25 Sep 2011

4 security mistakes users will make, and how to limit damage

Security isn’t only about prevention and monitoring – it also depends on user behaviour.

Here are some security mistakes your users will inevitably make, and how to limit the damage:

1. Using the same password across multiple logins

From eBay to Facebook, the explosion in account-based web services means that email address/password combinations are usually good for more than just one site.

While having separate passwords across sites is a good practice to encourage users to adhere to, it’s also one they’re unlikely to follow.

Instead, focus on ensuring that users have separate passwords at work. At the same time, discourage the use of company email addresses on third-party personal services.

2. Giving their password away

Many people are still happy to share passwords with colleagues, leave them stuck on post-its, or walk away from machines that are logged in.

With a high percentage of security attacks coming from disgruntled employees, shared passwords are a real danger because they make it difficult to lock people out of your systems.

To limit the chance of users sharing passwords, make sure that your permissions and roles are up-to-date and easy to change (from the user’s point of view). Consider providing a phrase-based password generator, so that users can create complex but easy to recall passwords.

3. Losing their devices

900 laptops go missing at London Heathrow Airport every week. Add smartphones to the equation, and it would be remarkable if your users didn’t lose one or more devices authorised to connect to your network.

Thankfully, there are solutions to limit your exposure. At minimum, consider some form of encryption (many versions of Windows 7 and Vista have Bitlocker Drive Encryption built in). You should also consider remote-wipe capabilities, in addition to ensuring that your systems will reject a stolen device should a thief try to connect it.

4. Connecting to shared wireless

Users with laptops will inevitably connect them to insecure wireless networks at some point, opening the door to traffic interception and network attacks. While virtual private networking can limit exposure, the best way to avoid this situation is by providing your own secure wireless service through 3G.

Stephen Sims is General Manager Sales and Marketing, Brennan IT