I have been doing a lot of live employee training lately. I really enjoy it, and have been told that it is some of the most entertaining training around. The reason why I can get the audience to laugh is because I tell real stories of some ridiculous things people have done that have gotten themselves (or mostly their employers) in deep trouble.
I often advocate that everyone should be using passphrases instead of passwords, including a past Privacy Tip. Passphrases are long enough so they will pass muster with any IT security guy’s complex password requirement. They are easier to remember, and most importantly, since people usually can remember them, THEY DON’T WRITE THEM DOWN. Most people really warm to the idea and like it and try to come up with a good passphrase.
And then I read a recent article that made me shake my head in disappointment.
By now, everyone knows not to write down their passwords, not to put them in their top drawer, and not to paste it on a post-it note on the monitor of your work station. People actually chuckle at this—like anyone would ever do that…
And yet, people, yes, employees, still write down their passwords.
I also harp on why it is so important to encrypt laptops. If the laptop is encrypted and it is lost or stolen, there may be a safe harbor from breach notification. So encryption is important for mobile devices, including laptops.
In this particular case, the employee of U.S. HealthWorks had an encrypted laptop—so the employer was doing the right thing when it came to data security for laptops—but the employee wrote down his password, and then actually kept the paper that the password was written on WITH THE LAPTOP! So when the laptop was stolen on July 18, 2016, not only did the thief get the laptop, but the thief hit the jackpot because s/he got the password right along with the laptop and the key to the encrypted data, making the encryption useless.
Unfortunately for the employer, it had to notify the 1400 patients whose information was contained on the laptop, because although it was encrypted, the password was available to the thief in order to access the data.
So my tip for this week is DON’T WRITE DOWN PASSWORDS! Do it for yourself AND for your employer.