Why You Shouldn't Trust Your Users

Why You Shouldn't Trust Your Users

According to a famous experiment, many users are willing to sell out your corporate security safeguards in exchange for a chocolate bar

Is your network secure enough to fight off chocolate? The short answer: probably not.

Even with all of the security-related news in recent years, Infosecurity Europe's now famous experiment (it just completed the sixth one) shows people are still willing to divulge questions about corporate security in exchange for a chocolate bar.

Here are four things you can do to minimize the security risks from your users:

First, educate, educate, educate. There is no substitute for informed workers, and telling them once a year won't be enough.

Second, make them sign an agreement that has some teeth. Something along the lines of, "If it is found that I have jeopardized corporate security through my stupidity I understand that I will be thrown out on my ear" (human resources may want to fine tune the wording).

Third, reduce or even remove your reliance on user names and passwords as access controls. Fingerprint readers and swipe cards in addition to or instead of account names and passwords will provide insulation against users revealing their account details to a third party.

Fourth, warn your users about strangers with candy.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments