Usually when passwords get stolen it’s through remote access. That’s what makes today's example so bizarre (it’s an oldie but a goodie).
Thieves busted into an unalarmed office at the University of Victoria and stole computer towers. That equipment contained unencrypted banking and insurance information for nearly 12,000 current and former staff.
Wait, what? The building wasn’t alarmed. The files were unencrypted. Did they take any security measures at all? Because of this oversight, nearly 12,000 people had to spend a day phoning their banks to make sure their money is safe and their identity isn’t stolen. What a risk and a waste of time.
Hindsight is always 20/20. We can wag a finger at them, but many of us have the same practices right now in our own businesses.
Do a mental tally. Do you know which staff members have usernames and passwords to sensitive company files? Is there anyone who left or was laid off that might still have access? Do you write your passwords down in a notebook or use lame ones like “password” or “12345”? If so, your information is no safer than our friends over at the University of Victoria.
Take a minute to review your password and access policies. Consider how you audit who has access, when, where and why. And then decide how you would gather that information when you need to investigate. Do you have an irrefutable audit trail and control of who accesses what? You need a snapshot of your risk profile, and the confidence in knowing you have complete oversight of access to the most sensitive information in your business. Get all this with our AuthAnvil Password Server.
If you don’t have the confidence of full oversight now, let's talk. We can help.
Comments