October 9, 2005

Security begins with you

by Brian Turner

The biggest security threat to any business or organisation is you.

No matter how secure a system is coded, human user vulnerabilities can undermine the most meticulous coding and procedures.

Here are a few simple ways to try and help reduce these risks:

Don’t tell anyone your password

Of course, also avoid telling anyone your passwords. Don’t share it with friends, and don’t even hint about it – firstly, there is no reason to, and should you ever fall out with your friends, they could access all of your personal accounts.

It should go without saying that if you ever type your password in a chat program, e-mail, or similar, then this can be read by third parties you may not be aware of.

Don’t have too simple passwords

Don’t base your password on parameters that a third party might easily guess, such as your phone number, child name, or birthday.

Additionally, do not have passwords that consist of a single word – many automated hacking programs will have a list of word to test for, such as “admin” and “password”.

Do include numbers with letters where possible, as this significantly increases the difficultly of cracking your password.

TIP: Use acronyms to create complex but easy to remember passwords, and add a memorable number or date to it.

Use password heirarchies

Try not to have just one password for everything you use, because if someone should ever learn it, they could hack all of your systems.

Instead, have password heirarchies – in other words, different levels of passwords for different levels of passwords, for example: one type of password for e-mail, one type for online groups, a different one for server admin, and a different one for you online banking.

Don’t leave passwords written down on paper lying around your office

You’d think this would be simple – but you’d be amazed how people find themselves “too busy” to file such information somewhere safely.

Do keep information on passwords safely out of sight of casual visitors to your home or office.

If you save passwords in a document on your computer, don’t use the word “password” in the saved file.

This is because if your PC is ever used by a third party, either with permission of through a security vulnerability, then if they use the computer’s search facility for the word “password”, they will find your file.

Additionally, consider that Desktop Search applications make it easier for *anybody* to find information on your computer. It is advised that you avoid installing any form of Desktop Search on a computer that stores vulnerable information.

Use temporary passwords for third party access

Sometimes you need to allow third parties to access your systems – for example, FTP privileges to a website.

In such instances, you should look at setting up temporary access, so once the third party has finished their work, you can delete that account and prevent further intrusion.

TIP: If you structure your own passwords in a particular way, ensure passwords for third party access are structured completely differently.

Story link: Security begins with you

Add to Bookmarks:

 

 

 

• Recent Posts

  • Opera Mini 5 beta out on Android
  • BenQ reveals quintet of V series displays
  • Twitter prepares phishing defences
  • Google forces Adsense users to local currency
  • Small businesses invited to benefit from benevolence

• Most read today

  • Forum admins warned on new wave of spam
  • Google forces Adsense users to local currency
  • Santy: Automated attack on phpbb forums
  • How to combat spam on vbulletin forums
  • Apple iPad UK release slips