Don't tell me you left it out on the bookshelf in your office, in a file cabinet, or some other ridiculous and obvious place? These are the first places any internal hacker will look. Get a fireproof safe, preferably offsite, and be sure no one can take the whole safe, either.
Do you do random spot checks and do you shake up the system occasionally to see what falls out?
OK, so you may have a written policy you religiously follow. And perhaps you stick to a certain routine, like checking the logfiles at 3 a.m. every day. This just means there are 23 hours for a hacker to pry into your system. If someone else gets to know your habits and learns that you never deviate, well, it's an easy recipe for a hacker to follow.
Plan your work, work your plan, and every once in a while shake things up with a random check up, from the Net up.
I've surprised a few would-be hackers this way myself.
Where do you store backup data, emergency disks, etc.?
Tales of hackers getting backup drives with the operating system and all files intact abound. We've heard about stolen Windows NT emergency diskettes, containing the password file, that were left out in the open or with the machine. A copy of that disk, some time, and a program (like those available at www.l0pht.com) to crack the SAM (user ID/password) file can provide hackers with your password and ID.
Again, an offsite fireproof safe that no one can steal is a great place for these types of items.
How often do you use that password of yours?
Every time you log in from home or across the Net, you could be sending your password in clear text. That's a very big risk. Read up on sniffers at www.sans.org/NSA/glossary.htm and understand that every packet to and from your machine can be captured, decrypted, and utilized against you in some way. Do not take that chance. Change your password frequently.
How often do you change your password, and how often are your customers required to change theirs? Is there a lockout feature after so many bad password attempts?