Many of us have a sweet tooth and love candy. It’s common to see coworkers with chocolates at their desk as “peace offerings” for visitors with whom they are talking business.

So what does chocolate have to do with network security?

In an April 2007 study by InfoSecurity Europe, 300 office workers and IT professionals were asked to reveal their password in exchange for a bar of chocolate. Amazingly, the report indicates that 64% of respondents would share this sensitive information.

In the report, the researchers devised social engineering techniques and inquired about the name of a child, pet or football team. With the respondent’s name and company info on the individual’s conference badge, the researchers had enough data to figure out their username and password.

Your username and password is the only thing that separates you from a malicious computer hacker. It is your responsibility to guard this information and not disclose it by accident.

Below are recommended practices for securing passwords:

• Do not use easily identifiable information as your password (such as the name of a child, pet, or sports team)

• Do not disclose your password to anyone

• Do not store your password unencrypted

• Do not transmit your password via unencrypted e-mail

For more on passwords, see this previous published article:

http://www.hapeople.com/news/NetworkSecurity/Tips4.aspx

Now, you know the *real* reason why our IT security offers free chocolate at their desks.