Security Awareness (and lack thereof)

I now know the admin password to the cash registers at my local grocery.

It’s not because I have installed network sniffers on their network, or have been installing secret cameras. No, the friendly staff freely shared the admin password with me and about twenty other people.

They weren’t planning to do this, and in the situation they probably didn’t even notice that they did it. It was a holiday, and the shop was full because many other shops were closed. And all three cash registers were down, causing an ever-growing line of impatient customers.

That’s when a staff member shouted across the shop to another: “I need to reboot. What’s the admin password?” And got the password shouted back.

Have you drilled everyone in your organization well enough that they remember proper security procedure, even when under pressure?