You thought the Salahi gate-crashing incident was bad? It’s certainly not the only case of breaches in federal government security.

The CDW-G 2009 Federal Cybersecurity Report published recently revealed a high occurrence of cybersecurity incidents in federal government. The one that caught our eye was this:

44%of Federal IT professionals have seen an employee post a password in a public place (for example, on a sticky note in their office) in the last 12 months.  (You can read the full report at http://webobjects.cdw.com/webobjects/media/pdf/Newsroom/2009-CDWG-Federal-Cybersecurity-Report-1109.pdf)

We’d guess that this is the result of password policies that mandate that employees set strong passwords, and reset them often. These policies can actually end up eroding security if they make it too difficult for people go about their daily work.

How many of us could really handle creating unique passwords that include at least one uppercase character, one non-alphanumeric character, are more than nine characters –and then changing them every two weeks?

People are delightfully predictable – and that’s what attackers count on. If it’s hard to set up remember those passwords, we either have to improve our memories or make them easy to retrieve. Guess which one most of us will pick?  I put my money on the sticky note!  Federal government employees aren’t any different than most of us in that respect.

You can read a discussion of the report and its findings in Government Technology at http://www.govtech.com/pcio/articles/734387?id=734387&full=1&story_pg=1.

Tags: breach, cybersecurity, federal government, password, sticky note

This entry was posted on Thursday, December 10th, 2009 at 10:47 am and is filed under General, myOneLogin. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.