The need for IT security is paramount to successful operations, especially in the business world. All data is important and should not be subject to outside intrusion in the form of malware, worms, spyware, viruses, botnets or adware. Regardless of the size of the organization, an IT management system should be set up in order to protect against intruders.
- “You can look it up.” Do you use a password that can be found in a dictionary? If you do, then a hacker can simply bang on your log-on with a simple dictionary program until he has access to your account. Fix: Consider one of two options most professionals in IT security recommend. Either create a password that contains odd characters interspersed with random letters and numbers or use a pass phrase instead of a password.
- “Be a snowflake.” You need to use a different password for each different site. You do this, right? Oh... Even if you do come up with a strong password, IT security professionals report most people use only one or two passwords for all their log-ons and, of course, that means someone only needs to crack your single password to access all your sites.
- “Don't leave a paper trail.” You'd be amazed how many people write down their passwords on a Post-It and stick it onto their monitor or, if they're really cagey, underneath their keyboard or lap drawer. IT security best practices recommend you never, ever do this.
- “Cover your tracks.” IT security professionals also recommend that, whenever possible, you use a secure connection when you log on. What's a secure connection and how to you make it? Take a look at your address bar. If the address starts off “http://...etc.” then the connection is not secure and an evil doer might be snooping on your session. Try a very simple, single change by using an “s” so that the address looks like this: “https://...etc.” And this encrypts the connection between your browser and the website and thereby making it more difficult for evil doers to do evil.
- “Loose lips sink ships.” One of the most notorious hackers in modern history, Kevin Mitnick preferred “social engineering” to technology techniques. In other words, what he did most of the time was call people up, pose as a system administrator and simply ask users for their passwords. One famous study in England discovered most people would give up their password for a candy bar.
- “We have the technology...” There is a new generation of software utilities that help you manage passwords. For example, a utility called LastPass is a browser extension that connects a heavily encrypted password vault to your browser. Once installed you only have to remember one, highly-secure password and then LastPass can automatically fill in all the others. Even better, LastPass can generate super random, secure passwords whenever you open up a new account on a website or change your password on a site where you already have an account. And finally, perhaps best of all, you can install LastPass on the browser you use at work and the browser you use at home and any other browser you use. This way, you will enjoy convenient security wherever you are.
In today’s age of heightened IT security and multiple password protected online accounts, is it any wonder that the average user chooses the simplest passwords to remember?
Month after month high-profile cyber attacks have left companies at risk and IT security professionals on guard. The latest? Nvidia Corporation, a California-based U.S. semiconductor producer who recently claimed that up to 400,000 encrypted passwords had been compromised from the company’s online forums.
Businesses that maintain any sort of online accounts for their customers or other interested parties must eventually confront the issue of password encryption. In recent months, major breaches at several high-profile online sites have caused many to wonder over the effectiveness of using hashed passwords. LinkedIn was perhaps the most well-known site to have its password hashing compromised, but other major online businesses such as eHarmony and Last.fm have experienced similar problems.
The need for robust IT solutions became ever more clear this week when none other than internet giant Google announced that it would be alerting specific users that their Gmail accounts may be become the target of determined hacking attacks. Eric Grosse, speaking as Google's vice president in charge of security engineering, made the announcement on the firm's official security blog: "When we have specific intelligence, either directly from users or from our own monitoring efforts, we show clear warning signs and put in place extra roadblocks to thwart these bad actors." It is believed that the need for a warning has been prompted by an increasing level of hacking sponsored by foreign governments.
According to Google's representative, users who receive a warning should not automatically assume that their account has already been hacked or hijacked. Instead, such users should have a heightened awareness that their email account may be targeted for a variety of attacks. Some of these attacks may try to compromise an account through malware, while others do not seek control of a user's email settings, but rather try to entice an account holder into disclosing personal information such as bank account numbers, birth dates, and Social Security numbers. These phishing attacks are becoming more prominent in recent years, but it is a new development for large numbers of them to be considered ‘state-sponsored’ rather than the work of individual malicious actors not affiliated with any national government.
Google, acting as a responsible IT company, is providing its users with strategies they can use to help better secure their Gmail accounts. One important step to take is to create a password that consists of more mixed characters. When upper-case letters, numbers, and symbols are mixed into a password, it is much more difficult for hackers to either guess or determine. Google also recommends that users update their browsers to the latest versions and keep their operating system, as well as all browser add-ons, fully up to date.
While these steps may be sufficient for personal users, small and medium businesses have a more intense vested interest in making sure that email accounts are not compromised. Internal company communications may detail proprietary information and trade secrets that could negatively affect a company's bottom line if released. Companies, therefore, should consider a managed services approach to email services. A managed services model through an outsourced IT approach can build in a variety of methods to provide heightened security for business users.
The recent huge password breach at social media networking site LinkedIn provides an object lesson in the need for improved IT risk management. After all, if a huge business such as LinkedIn can find itself with millions of users whose passwords may have been hacked, it only means that small and medium-sized businesses with access to fewer resources must be all the more diligent to use those resources to their maximum capacity.
Remote access to business systems opens up huge potential in terms of efficiencies. With the ability to access a computer or network from a remote distance, many workers appreciate the flexibility that the modern workplace can offer. On the other hand, however, this immense flexibility can also bring with it new challenges in terms of identification, authentication, and access management.
The hacker group referred to as 'Anonymous' has recently launched a cyber attack, this time targeting a pair of trade associations in the area of technology. The attacks took the form of a distributed denial of service, a technique that can make web sites inaccessible. The group, which is considered a ‘hacktivist’ organization because its attacks generally relate to policy aims rather than the theft of personal information, was protesting legislation currently before Congress. The legislation would serve to encourage businesses to share information about the threat environment with government officials.
Amag Pharmaceuticals of Lexington, Massachusetts provides an example of a company that is becoming more robust and efficient thanks to IT solutions like the cloud services. This requires a large amount of data migration, as well as the expertise needed to establish and configure the kinds of cloud operations that will best suit any given enterprise. In short, it requires an IT company that can provide consulting services to make the move happen.