The Privacy Commissioner Canada has recently released some tips for mitigating risk to businesses involving passwords. One main problem is that individuals use the same password for multiple accounts – this puts them at a much higher risk of experiencing a breach.
When an organization gives one of their human resources a task, how often is a risk assessment done? The answer is: it depends. When firefighters are asked to enter a burning building, the person in charge first assesses the risk to his people. When the engineers at the Japanese nuclear plant had to re-enter the facility to prevent a meltdown, a risk assessment was also completed before that. However, when most organizations fly their sales guy to South Africa, or get the young clerk at the gas station to close up the shop at night, rarely do they consider all the risks.
I'm sure this news will come as a relief to many computer and Internet users out there: a recent study by a researcher at Microsoft has found that many IT security measures—those things we love to hate like having to change passwords every three months or having individual passwords for a dozen different work accounts—simply don't provide good value for the time and effort they involve, not to mention the bad habits they often cause!
Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.