The security of information, computer systems and people is becoming increasingly important, and rightly so.
Anything that improves awareness and leads to businesses and individual users becoming more secure is a good thing in my opinion and its good to see the amount of good work being done in this area.
But can we ever have too much of a good thing?
Of course not – the security of computers and information is largely a reactive function rather than a proactive one and so the need for new technologies, more awareness and more professionals working within the industry will continue ad nauseam.
But this continuation, and further uptake of all things good in the security industry does pose a few problems for all types of users.
One good example is the use of the humble password. Whilst using a lengthy combination of letters, numbers and symbols (you do make your passwords thus rather than relying on common words, right?) may not necessarily be the best way of limiting access to a device or system, it is the primary way that we are lumbered with for the time being).
Unfortunately, the proliferation of smartphones, tablets, netbooks and a plethora of online accounts mean that most users end up having a large number of passwords to remember (you do use a different password for everything, right?) and this can be a problem (because you don’t write them down either, do you?)
I mean, just ask the Delhi police.
For the past 8 years they have failed to act upon over 600 complaints of corruption. The reason why is because the reports were forwarded to an online portal and the local officers didn’t know the password, let alone how to operate the system once actually logged in.
Even worse, higher authorities weren’t even aware of the lack of action in regard to the complaints which went back to when the system was installed in 2006.
Every year the Central Vigilance Commission (CVC) would meet with government departments to review corruption complaints but no-one seemed to think it unusual that the Delhi force never received any feedback on pending police complaints.
It wasn’t until January this year that the CVC finally discovered that the system wasn’t even being accessed. Now, at last, two officers have each received an hour of training and can finally access the portal and it appears that the 667 complaints are now being addressed.
Delhi police, which “prides itself on its online capabilities,” now intends to offer a new service allowing the public to lodge complaints about missing items. There is no word yet on whether they will actually get around to investigating any reports though!
Whilst this episode may be laughable in many ways it does offer up some serious messages. I’ve already made some comments about password security but all of that is for nothing if no-one knows or can remember the password at the time they need it. Perhaps Delhi police could benefit from using a password manager?
Also, the story highlights how humans are often the weakest point in any organisation. I’m not sure I can allocate much blame to individual officers here but why were they not trained to use the system in the first place, and where was the communication and oversight that would have spotted this issue eight years ago?
Hopefully your business operates far more effectively, has security-conscious personnel, a strong security framework in place, and a process for checking that everything is actually operating in the ways you hope and expect.