HAHAHAHAHA! I’m weeping inside.
From Federal Times:
What’s the easiest way to get Internal Revenue Service employees to compromise computer security protocols? Ask them to.
In a test conducted in March and April by the agency’s inspector general, 60 percent of more than 100 IRS employees revealed their user names and changed their passwords when government auditors, posing as help desk employees, asked them to. What’s more, only eight employees contacted administrators to report the calls or determine if they were legitimate. Those tested included managers and contractors at many office locations across the agency.
“Employees either do not fully understand security requirements for password protection or do not place a sufficiently high priority on protecting taxpayer data in their day-to-day work,†said Michael Phillips, deputy inspector general for audits, in his write-up analyzing the test.
The results in this test, released in late July, were even worse than those of a similar test three years ago when 35 percent of employees forked over their passwords and user names. In 2001, the failure rate was 71 percent.The IRS has 100,000 employees who handle 220 million tax returns with personally identifiable information. Last month, the inspector general reported the loss of 490 computers in three years and other security violations, including weak password protections and a failure to encrypt data.
[tags]Social Engineering, Hacking the IRS, Stupidity[/tags]