It never ceases to amaze us the extent to which companies will go to protect their office complex, yet pay no attention to protecting their company’s information. A state-of-the-art security system won’t matter much if a hacker gets hold of an employee’s password. An even more likely scenario is when a disgruntled employee knows your password and uses it to gain access to sensitive information above their pay… or even worse, to destroy it. This is much more likely to happen if you take a laissez-faire approach to creating and protecting systems passwords.
More often than not, management is not aware of the extent to which they’re exposed without an enforceable password policy. “We don’t have anything anyone would want to steal,” we’re often told; “I need her password to access her files if she’s out”; or “he’s no longer with our firm but we’re still getting customers’ email in his mailbox, so we check it regularly with his password.” There is no question those reasons are valid, but they only amplify the awful sound of the proverbial ticking bomb.
Ironically, an enforceable password policy requires next to no budget when contrasted against the huge potential savings it provides to your bottom line and your company’s reputation. Our use of the word “enforceable” is intentional. Sure, it’s good to have a piece of paper outlining how passwords are to be handled and making all employees read the policy and sign that they’ve read it. It’s been our experience, however, that password policies should be enforced by your IT systems, otherwise adherence to these policies will be “hit and miss,” leaving your firm exposed to the inevitable losses of time, money and reputation.
Every authorized individual that accesses your firm’s IT assets should protect their passwords like they would any other valuable personal asset. And your IT systems should help them with an enforceable password policy. Circumstances can turn an employee against your firm… perhaps not any of your current employees, but what about the next hire? It’s something to seriously consider.