Because no computer is completely secure, a computer facility is only as secure as the people who use it. Most actions that violate security are easily resolved by careful users or additional equipment. However, the following list gives examples of problems that can occur:
Users give passwords to other individuals who should not have access to the system.
Users write down passwords, and lose or leave the passwords in insecure locations.
Users set their passwords to easily guessed words or easily guessed names.
Users learn passwords by watching other users type a password.
Users leave their systems unattended without locking the screen.
Users change the permissions on a file to allow other users to read the file.
On a labeled file system, users change the labels on a file to allow other users to read the file.
Users discard sensitive hardcopy documents without shredding them, or users leave sensitive hardcopy documents in insecure locations.
Users store sensitive data on unauthorized cloud services.
Users forward email to unprotected mail servers.
Users use insecure applications to transfer sensitive data.
Users leave access doors unlocked.
Users lose their keys.
Users lose their laptops and mobile devices.
Users do not lock up removable storage media.
Computer screens are visible through exterior windows.
Unauthorized users remove, replace, or physically tamper with hardware.
Unauthorized users gain access by plugging their laptop into an ethernet port.
Unauthorized users connect to wireless networks whose signal extends outside the building.
Network cables are tapped.
Wireless network signals are monitored.
Electronic eavesdropping captures signals emitted from computer equipment.
External electromagnetic radiation interference such as sun-spot activity scrambles files.
Power outages, surges, and spikes destroy data.
Earthquakes, floods, tornadoes, hurricanes, and lightning destroy data.