Passwords are only useful if they are kept secret. That sounds obvious but we are still finding users who tape their passwords to the computer or "hide" them in an unlocked desk drawer.

Laptop and desktop computers represent the single greatest risk to the computer systems and customer private information of most organizations. A stolen or lost laptop is a gold mine for an identity thief. Laptops and desktops hold all kinds of private information (often including the access rights and certificates necessary for a hack to get onto the rest of the network).

In order to mitigate the risk, many organizations have encrypted their computers – scrambled the content so that, in theory, if a computer is stolen, the thief gets away with a $2000 doorstop. Unfortunately, that encryption is often completely dependent on the password. If the thief also gets away with the password, they have access to everything and all the organization’s defenses are for naught.

Make it very clear to your staff that leaving a password unprotected is a very serious violation of your security policies. If they see an unsecured password, have them report it immediately to their manager or supervisor.

Leave a Reply