Sitting next to me on the train yesterday was an employee of a large telecoms company. I know this from the ID badge he was wearing and the asset tag on his laptop. On the lid of his laptop was a yellow post-it on which was scribbled his userid and password. Yes – it really does happen!
Ironically I know that the telecoms company in question runs a very comprehensive and not inexpensive employee security awareness program.
What value a security awareness program? The Security Company make a case of the “critical importance of engaging…personnel in security on a daily basis.” and their MD, Martin Smith states “The criminal will always take the simplest route to the riches.” That route is likely to be through a lack of awareness of simple security measures such as not writing your password down on a piece of paper so that it can be read by the person sitting on the next train seat!