IT Security

Wayne’s IT Security Blog: The importance of using strong passwords

Wayne Harris, Compliance Officer at ITCS shares his monthly IT security blog – this month, he talks about the importance of using strong passwords

OK, so we’ve secured the firewalls, Installed AntiVirus, filtered out the spam, locked down your desktop PC, encrypted your drives and enforced password complexity – what could possibly go wrong?

Well, if you are using the same passwords for multiple accounts, sharing passwords with others, writing them down, using weak passwords, dictionary terms etc, then you should consider yourself as the weak point in the system!

Commonly used passwords that a hacker will try

Do you recognise any of these commonly used passwords?

These common passwords make it easy to hack into your account – so if one of them is familiar, change it now!

Other insecure passwords

Are you using names of loved ones, favourite sports teams, new film release? Even if you are subtlely changing these by the use of additional numbers, replacing characters with numbers, recycling passwords with sequential numbers etc. you should consider your passwords weak – and change them.

Don’t forget Social Media

Often people don’t think they are at risk – until it happens.  Even on social media, which is seen as ‘just for fun’, being hacked can be horrific. Social media is often where people have the least secure passwords, yet that password protects details about the most important people in your life.

You may wonder why people would bother to hack a social media account, but usually all the information people include in their passwords (family names, friends names, pet names etc.) is available for all to see – often even without a hack!  Plus, social media attacks can be incredibly personal and have a big impact on your life.

Many people use the same password on social media that they use for their work accounts, email accounts etc. Be smart and use secure passwords everywhere, at work and at home, and use a different password for each account.

Who would want my information, anyway?

If your password was compromised consider what information would get in to the wrong hands, especially if you use the same password on multiple accounts.

At home, this might be access to your emails and contacts which start spamming, or access to your financial information/bank accounts etc. At work, this breach might take down your network if you are targeted by hackers, causing expensive downtime and irreparable damage to your company reputation.

Secure passwords

No password is 100% secure, however you can increase your password security by following standard protocols.

Make passwords longer

While most password systems allow you to have 8 characters, we would recommend using a minimum of 9 or 10 characters – and your passwords should be changed regularly (we recommend doing this monthly).

No Names Rule

Passwords should NEVER contain names or usernames, and should also follow the standard ‘complexity rules’.

Password Complexity Rules

Strong passwords normally incorporate 3 out of the 5 characteristics:

  • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
  • Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/
  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

It goes without saying that writing down passwords, or sharing them with others is an insecure practice.  Guard your passwords like you guard the PIN to your credit card!

CyberCrime is on the increase, and you have a part to play in the defence of your network. Secure your passwords now, and make sure you keep vigilant as to the risks that we all face.

If you have any questions or concerns around computer security, please don’t hesitate to contact the ITCS support desk on 08456 444 200, we are always happy to help.

WebWayne’s IT Security Blog: The importance of using strong passwords

Research finds just 9% of SMEs teach staff about IT security risks

IT Security continues to be a key issue hitting the headlines for SME’s.  The ITCS team saw new research released today, which worryingly found that only 9% of SMEs offer training or send emails to educate staff about  IT security risks.

Politecnico di Milano School of Management ran a Cyber Crime Observatory which analysed the information security systems and expenditure breakdown of 803 SMEs operating last year.  As well as the shockingly low level of awareness in SME’s. large firms were not much better, they found only about a quarter of the largest firms were educating staff on IT security.

This means that the majority of staff are unaware of the vital role they play in IT security – leaving most companies exposed to the increasing risks.

Alessandro Piva, director of the research observatory said: 

“Cybercrime has grown dramatically over the past months, alongside a continued rise in ransomware, where hackers demand payment of a ransom to release data, and attacks on products linked to the Internet of Things.

“The need for a long-term approach to how information and privacy are managed and the organisation’s data is kept confidential should be a top concern of a company’s upper management.

“It seems that smaller organisations don’t anticipate that they will be targeted as victims of cybercrime in the same way as, say, Yahoo in 2013, where a hack left over one billion users’ information publicly available. Yet without a contingency plan or any preventative measures, these companies are leaving themselves wide-open for potentially devastating cyber-attacks.”

So why are businesses being so complacent?  Brian Stokes, Managing Director of ITCS explains:

 “Actually I don’t believe UK businesses are as complacent as they were 12 months ago, because the new GDPR rules due to come into force next May are giving many businesses a wake-up call. However, the wake up call is bringing risks too.

We’ve seen new GDPR ‘experts’ pop up charging businesses huge fees to get them ‘GDPR ready’, when often the measures needed to reach compliance are quite simple.  

“We are offering any business a free IT Security audit and data health check.  It’s our way of giving something back to the South Wales business community we are proud to be part of. Security and compliance have always been priorities for the ITCS team and our Compliance Team will continue to support businesses ahead of the planned changes and beyond.”

