If Alaska’s government business is being transacted using a Yahoo account, you can bet that you and your employees are doing the same thing.
Today we learned that Governor Palin, for reasons that still mystify us all (it took some restraint not to take a political stab), was using a Yahoo account to communicate with State officials and to conduct State business. Doing so, she was able to single-handedly create a threat to State and National Security.
All of the government’s safe guards have been breached by one simple action.
We go through the effort and expense of instituting network password policies in our organizations only to be blind-sided by the irresponsibility/need for convenience of one individual.
How did this happen? Her public personal information was used to regenerate a password from Yahoo. I am the first person to say that those questions are annoying and who knows if I will remember what I answered. “What’s my favorite book or movie”, “What’s my first pet’s name”, etc. You can’t expect that these questions can not be easily deciphered by someone that really wants to gain access. I make sure to answer my questions with my own flair (see below).
We are all in awe Governor’s lack of security precautions. We forget that this happens everyday in our network environment. How many times has:
- Your mail been blocked by the recipient and while you get yourself removed from the spam-block list, you or your employees use a personal email account to send email.
- Your email server been down and you or your employees have relied on your personal account to send out company email.
- Your email been inaccessible/unavailable from home or while you or your employees are away from the office and you have sent out communication using your personal email address.
Using personal email may be something that you cannot prevent, however, you can remind everyone to use appropriate safe guards to secure their personal information. It’s in yours and their best interest.
Please remember that although network password policies are annoying, you AND your employees should adopt a secure password policy for all of your personal accounts (email, banking, etc.) as well.
We recommend that your password should be at least 8 characters, it should contain at least one number, at least one capital letter, and or whenever possible at least one special character. Never fear, if you type it everyday you will remember it. If you use a simple password, your password can be guessed relatively quickly.
Also remember to add your personal spin to those ‘Security Questions’. Names of people/things do not have to be exact. We recommend using nicknames rather than real names for places, things, people, and/or pets. Pick the most obscure question options and not the easiest ones (“What’s you first born’s name”).