This CNN report goes to show you that even a large organization like the IRS needs to educate its employees in better data security.
What’s scary about this, is that the security training is not the TECHNICAL aspects of digital security but the HUMAN aspects. For example, CNN writes More than one-third of Internal Revenue Service (IRS) employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.
I have written this so many times, but I’ve just go to repeat it. All the best security in the world is good, but nothing beats a WELL trained and vigilant staff.
The CNN article reads Employees gave several reasons for complying with the request, in violation with IRS rules that prohibit employees from divulging their passwords.
Some said they were not aware of the hacking technique and did not suspect foul play, or they wanted to be as helpful as possible to the computer technicians. Some were having network problems at the time, so the call seemed logical.