Snowden Just Asked NSA Colleagues for Passwords … and Got Them

This instructive story from Reuters  ought to wake us all up. We hear – all the time – of data breaches caused by employees sharing their passwords with other employees.

You would think that the NSA would train employees fairly exhaustively on this topic. And that NSA employees would be particularly sensitized to the need to guard passwords. But apparently not so.

As Reuters reported, some 20-25 NSA colleagues may have given Edward Snowden their logins and passwords after he told them they were needed for him to do his job as a computer systems administrator. There’s no older song than that one in the information security world, but some NSA employees bought it.

The sharing of passwords should be prohibited by policy and a part of every information security training – but the IRS has done this for years and people still give up their IDs and passwords. Instinctively, people want to be helpful. It’s a tough facet of human nature to corral. It is especially important for law firms to convey to employees that login and password information may not be shared!

Information security for lawyers will be a major focus at this year’s ABA TECHSHOW, March 27-29 in Chicago.

– By Sharon Nelson

Nelson has been frequent presenters at ABA TECHSHOW and served as Chair of the 2006 TECHSHOW Planning Board. She is a principal of Sensei Enterprises.