Lepide Blog: A Guide to IT Security, Compliance and IT Operations

A Lesson in Password Policy and IT Security from Peep Show

A lesson in password policy and IT security from Peep Show

Peep show became a huge hit in the mid-2000s, partly due to the cringe-inducing story lines, the hilarious comedic timing of Mitchell and Webb and the amount of times we all agreed with the inner monologues of Mark Corrigan. You wouldn’t think that there would be any real-world IT security lessons that could be taken from this show, but you’d be wrong.

One of the many charms of Peep Show is the grounded environment it sets itself in. There are no thrills, just real people in real (albeit ridiculous) scenarios. The fact that some of the scenarios are so relatable is one of the reasons that I think it is possible to draw some lessons from this show.

In particular, I was re-watching an episode in season 1 where Mark, our incorrigible hero, attempts to break into the email account of his work colleague and love interest Sophie, in order to spy on her. Of course, after numerous failed attempts, he succeeds due to him being able to correctly assume that she misspells her favourite show “sexinthecity.”

This got me thinking about the importance of a stringent password policy and auditing solutions when it comes to ensuring that non-users are not able to access critical IT systems. The danger is obvious, if non-users are easily able to get into Active Directory accounts and access critical files and folders, it’s only a matter of time before a privileged account is accessed for nefarious purposes. Here are a few little takeaways from Peep Show that can help you strengthen the password policies and general IT security of your organisation. Bear in mind that, although most of these points apply to all passwords, I’m referring mainly to corporate accounts such as Active Directory passwords:

Choosing an appropriate password

This is an obvious one but, as Peep Show suggests, many employees take the easy route and come up with a password that is easy to guess. As standard, all passwords should meet and minimum length and a minimum complexity requirement to make them as hard to guess as possible. Some of these complexity requirements can include:

Changing Passwords Regularly

Regularly changing your password can serve two purposes; ensuring that passwords remain fresh and therefore harder to guess and also to ensure that if your password is stolen, accounts can only be accessed for a short amount of time.

Password Expiration Reminders

It’s a simple fact of life, users often forget to change their passwords. Your organisation may have numerous indirect users who access the network without logging on to computers, through Exchange, for example. Users like this need to be notified about password expiration in order to keep passwords up to date.

There are many auditing solutions on the market that can automatically remind users to change their passwords when they are due to expire. Deploying an auditing solution like this can help to save the time of the IT team whilst simultaneously helping to enforce password policies and tighten IT security.

Storing and Sharing Passwords

This is a common-sense practice, but you would be surprised at how many people keep a hard copy of all their important passwords to remember them. This can obviously be a problem for security, as any passer-by can gain access to your computer from a quick glance at your desk. The same can be said for sharing passwords. Ensure that only you are aware of what your password is and that you haven’t written it down anywhere.

Use Lepide Data Security Platform to Help Detect Unauthorised Activity

If JLB Credit (Mark’s employer) had been using Lepide Data Security Platform, they would have been able to detect when Mark was attempting to hack into Sophie’s AD user account by noticing the number of failed login attempts. Now, this may not seem an issue in Peep Show, but what if the person trying to gain access to that account was doing so to copy or modify critical files and folders? In this case, detecting attempted unauthorised access is incredibly important.

Conclusion

Maybe Peep Show isn’t the best thing to draw life or business lessons from. But there’s no denying, if Lepide Data Security Platform was the auditing solution of choice at JLB Credit, Mark would never have been able to spy on Sophie and the integrity of that employee’s account would have remained intact. Whether you’re a fan of Peep Show or not. The above password policies, when combined with the pre-defined reports and real-time alerts of Lepide Data Security Platform, can help contribute towards a more secure IT environment.