Data protection - Is it time to review password protocols?

Up until now network security experts have always recommended that people with access to online accounts use long and complicated passwords to make hacking more difficult. They have also been keen advocates of regularly changing those passwords. However, has the time come to review these protocols?

As noted on a recent blog on Datacentre.me a recent publication by the governmental group Communications Electronic Security Group (CESG) suggested that forced password expiration could be outdated and counterproductive to security. The report goes further and CESG is recommending account holders should no longer be forced to change their passwords regularly.
How have CESG come to these conclusions and why is it making such recommendations you would be right to ask. So, let me break the reasons for the new guidance down with just a few examples.

  • CESG experts say that forcing users to select new passwords too often will likely result in many choosing less complicated passwords so they do not forget them. Less complicated usually means more vulnerable.
  • CESG also claims that there is little security value in changing passwords as long as users are making their original choices lengthy and with a random combination of letters, numbers and symbols.
  • Experts say that users are more likely to choose passwords similar to the ones they are replacing when forced by expiration to do so. They say that, in effect, this makes the new passwords no more secure than the old ones. If a hacker gets hold of an old password, it is relatively easy to figure out the new one.

Here at N2S we are proud of our data security expertise and we agree wholeheartedly with CESG when it says there are now other, more secure, ways to accomplish what password security has historically achieved, such as using one of the many sophisticated monitoring tools available.
As we are CESG approved to provide data protection services at the highest level of the HM Government we are extremely well placed to offer the best advice on this issue. We say the time has come to review traditional password protocols to ensure you are using the most secure and up to date methods available.

It is quite likely you have never heard of the term spear phishing, but it is an issue you would be well advised to be aware of. Let me explain:

Phishing is a term to describe fake emails used to trick or attack an individual or an organisation. Scam emails can be sent globally at any one time to millions of potential victims. Sometimes the content of the email will be a plea for help, usually financial, offering a once in a lifetime opportunity or tempting you to take immediate action. When you click on a link in a phishing email you will be taken to a malicious website where attempts will be made to gain access to your computer and access to your personal details, such as your bank account.

However, Cyber criminals are becoming much more sophisticated and are now more targeted in their approach and this has led to the emergence of a new and dangerous phenomenon – spear phishing.

Unlike general phishing, with spear phishing the cyber attackers carefully research their intended targets, such as gaining information from their social media accounts or from any other information they put on the internet from their PC. For example, they might scan social networking sites to find a targets page, their email address and their friends list. Often spear phishers are not after money, there are more likely to target specific organisations to obtain high level confidential information such as business plans, corporate secrets or plans for sensitive technology.

You may feel you are far too sensible to fall for a trick of this kind, but these cyber criminals are a clever bunch of guys and gals. Using information they have found the spear phisher can pose as someone you know and send emails which appear to come from a trusted source such as your accountant, solicitor, your bank or work colleagues. They will then try to trick you into handing over confidential and sensitive information that they can use for their criminal purposes. Every individual at any business, corporation or organisation is a real target for the spear phisher and we all need to take action to protect ourselves.

So, how do we protect ourselves from these clever cyber criminals, you may ask. Well, here at N2S, we have spent years perfecting our data protection services, so we truly qualified to advise on this matter:

  • The first step in protecting yourself is to be aware you and your organisation are a target
  • It is advisable to limit the amount of personal or sensitive information you put on your social media      accounts or websites. This will make it more difficult for the cyber criminal to effectively research the  details they need to trick you
  • Unless you are 100% sure of the emails origin avoid opening attachments or clicking on links
  • If the email comes from a person or company you know, then use the contact details you already have for  them
  • If you an employee or sub-contractor support the security efforts of the company you are working for by    following appropriate guidelines and policies which may be in place
  • Use security tool such as antivirus software and encryption
  • Think about your passwords. Always vary your passwords, do not regularly use the same one of different platforms. Do not make password obvious, for example by using your initials, make them difficult for anyone to workout. Have a different password for every site or platform you use and change them sporadically
  • When you get notices from software vendors to update your software, do it. Most operating system and browser updates included additional security measures
  • If an email seems strange in any way or you feel you may have fallen victim to a spear phishing attack then inform your help desk, security team or even the police immediately.

