Security matters

This article shows how an individual's good-intended social activities on cyber network can harm a company’s security seriously. As the author insists, even the strongest firewall would be useless if a hacker can find an employee’s id and password. And most internet-users are willingly giving plentiful of hints about password for the underlying hackers.

In Korea - which is one of the most web-linked countries in the world – it’s easy to search personnel information through a lot of social networking sites such as cyworld, naver/yahoo/daum blog, etc. Also sometimes, you can just google someone’s preferred internet nickname to get lots of identity information.

In spite of this serious situation, I’d like to argue that personnel activities itself on cyber network cannot be prohibited by any organizational force. It is up to whom uses internet for their identity whether it is stolen or not. But, from the view point of management, company should focus on breaking the link between the personnel information and the accessibility to the company information system.

Most easy and passive approach that company can take is to educate employees to use password most unrelated from their identity as often as possible. Second, more active approach is to develop a sophisticated algorithm which prevents employees from creating easy-trackable password. This system uses a database which contains full identity information, and produces a list in which every possible combination for the password candidate is written. So if someone creates a password based on his/her identity, the system will check if it belongs to the list and alarm the user to change password.