The password was “LOUVRE”

In the wake of the recent broad-daylight robbery of $88 million in jewels from the Louvre, investigators have reported some surprising lapses in security protocol.

Notable: The password for one of their key security systems was, at some point — can you guess? — "LOUVRE". (Thanks to list member Allison for sharing this tidbit!)

Obviously, passwords matter. I recommend requiring your people to use strong passwords, for both their site logins and for their email accounts.

Other thoughts on security:

• If they want what you've got, they'll get creative. Ground level security at the museum is too tight. How about a hydraulic lift to an upper-story window?

• They may not always try to take something out. Sometimes they want to put something in. British art forger John Drewe was convicted in 1999 of, among other things, inserting false records of his forged paintings into the archives of the Tate Gallery, in order to bolster his claims of their authenticity.

• It's not always high-tech. A smooth talker on the phone or a persuasive email has often been enough to gain critical information from a staff member, leading to a security breach.

Here's the thing:

Protecting your organization’s resources and the private data of your constituents isn't a simple matter of pushing the right buttons or checking the right boxes.

It's an arms race.

Whatever protections you put in place, someone will — if they want too badly enough — try to find a way around.

It's up to you to consider how far you'll go to prevent that from happening.

You might start with strengthening your passwords.

All the best,
A.