Pass/Fail - IRS Password Training Fails
Information Week passed on some disturbing information about the IRS earlier this week. According to the IRS Inspector General, approximately 60% of all IRS employees failed a social engineering security test.
Employees, including managers and contractors, were called by someone pretending to be technical support who told them an issue with the computers could be solved by changing their password to one recommended by the caller. Of 102 people contacted, 61% did what the caller asked.
These are people with access to taxpayer's sensitive information blindly giving away the farm--well, maybe just the network, but you get my meaning. This type of call is basically the verbal equivalent of those phishing emails we all get purporting to be from eBay or PayPal. IRS employees could have been handing over access to 14 year-old hackers for all the attention they paid.
The IRS has indicated they will be beefing up employee security training--only 8 of the 102 people called reported the call to their administrator to verify proper procedure--for all.
Now if only the IRS can find some of the 490 computers, also filled with sensitive data, they lost between 2003-2006.
For the full skinny, check out the Inspector General's 22 page report here.
Employees, including managers and contractors, were called by someone pretending to be technical support who told them an issue with the computers could be solved by changing their password to one recommended by the caller. Of 102 people contacted, 61% did what the caller asked.
These are people with access to taxpayer's sensitive information blindly giving away the farm--well, maybe just the network, but you get my meaning. This type of call is basically the verbal equivalent of those phishing emails we all get purporting to be from eBay or PayPal. IRS employees could have been handing over access to 14 year-old hackers for all the attention they paid.
The IRS has indicated they will be beefing up employee security training--only 8 of the 102 people called reported the call to their administrator to verify proper procedure--for all.
Now if only the IRS can find some of the 490 computers, also filled with sensitive data, they lost between 2003-2006.
For the full skinny, check out the Inspector General's 22 page report here.
posted by Dy at 12:38 PM
0 Comments:
Post a Comment
<< Home