The Privacy Commissioner Canada has recently released some tips for mitigating risk to businesses involving passwords. One main problem is that individuals use the same password for multiple accounts – this puts them at a much higher risk of experiencing a breach.
When an organization gives one of their human resources a task, how often is a risk assessment done? The answer is: it depends. When firefighters are asked to enter a burning building, the person in charge first assesses the risk to his people. When the engineers at the Japanese nuclear plant had to re-enter the facility to prevent a meltdown, a risk assessment was also completed before that. However, when most organizations fly their sales guy to South Africa, or get the young clerk at the gas station to close up the shop at night, rarely do they consider all the risks.