If you have any questions about IT Security or GDPR, call 08456 444 200 and ask for our Security Team.

WebResearch finds just 9% of SMEs teach staff about IT security risks

Equifax data breach highlights need for IT security audits – it’s not ‘just an IT issue’, says ITCS.

Cyber security professionals are hot property at the moment, with a 70% increase in job vacancies across the sector. It’s therefore no surprise that that the ITCS IT security team are in constant demand.

The recent Equifax data breach and the Wannacry ransomware attack have made world headlines, highlighting the need for robust IT security, especially with new GDPR rules due to come into force.

Two Thirds of FTSE Companies have been hit by a cyber attack

IT security audits are increasingly important. In case you think your company can’t be affected, the 2015/16 Cyber Governance Health Check made sobering reading. Two-thirds of FTSE companies have been hit by a cyber-attack in the past year alone, so IT security audits have to be a high priority for every business, even SME’s.

Staff often pose the biggest risk to IT Security

HR and the C-Suite need to lose the view that IT security is something they can pass off to ‘the IT team’.

That’s because no matter how robust your IT infrastructure, the biggest security risk comes from inadequately trained or complacent staff. In fact, at a recent Cybersecurity event, 57% of cyber security experts said they would like to see human employees replaced by AI!

IT experts like ITCS can help provide a robust infrastructure, combined with security advice and training, and we can advise your internal IT team on how to carry out regular IT security audits.

However, it isn’t only an issue for ‘techies’.  Line managers and HR have a vital role to play in maintaining secure working practices on a day-to-day basis. IT security isn’t just IT’s responsibility – it’s everyone’s responsibility. The CIPD are now encouraging HR Managers to take the lead and educate staff on secure working practices.

Here’s some things you can do to mitigate your risk:

Tighten up your physical security

Hacking isn’t just done by anonymous remote hackers. Train your staff to challenge anyone who they don’t recognize (in person or on the telephone) requesting access to your PC or password information, and train staff to lock their PCs when leaving their desk.

Your password is not usually something you need to provide, and being asked should raise a red flag. If in doubt, check with IT before granting access. If your firm has an ID system, challenge anyone who doesn’t have company or authorized contractor ID. This is good common sense anyway with current terror threats.

Keep your IT systems up to date

If you don’t outsource your IT, you are responsible for updating your system. Make sure staff know what to do if their system prompts them about software updates. We can help if you aren’t sure what to do – you definitely shouldn’t ignore them.

Manufacturers often update their software in order to protect against a specific threat.  The Equifax breach apparently resulted when a staff member failed to apply a software patch in a timely fashion – affecting 400,000 UK customers alone (and an estimated 143 million worldwide). Ouch.

Offer regular IT security training and updates

Training in cyber security adds a layer of resilience. It means staff understand which threats are out there, how to prevent them, and how to deal with them when they occur.
Sending out a memo is usually ignored, so formal IT security training is essential – and your in house team should reinforce secure working practices in between sessions.

Drive home the importance of password security

Most people know they ‘should’ create strong passwords, but nonetheless choose the name of their child, dog or even their address.

It’s vital that employees understand the importance of this. Passwords are the first line of defence. Managers should enable their systems to ‘force’ the use of strong passwords, and frequently educate staff on the need for them.

Managing the risk of insider attacks

Disgruntled employees pose a very real risk, whether having their own agenda, or receiving an incentive from a third party. A disgruntled Morrisons employee who leaked employee data literally cost the company millions of pounds.

The first step to protect your business from insider threats is to carefully control who has access to what information. Staff should only have access to data they need to do their job, access to sensitive data should be controlled and recorded and access levels should be regularly reviewed, especially if job roles change.

A formal starting and leaving procedure should be followed, rather than just making changes when someone leaves. On leaving, the formal leaving process should terminate access immediately, not a few days later and any shared passwords (which should not exist anyway) should be changed.

ITCS offering free IT security audits

Whilst many customers rely on us for IT support, we believe IT Security is equally important.

We are happy to offer any business a free review of their current IT security with a thorough audit. We will advise you of the next steps to take and you can decide how to proceed next.

ITCS services include IT security consultancy and training. We can also ‘train the trainer’ if you prefer to deliver staff security training in house.

IT security remains a threat that businesses cannot afford to ignore, and staff need to be on board to help combat the threat. Wayne Harris, our Compliance Officer says:

“No matter how secure your systems are, your people have a vital impact on security. Alert and well-trained staff add an important layer to your security. Unmotivated, untrained staff simply add an additional risk – with so many threats these days, that’s not a risk worth taking.”

To take advantage of your free review, click here and complete the form at the bottom of the page – our team will be in touch.

WebEquifax data breach highlights need for IT security audits – it’s not ‘just an IT issue’, says ITCS.