Information security begins with a few simple steps

Most companies associate information security with a beefed-up firewall, top-of-the-line virus detection and defender software — and all these are vital for data protection. But the battle for network security can be won or lost with a few basic steps. After all, the most sophisticated alarm system in the world is just junk if you leave the front door open.

Lock that computer screen

Think about all the valuable and sensitive information found on your employees’ work computers. How many times do your employees leave that window unguarded when they take quick breaks, go to meetings, or lunch and leave their computers on and accessible? It only takes a second to hold down the Windows key and press L to lock the computer. And it takes only a little more time for a thief to slide in with a thumb drive and quickly and easily copy sensitive material, download a virus, visit questionable websites, or email information using the employees’ own email program.

Password protect your electronics

Most security-conscious firms have a policy requiring password access to company smartphones and tablets, but what about your employees’ personal devices? In today’s “bring your own device” environment, employees often work or at least access email on personal devices. Caution your team to protect their own information in addition to sensitive company information they may be carrying around.

How secure are your employees’ home networks?

The same thing applies to other networks employees might access. Most companies allow remote access from other locations and not all of them may be as secure as you’d like them to be.
Want to see how easy it is? Next time you’re out and about, go to settings on your laptop or device — see how many unprotected WiFi networks you can find. It’s enough to scare you. Make password protected home networks a condition of VPN access for employees and caution them about accessing company information from a public WiFi.

And speaking of passwords ….

If the thought of unprotected networks and careless employees didn’t scare you enough, go online and do a search on password cracking tools. There are plenty of them, from free, open source programs to high-end and high dollar tools. And even the free ones could get a hacker past simple or obvious passwords.

The best advice the experts offer about passwords – don’t use the same password for everything. That’s solid advice – but unfortunately, it means coming up with a long list of passwords. And how do most people remember a long list of passwords? That’s easy – they write them down and keep them in a handy location. Data thieves also know this and they know the likely “hiding” places: under the keyboard, in the top desk drawer, under the desk.

The experts also tell you not to choose one basic password and just put a new number at the end every time you’re required to change an expiring password. It’s basic Hacker 101 knowledge that if a user’s password is SoccerMom1, some others are likely SoccerMom2, SoccerMom3, etc.

Passwords should be unique enough that hackers can’t guess them but meaningful enough that the user can remember them. Mnemonics are good – for example – choose a mnemonic for a sentence that would make no sense to anyone else. For example, a password like “Tiwikmmi2015” – “This is where I keep my money in 2015” – or “Iltcmemeda9o” — “I like to check my email every day at 9 o’clock.” Mnemonics make it easy for the user to remember but hard for password cracking tools to decipher.

Posted by Becky Babineaux at 2:28 PM
Share |