There have been many stories of major company sites, such as Playstation (Sony), being successfully targeted by hackers. They managed to collect thousands of passwords, credit card information and other personal information. This data is used to either sell to a criminal organisation or perhaps engage in criminal activities by the hackers themselves. If these black hat hackers can steal this information relatively easy (if you know what you are doing), then how can we make sure our data is safe.
The same goes for companies, large and small. They too have to protect their data and client information. So, security of the data starts with the employees, right?
Well, that obviously assumes that organizations have enabled the necessary security settings on their infrastructure and also communicated these clearly to their staff.
- When is the last time you reviewed your organization’s password policy?
- Have you audited your IT systems, to make sure passwords are set to expire?
- Do you have a password policy and has it been communicated to your staff?
Those are just some of the questions you should start looking at. Security of data and information all starts with a password. Would you hang your house key next to the front door?
But why do you need to have tougher password policies? Well, many sites in the wild internet that require a password, often let the user create a very simple password. These simple passwords are as a result simple to crack. What’s even worse, many users will use simple password for the majority of their online activities, which that once one password is cracked, then the criminal heads could access all the other accounts you’ve created.
By enabling a strict password policy within your organisation, require eight or more characters and alphanumeric character, you have reduced the possibility of your staff using the same password for personal sites. Also, by enabling a frequent password reset cycle, you strengthen the security further, and that forces staff to start thinking security when creating their next password.
There are other methods hackers can take to get access to your data, but at least you’ve closed down one avenue for them, and made it less attractive to “attack” your data.
Some of the other measures that you should look at is hardening of the web server, firewall software, router/switch security, file encryption, hard drive encryption and perhaps even restricted browsing capability.
HiberniaEvros would be delighted to discuss these topics in more detail with you, and share our experiences of how to increase the security within your organisation.