Alice has another bad habit. She can never remember her password, so she’s written it down and put it in a safe place. How many safe places can you think of? Want to bet it’s one of the first three you can come up with? Let’s see: bottom of keyboard, behind monitor, under edge of desk (next to last week’s gum), or in Rolodex under “computer.” But they are such good hiding places!…(sigh)

The reason I bring this up is, if you’ll recall from last month, there are all these people who have access to you physical spaces that you have little or no control over. Cleaners, caterers, contractors. If Alice isn’t going to protect her password, do you think she’s left her user name lying around? What’s to prevent the “hired help” from taking advantage of the situation?

As we talked about before, in many situations, you have no ability to vet the employees of your contract labor. You also have limited ability to monitor work being done outside normal business hours.

You might be saying to yourself that Alice’s laxness with her password and user name aren’t really a major problem, since she doesn’t have access to critical systems or data. But what does she have access to? Memos between the CEO and the CFO about the next round of venture capitalization? Plans for going public? What would the loss of this information mean to the organization?

In many respects, policy implementation regarding the use of the Internet, password strength, and replacement, minimizes certain aspects of these threats. Eliminating unauthorized software or applications improves the ability to control unanticipated vulnerabilities.

I want you to be able to look at your organization with an eye for security hotspots. Anyone can identify the unsecured fire door, or the modem tied into the office server. What you need to be able to identify is the invisible threat of the stranger at your door (contractors), the well-intentioned, and the dearly departed.

You can do a lot of things to handle these threats. Policy implementation can force updates to operating systems, enforce strong passwords and prevent the installation of unauthorized software. Education brings a better understanding to your employees about the threats they confronted with on a daily basis. Finally, knowing your employees as people with families, hopes and dreams, and problems as well. You can identify potential problem areas when you know the people who work with and for you.

On Wednesday, Sept. 27, I will be participating in a webcast discussing this subject. You’ll hear about these employees and others in detail. Hopefully, you will gain better insight into identifying possible situations before problems arrive. I hope you’ll join me. For more information, check here.