IT Security Blog

How Long Should Your Password Be

By

We all know the importance of having good and difficult passwords once we have access to a site or a network but one thing that many would have to consider would be the length. Others would want it short, but these are people who would not care of why they are given access. Others want it long normally something that they can easily remember such as their address or birthday. But how long should it be?

Traditionally, it should be at least 8 characters. Some are fine with 6 characters but for security reasons and avoiding hackers, it would be best to make it longer. A combination of alphanumeric characters would be better as it makes harder to crack for people who love to do mischief. So if this were the case, the potential combination would perhaps be your car plate number, bank account or even your driver’s license codes. With that in mind, you better make sure you also write it down and keep it in a safe place. This is in case you may forget it for some reason due to the tons of information you have stored up in your mind.

Regardless, a user should always make sure that the password he chooses is something he is familiar with. For most sites, we are asked to put secret questions to which we can answer for ourselves. But in choosing the right one, we must make sure that it is something only we know and not something that can be easily guessed by anyone. Failing to do so may put your access and credibility at risk.

Telecommuting Woes???

By

telecommute.jpgResearch has shown that a survey conducted within a large company shows that although telecommuting is very much productive for many firms it tends to be on the downside for those employees who do stay within the physical office itself. This can be in the areas of personal assistants/secretaries and other office workers who are left to run the office in the absence of their counterparts/coworkers. This leads to dissatisfaction in the workplace hence lowering productivity and encouraging home-bodies to engage in dangerous liaisons from within and outside of the office.

The hatred felt is seen in the rising occurrences of these same people becoming the entry point for attacks on corporate networks when they visit social sites to pass on the otherwise boring day. This is also counterproductive for their attention to work and the other nuances such as physical security and IT security is so much a threat that it is under study on how to improve the working conditions for these people. They are distracted and left to do almost anything they please which is where the security gap seems to be, using the corporate network to access social sites to which they are members of. Even the installation of hardware and software security measures cannot guarantee security coverage at all angles for the main security risk is still the human behind the keyboard who does the typing and not on the structure of the system itself. It might be helpful to get them out more often to allow their facilities more practice letting the steam and pressures/boredom to dissipate. Role rotation may be a key but is not always feasible for there are certain knowledge associated issues that have to be addressed to be able to do that. Training and re-training people allows them to sharpen skills and add new knowledge to their already bored lives.

Complacency – the IY industry’s Worst Enemy

By

complacency.jpgThis has been proven true by incidents broadcast around the world in minutes or hours after they have happened. Many have suffered the consequences of such incidents in the UK, US and mostly each and every place on earth where people have had their information taken and used for no good before there was even a sign that there was a problem.

Big business has been reminded again and again that complacency is it’s worst enemy and they have failed again and again at the area. Why? Well first, total protection is almost always imperfect and somebody out there with enough intent and resources can break-in however expensive the protection methods may be. Next is that the best systems for protection is always the ones that cost too much yet they still remain vulnerable and hackable. Contrary to most ad’s you see in print, the internet or your Television there is no one true solution to protection, for if the hardware and software measures succeed in protecting you, the human behind the computer/s are always the biggest risk. That is why even the most expensive solutions are used in conjunction with other solutions to provide the best of both worlds combining physical and software solutions hoping that combination will be enough protection from the continuous influx of attacks from the web and elsewhere. Encryption is nice but it takes a lot of computing power to implement making it too expensive for implementation on all levels of the company. All of these high-tech solutions and hardware would be nothing if the people using the various computer systems in the said organization fail to use them so the weakest link in every system is still the human. Strict adherence and compliance is the key with systems that process information somewhat autonomously already in use doing the searching and classification of information without the user’s input. This uses the latest in Artificial Intelligence with minimal intervention or input from the users.

More E-mail Security Tips

By

Young Woman on Bed Using a Laptop

I was only able to fit in two tips in the previous post but no worries, here are more things for you to look at.

To subscribe or unsubscribe? What to do?
You know those e-mail messages informing you of one thing or another and then at the bottom it says “To unsubscribe to this service, click on this link…” or something like that? Well, many are legit but here’s the thing – this tactic is also being used to get you to click on the link and gather information from you. What you should do, instead of immediately unsubscribing, is to first double check if you really have subscribed to that service. Otherwise, you just might find more spam mails in your Inbox. If you’re unsure, just mark the address as spam so that it can be filtered in the future.

Guard “important” e-mail addresses
Some people guard their phone numbers zealously. They would only give their numbers to people they know very well and people who they are ok with contacting them. How come, when it comes to e-mail, it seems that people are less guarded? It shouldn’t be the case. You don’t know who will end up knowing your e-mail address and start sending you stuff that you don’t need or worse, malware. If I were you, I’d set up another web e-mail account that is separate from your main e-mail account.

Remember: There is no such thing as absolute privacy
Whatever you code into your computer and send through e-mail is never ever really totally private. Just bear this in mind when writing anything. It will keep you safe.

A Reminder When Using Social Networks

By

I received an email about a year ago on 7 things to stop doing on Facebook. I will mention three of them and give real situations of friends and families who have almost been victimized by criminals because they failed to follow the necessary security protocols.

1) Using a Weak Password. A cousin of mine who was a first time user of Facebook, made the crucial mistake of using his social security number as his password. It was a misfortune that someone got a hold of his wallet and coincidentally tried his SS number to log on to his account. It was a good thing that is was his wife, and so he quickly changed his password, and hid his wallet in a locked safe.

2) Mentioning That You’ll Be Away From Home. A good friend of mine posted on his wall that he and his family are really excited to go on a 5-day Australian vacation after checking out Australia business directory. On the first day they were away, a neighbor called and said that there was a parked van in front of their house. He called the local police station immediately and had someone sent over. The van left just before the cop parked his car.

3) Permitting Youngsters to Use Facebook Unsupervised. This experience is probably the scariest of all. My 5-year old nephew has a Facebook account that he shares with his mom who is a nurse. She is usually at his side as he writes random messages to friends and family members. However, in the course of preparing dinner one night, a message from a stranger popped out as her child was chatting with another cousin. Good thing she caught it on time. She never found out who the message was from, but now she lets her son write emails instead.

Implement a Strict IT Policy

By

It is perhaps the headache of any IT head when it comes to implement policies to have a smooth running network and department. But while the essence of a good security system is evident, it is really the implementation part that is hard to accomplish.

For one, the transition and building of security awareness from various threats that can easily make their way towards an acclaimed secure network is abundant. Manually or transmitted, suspicious files will always find a way especially if you are not that adamant towards making sure that all bases are covered as far as the security of your system and data is concerned.

Many people fail to appreciate that value of the data they have gathered. They fail to appreciate the value of a strict IT policy mainly because all they care about is a workstation to use and opening files (both internal and external) as they please. So if you put all these things together, you can imagine the problems that an IT guy has to work with. But to some, taking the initiative such as passwords and some hardware exclusions has to be made.

If you notice, some drives like the usual floppy drives or even USB ports are either missing or disabled. To make them work, certain permissions and passwords are set for them to be enabled. Only the IT administrator would know these security measures and basic as they may seem, they really help a lot.

This is just a basic but effective way that IT personnel use. There are the usual network policies but for the sake of people who want to making it doubly sure, old and basic practices such as this is perhaps the best way to go.