Software giants, such as Microsoft spend billions of dollars each year to make their products as easy to install, and use, as possible. This involves not only testing the computer code which constitutes the product, but closely observing groups of beta testers in how they actually use their latest creation. Is it intuitive or intimidating, complex or straight forward?A separate group of programmers, and security experts, concentrates of making the office software tools, upon which many of us rely, as robust to security breaches as possible. OK, any problems get to make the international news, but what about the other 99.99% that they get right?
Now if all this appears far removed from what you do at work each day, it really isn't. The explanation given to Meryl Streep's new assistant regarding the fashion industry for the movie 'The Devil Wears Prada', sums up that of the computer industry too. We are all affected, at some level, by computer hackers. However, all too often our business is virtually an 'open door' as far as computer security is concerned, as it always seems to be 'the other guy's job'. When, in fact, we all need to play a role.
Good password policy practices can be hard to come by. I can't count the number of times that turning someone's keyboard over, inside their office, has revealed to me their password(s) scribbled on a post-it note stuck underneath. Oh how I sighed to witness yet another use of 'password' as their actual password.
Strong passwords should not be dictionary words. They must be a mix of upper and lower case characters, mixed with numerals and special characters thrown in. Even substituting numerals for set characters, as in the example of '313phant' for the word 'elephant' is insufficient. But when requesting an employee to think of a password they would like to use, usually creates a blank stare accompanies by a nervous giggle. That's where password generators come in handy, such as the many online offerings available.
For those of us struggling to remember a myriad of passwords in order to navigate our everyday life, password utilities, which store all passwords needed under one master password, have become a boon. A Google search should turn up some useful references. One of the additional advantages of such utilities is being able to leverage mobile device versions. So you are never stuck for a password again.
Of course, passwords are only one piece of the security puzzle. Security, which up to now has been concerned with keeping people external to the company out. But what about the trojan horses that lie within our four walls?
Recently, whilst standing in line at my local computer hardware wholesaler I cast me eyes over their 'bargain bin' section, next to the checkout. Amongst the assortment of mice, graphics cards and what not I spied a plastic washing-up bowl, usually found in kitchens, filled with 'key loggers'. Key loggers of open sale? I couldn't believe it.
A key logger is a small electronic device which is placed, by someone with bad intent, between your keyboard's plug and its intended socket. The keyboard continues to act nprmally for the user, but all the time it is recording their keystrokes. Later the device is removed and the culprit can view the file it contains to gain access to passwords and other information. Bad!
It always pays to challenge unrecognised office personnel. Especially if they are 'apparently' changing, or working on, your computers. Just me ensure that they are not leaving any little 'extras' which should not be there. You do check don't you?
The use of USB ports requires monitoring too. USB drives hold ever increasing amounts of data and are easily inserted into systems. Often this is for perfectly innocent use. But is is all too easy to download gigabytes of data, or upload dangerous, possibly virus-ridden, software which would reach havoc as it spreads across your company network.
But before you start speed-dialing your therapist, take heart that by taking a, often simple, structured approach to computer security, many potential problems can easily be prevent before they can occur. Prevention is much better than cure. As the cure is very costly indeed.
Having set policies regaridng USB drive use, regular password changing and accompanying any IT technicians as they move around the office, can all help to tighten your grip on the situation.
This is time well spent, because if you came into your business tomorrow, and sat down to find your network had been wiped out due to a lax in proper security, and you were now losing business through resource down-time, how would you feel?
Graham works as a consultant for Elliptical Ltd in Stockport, United Kingdom. A passionate team of computer professionals striving to make technology user friendly and thoroughly enjoyable. http://elliptical.co.uk
0 comments:
Post a Comment