Even Spies Have a Lot to Learn About Security
The recent news of the capture of alleged Russian spies living in the United States has rekindled memories of the Cold War, and it certainly has been interesting to watch unfold if you like international politics or spy novels.
I think anyone who is concerned about information security should also be paying attention to the Russian spy story because the ring's security lapses mirror those found in the enterprise.
According to an article by Tim Greene:
One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.
It would be logical to assume that the defendant didn't want law enforcement to have access to that password. It would also be logical to assume that a 27-character password was created to keep information safe and secure. In the end, the defendant made a major policy mistake by allowing the password to fall into the wrong hands.
True, most of us have no reason to have our homes investigated, but plenty of employees are careless about keeping company data secure.
The takeaway of the spy arrests may be the reminder to review security policy with employees. If nothing else, the story shows how badly things can go if you get lax with data security.