Unfortunately, as most security professionals tend to learn when it is too late, a lot of the weak points in your set up comes from your users. If you run a network IT at a small business or corporation you will find that no matter how much technology you use to secure your network, the users will find a way to create a hole in the system. This is why most security administrators at the job will have to clamp down on what activities that a user is allowed to do on their work computer. This is for their benefit of the company as well as the users.
Most people do not know how to properly secure themselves on their own computer, never mind an enterprise set up. So if your IT administrator tells you that there is a need to lock a program or block a web site, it is usually the right call.
One of the things that an IT administrator might secure is the use of certain passwords that are allowed on the network. There are certain passwords that are easy to guess and should be avoided at all costs by any security or IT administrator. These are the type of passwords that always fall victim to a dictionary attack, one of the easiest hacker attacks that is around. If your system can not hold up against a simple dictionary attack, then you have a major problem.
Over recent months there have been many examples of poor passwords being used. After some of the more high profile hacks and data breaches there has been analysis of the the length and nature of the passwords being used. Unsurprisingly, perhaps, short and easy to guess has seemed to be the order of the day – classic examples being the likes of “1234”, “password” and similar.
Unfortunately, these easy to guess passwords are very common amongst the majority of users on their home PCs and probably even more so on the machines they use at work. After all, if they are lax about their own security at home, what chance that they’ll care enough on someone else’s computers, including yours?
As a person that is in charge of the security of a business or corporation, it is your responsibility to make sure that you set up some sort of password guidelines. The employees where you work might not be happy about these new guidelines but that is not your concern. Your concern is to keep them and the organization safe.