In the modern world companies depend more heavily on IT assets and hardware than ever before. As such it is becoming more and more difficult for an organisation to keep track of all IT assets, particularly hardware and hardware waste.

It is becoming common place for members to staff to struggle with more complex systems, for a company to lose track of hardware and to run into a number of complicated issues on hardware waste. These issues can lead to unnecessary downtime, decreased productivity, increased chances of data breaches and missed opportunities to make money from the reuse of redundant equipment.

However, with a robust asset management policy in place most companies can avoid the issued outlined above and ensure its IT infrastructure is managed, maintained and tracked in the most efficient manner.

Below I am happy to share with you some vital steps you need to take to ensure you are handling your hardware assets in the best possible way.

1: Plan disposal

Hardware disposal used to be as simple as throwing out old equipment but that has all changed. Companies now face huge financial penalties for data breaches meaning disposal must be carried out in a safe and secure fashion. The most efficient way to ensure safe disposal is in the planning.  Hardware asset management identifies when equipment is nearing the end of its life so organisations can organise and plan appropriate disposal.  Good management includes the physical destruction of all data, data back up and ethical disposal and recycling of equipment.

2: Regularly maintain

Effective hardware asset management ensures all equipment is tracked so companies know when assets need servicing or repair, saving long term costs.

3: Identify your needs from the outset

It is essential to map out IT needs from the outset. Good asset management allows you to identify any potential compatibility issues between network devices and your hardware and software.

4: Track, track and track

Hardware asset management is also an effective tool in tracking down missing hardware. All assets can be uniquely tagged for immediate identification. When assigned to a specific person or department it is simple to identify who has responsibility for and access to the missing items.

5: Elimination

A key questions organisation should ask themselves is do they need all the hardware they possess. Having too much equipment can lead to unnecessary costs. Just think, how the costs mount up; purchase price, operation costs, maintenance repair and disposal.  Good hardware asset management will ensure all personel and departments will have all the equipment they need but will also eliminate unnecessary purchases and associated costs.

In today’s IT driven world, it is becoming both increasingly important and difficult for businesses and organisations to keep track and control of their IT assets.

To maximise efficiency and value of IT assets it is vital effective management and tracking procedures are in place at all times. However, research shows many companies are finding it difficult to keep track of their IT assets and their current status.

Businesses today operate on a broader, more global scale with IT assets often purchased, implemented and maintained by different departments in various locations. Combine this with the fact that IT infrastructures are constantly changing and evolving, you can start to see where the difficulties occur.

Often IT infrastructures are so diverse companies can’t accurately manage important issues such depreciation of equipment, possible return on investment, adhering to licensing agreements, measuring running cost or system usage. The result of such issues inevitably result in inflated and unnecessary costs, ineffective performance, unplanned downtime and wasted opportunities.

IT asset management (ITAM) solutions can help solve all the above issues and when implemented with skill and professionalism will help organisations gain more effective control over their IT infrastructures. These systems have been so effective at helping companies derive greater value from their IT investments that the demand for such services continues to grow and grow. ITAM solutions enable businesses to implement effective technology-related functions, including purchasing, engineering, administration, inventory management, financial assessment and tracking. ITAM enables the effective and cost-efficient management of all technology assets from the beginning of their lifecycle to the end.
This means from procurement and implementation, to ongoing maintenance and through to redundancy and replacement. Armed with this information, organisations can improve infrastructure efficiency and performance, and minimise related overhead expenses.

Here at N2S, we have always offered a comprehensive ITAM service, but thanks to our exciting new partnership with Trackit Solutions, we are able to take this service to a whole new level, beyond anything else we believe is currently available on the market.