give over their passwords, after the most rudimentary of social engineering tricks were applied.

One interviewee said, "I am the CEO, I will not give you my password - it could compromise my company's information".

A good start, but then the company boss blew it. He later said that his password was his daughter's name.

What is your daughters name, the interviewer cheekily asked.

He replied without thinking: "Tasmin".

D'oh.

Unsavoury emails

Of the 152 office workers surveyed many explained the origin of their passwords.

The most common password was "password" (12 per cent) and the most popular category was their own name (16 per cent) followed by their football team (11 per cent) and date of birth (8 per cent).

Two thirds of workers have given their password to a colleague (the same as last year) and three quarters knew their co-workers passwords.

In addition to using their password to gain access to their company information two thirds of workers use the same password for everything, including their personal banking, website access, etc.

This makes them more vulnerable to financial fraud, personal data loss or even identity theft, the InfoSecurity team notes.

Meanwhile, two thirds of workers admitted they had emailed colleagues illicit, unsavoury pictures or "dirty jokes", up slightly from 62 per cent in 2002. Men were twice as likely to indulge in this activity, with 91 per cent of men sending unsavoury emails, compared to only 40 per cent of women.

InfoSecurity's organisers say this behaviour could expose their employer to expensive litigation for sexual discrimination, low morale and might even be viewed as allowing bullying.

Tamar Beck, Director of InfoSecurity Europe 2003, said: "Employees are sometimes just naïve, poorly trained or are not made aware of the security risk. Employers therefore need to create a culture of protecting their information and reputation with policies on information security backed up with training to support the security technology". ®

Related stories

Small.biz crap at security (redux)
BOFH: How dangerous are your users?
Would you trade your password for chocolate?
Brits are crap at password security
Passwords are passport to theft
Is password-lending a cybercrime?

Beginner's guide to SSL certificates

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?