Wednesday, August 15, 2007
How safe is your data at the IRS?
The Treasury Department's Inspector General set out to find out how security-conscious IRS employees are.
They phoned 102 IRS employees and pretended to be from the help desk. They asked the employees to change their passwords to one that they supplied. A real attacker would then have had all the access the employee had -- controlling someone's password is as good as knowing it.
61 employees complied with a request from a stranger to change their passwords according to the stranger's instructions.
The IRS has been running security awareness programs, too. I bet you'd see similar numbers in most organizations.
More info at Network World's article about the IRS security problems.
|
They phoned 102 IRS employees and pretended to be from the help desk. They asked the employees to change their passwords to one that they supplied. A real attacker would then have had all the access the employee had -- controlling someone's password is as good as knowing it.
61 employees complied with a request from a stranger to change their passwords according to the stranger's instructions.
The IRS has been running security awareness programs, too. I bet you'd see similar numbers in most organizations.
More info at Network World's article about the IRS security problems.
# posted by Frederick @ 10:08 PM Email to a friend:
Haloscan: they provide trackback