Posts tagged: Security

How Secure Is Your Password?

Do you change it often? Do you use the same password across the board, or multiple ones? Do you use a variety of letters, numbers and punctuation characters ?  How about your phone, do you use a password lock at all? Or do you stick to the simple screen swipe? How about your business? Do you make sure passwords are changed often? That they are not simple or easy to crack? That employees are maintaining strong passwords that change often?

A simple internet search brings up a slew of free downloads, instructional pages and videos on creating and using password hacking software.  Some so basic, it has been said an 11 year old could use them! There is a constant threat from opportunistic criminals, who scan for accounts with default and weak passwords, plus the threat of more targeted attacks looking to fool users into revealing details.

Most businesses are aware that password security is important, but are they aware that one compromised computer on a network can bring the whole community to its knees?  Just one hacked terminal can spread a crippling virus throughout the network, effects ranging from halting all business to harvesting or wiping critical data.

In today’s evolving world more and more employees are using their own devices for business.  From mobiles to laptops, business is moving further and further away from the office based devices where most companies focus their security practices.  If your employee is using his mobile, tablet or laptop for business use, how sure are you that the data they have stored there is protected? A stolen device with no, or a very basic, password can have just as serious an impact as allowing access to your office machines.

So, how can we minimise the risks? Firstly, and most importantly, ensuring different passwords are used for different accounts/devices.  This is a basic, often unenforced practice that can lessen the damage should an attack occur.  Imagine giving someone a single key that will unlock any door in your home, office, car, garage…….

Once this simple practice is established, it is then wise to look at the complexity of the passwords themselves.  Certain things should be avoided, amongst them use of names, company names and dates of birth.  Matching usernames and passwords are a big no-no, as is using any word that appears in the dictionary!

A minimum length of eight characters is a good place to start, the longer your password the harder it will be to break. Mixing in letters with numbers and punctuation characters, surrounding the password with random punctuation characters(@&$ etc), and breaking it up with these, will increase the security of your password.  If the system allows use of a pass phrase, this is often harder to crack and easier to remember.

One of the easiest ways to create a strong, apparently completely random password is to create an acronym from a phrase.  Again, substituting letters for numbers and adding punctuation characters will further increase the password strength.

Ideally, no passwords would be written down anywhere, but for those who must write their passwords to remember them: don’t have a list, don’t write them with their corresponding usernames or which account/device they relate to and do keep them in a safe place.

Any mobile device used should have the most secure password system it allows.  For example, where a device allows a numbered pin, opt for the 6 or 8 number version over the basic 4, if there is an option for a written password, always take this.  Don’t be afraid to ensure your employees are protecting your data, even if that data is on their own device.

Changing passwords on a regular basis will also increase your security.  When making changes, ensure the new password in no way relates to the previous ones.

With increasing hacker activity, more companies adopting BYOD, it is vital we do everything we can to protect our systems from malicious attack as diligently as possible, adopting good password procedures is often the best way to start.

App Data – To Share Or Not To Share? Do We Have a Choice?

With the recent revelations from the Edward Snowden leaks on the harvesting of private data, and the use of analytics data from mobile apps in its collection, how aware are you of the extent downloading and using an app can affect your security?

Many mobile app developers use analytics to help improve their products. They provide the developer the ability to see how often their app is used, which sections users visit most often and for how long.  This information is essential in making improvements and developing further apps.  Alongside developmental advantages, app developers also collect data for another reason – with free games ever increasing, developers need this information to help in targeted advertising, and to sell on to third parties, meaning the information is another revenue generator.

But Snowden’s leaks have revealed many apps, such as Angry Birds, are collecting far more detailed information than originally thought, from phone model and screen size to much more personal details such as age, gender, location and even sexual orientation.  Many will be shocked to learn of the extent of information collected, and the fact intelligence agencies are harvesting it.

Apps that require you to log in via social media platforms, and access your GPS can easily track where and when you play the game, as well as your full identity and all personal information you have on your social media account.  If this information is then transmitted without being encrypted, any third party with basic know- how has open access to your information.

So, next time you download an app that asks your permission to access certain data, think about the information this could release if the data is transmitted without encryption, and if this is the information you want being studied by everyone from advertising companies to the NSA!