How 53r10u5ly Are Your Employees Taking Endpoint Security?

How 53r10u5ly Are Your Employees Taking Endpoint Security? 7 Top Password Tips For Them (And 1 For You)

security1The media had some fun in January with the story about how the word “password” had been replaced as the number one bad password by computer users but sadly not for something more secure…

… are you any more vigilant?

Did you see the story?

SplashData, a password management company based in Los Gatos, California, analysed files containing millions of stolen passwords that had been posted online during the previous year.

Last year’s top bad password (“password”) had apparently been replaced at number one by the sequence “123456”. I’m not kidding!

Just like last year the list was populated with easily guessed, obvious passwords.

The top 5 list was less than inspiring …

1. 123456

2. password

3. 12345

4. 12345678

And finally …

5. qwerty

The fact that these are being used for things as important as online banking is bad enough – that your employees may be using them to access your organisations data and systems should be a source of great concern.

It’s time to remind your people of their responsibilities when it comes to the security of your data.

TOP 7 PASSWORD TIPS

1 – AVOID birthdays and years of birth which are easy to guess with the help of easily accessed personal information.

2 – Use a mix of letters, numbers and characters – the more random the better! In fact …

3 – Often a random word can stick with users better than something that is relevant to you and is harder to guess. One football mad employee was hacked and sensitive company data was stolen because his password was football – could a hacker suss your password by running an eye over your Facebook or Twitter activity?

4 – Try a passphrase rather than a password can be great. “I_<3_p1ZZa” was a neat one that I saw recently.

5 – Change your password regularly. Most systems will prompt users to do this, but it’s a good discipline to change it yourself once in a while if not. The guy with the “I_<3_p1ZZa” passphrase changed it as soon as he’d shared it with me – if you think your password or passphrase has been compromised CHANGE IT!

6 – Get creative! One IT Project Manager I know has his 4 kids each pick a number 1-9 and then he creates an equation like “(1×3+7)/2=Five”. He changes it every week.

7 – DON’T use a system for generating your password. Once hackers work out “Ste@Facebook1975” they will soon figure out “Ste@Twitter1975”, “Ste@Ebay1975” and eventually easily access your business data using “Ste@ABCBank1975” etc.

All the above seven tips are based on actual experiences, you can probably come up with seven more tips based on yours. I would love hear them.

But while it is important that your team are compliant it’s crucial that you and your systems are too. There are commercial solutions that can really help.

Look, for example, at endpoint security to improve network protection. Requiring each computing device on a corporate network to comply with certain standards before network access is granted can secure endpoints like include PCs, laptops, smart phones, tablets and specialised equipment such as bar code readers or point of sale (POS) terminals.

Some things can be done today for free, others can be done at minimal cost (especially compared to the potential cost of a security breach).

The important thing is that you do something, talk to your team and explore what’s available commercially.

No Comments

Leave a Comment

Show Buttons
Hide Buttons