I’m sure many of you have already seen the “worst passwords of 2017” list. You may even be wondering how so many people could be so dumb, but I want you to look at it another way.
I’m a technology professional, and I have accounts online that use the same password, or what many might consider to be a very simple password. I don’t do that because I want to blatantly disregard everything I’ve been taught over the years, it’s because those accounts are accounts I don’t care about. Maybe I ordered flowers for Mother’s Day and had to setup an account, didn’t have it save my credit card and don’t really know if I’ll ever use it again, or a blog that I wanted to leave a comment on that required an “account” to do so. In essence, accounts that, if they were hacked, who cares? The damage done to me would be minimal at worst, more likely it would be non-existent. It’s easy to be lackadaisical about security when there’s very little risk involved for myself.
The people who use these lax passwords at work are the ones who simply don’t care if their account gets hacked. There’s not really a personal risk to them. It’s more like “Oh the company I work for might be in trouble or embarrassed by it? Oh well.”
When someone disregards everything we have taught them about password use, they are sending the message that their convenience is more important than the data or systems those passwords are supposed to protect. So the key to better employee security may not be ever more education, it may be giving them a reason to care.
What would you do to get them to care?
Follow these topics: Tech