CCSiT

 
Category Archives:

News

Password Security

You, Yes YOU! are responsible for keeping your company data secure!

Most external access hacks are caused by employees being careless with regards to their user account security. Statistics prove that 60% of the businesses in Australia that have had their data held to ransom and not been able to get it back – have closed their doors in 6 months. Do you really want the loss of all your co-worker’s jobs to be because of you? If you hate them that much, do yourself a favour and quit working there.

ALWAYS REMEMBER that your password is the front door key to your business. If a hacker obtains it, there is NO WAY to prevent them from accessing your systems and doing really bad things with your company or customers data.

The good news is that it is actually easier than you think to have – and remember – a secure password.

Currently, the standard for being secure is to have a password that is a minimum of 14 characters long and contains UpperCase, Lowercase, Numbers and/or characters.

Sounds difficult!  But, there are some simple tricks to make this easy to remember:

Easy Password creation examples:

A short sentence (called a PassPhrase)

  1. Eg: ‘1 have Br0wn Hair’ – 17 characters long (which includes spaces which are special characters), all requirements met, super secure, easy to remember.
  2. Eg: ‘Br1sban3 Br0nc0s t0 WIN’ – 23 characters long (which includes spaces which are special characters), all requirements met, super secure, easy to remember.

OR

A keyboard sequence (called a PassSequence)

Eg: ‘1qaZse4rfVgy790-’ – (16 characters long, all requirements met, super secure, easy to remember)

CHOOSE YOUR OWN PATTERN! THIS ONE IS TAKEN!

The latest opinion and practice (Already adopted in the US Defence and Government departments) for keeping your password secure has now turned away from forcing you to change it every week or month (Finally!!) to instead having the risks and the rules of security explained to their staff and then trusting their staff to do the right thing.

The rules for keeping your password secure are:

  1. Do NOT tell it to anyone! Not ever!
    • If you need to give someone else access, change your password first, give that to them and then when they have finished, change your password back!
  2. Do NOT use it for any other login type such as Facebook or Supplier Log-in or Gmail, etc.
    • Hackers know a lot of people use the same passwords on multiple online accounts so purposefully harvest as many username and password details they can from less secure sites and then try that combination everywhere.
  3. Do NOT record it on your phone, computer, cloud storage or in your email.
    • You may think your phone is secure and no-one can hack into it. After all the high-profile cases of actors and public figures having their phones hacked do you really still think that? Email is certainly not secure.
  4. If you suspect it has been compromised – Change it as soon as you can!
    • You think a fellow employee watched you type it in, or you suspect that someone was looking over your shoulder when you were logging in remotely from the airport, or you did not realise that a security camera was right above you…
  5. If you know it has been compromised – Change it and tell your IT department what happened ASAP!
    • You saw someone writing it down when you were logging in at the airport, or you know that at the staff Xmas party you may have mentioned how awesome your password was…
  6. If you FORGET it, just give your IT department a quick call and they can reset it. (Even they have no way of finding out what it was – they can only reset it to something new)

Yup, it is all fairly simple to protect your job, your company and your fellow employee’s jobs by keeping your password secure.

It is also easy to be lazy or believe it couldn’t happen to you and as a result, kill the whole company. Hackers know there are still a lot of people out there who think they know better when it comes to security. In fact, they make a living off it.

If you want more suggestions, tips or even a free basic assessment of your organisation’s password security (IF you are in the Brisbane Region) give us a call here at CCSiT. 07 3376 3033.

Business data theft

How to Prevent Data Theft in Your Company

Are the most important and confidential files for your company stored on the computer? What happens when a disgruntled staff member leaving the company, just happens to take those files with them? The worst part is, once those very important documents leave your office, you won’t have any control over what is done with them.

As Brisbane’s leading provider of corporate IT consulting, at CCSiT it’s our goal to ensure your company makes the right IT decisions. No matter how much you may trust your staff, data theft is a serious issue and that’s why we urge you to implement an IT Data Policy with your company.

While every business operates differently, we have compiled some general guidelines that you can follow, to prevent data theft in your company.

1. Determine policies and staff expectations

The first step is to draft up your policies and very specifically state what is acceptable and what is not. By stating the exact expectations of your staff, you will remove any chance of misunderstanding or confusion. Once you have decided on appropriate policies for your workplace, have all employees (including management) sign confidentially agreements. This can be then become a part of your induction process when new employees are hired.

2. Control and monitor data access

Make the most of what you’ve got. Chances are the programs your company are using day in and day out, namely Microsoft Office, have great data protection functionalities. By protecting documents with a password, you can control who has access to the files, as well as the ability to edit a document. The easiest way to prevent documents getting in the wrong hands is by limiting access to minimal staff, and possibly on a required only basis. You should be regularly monitoring which employee roles require access to confidential files, as well as which employees actually do have access.

3. Immediately remove access

When a staff member leaves the company, their access to company data should be removed immediately. Whether they are leaving on good terms on not, as you will have already raised in the policies you prepared and confidential agreement you had staff sign, no company-specific documents or files are to leave with them. When removing the access to data, be sure to consider files that may be saved on any servers, networks, cloud, or work desk computers.

While these actions may seem severe, by being cautious through implementing these preventative measures, you could save your company a lot of money and heartache down the track.

If you would like further clarification on how to secure your company’s confidential files, give us a call today on (07) 3376 3033.

Could your computer be held hostage?

Did you know criminals can gain access into your computer and hold you hostage?

This has become a booming crime in Australia, and the worst part is, the Australian Federal Police (AFP) can do nothing about it.

The Australian Government’s Computer Emergency Response Team (CERT) issued a publication to warn of the ransomware campaign targeting Australian businesses: Ransomware is a type of software which restricts access to a victim computer system, and demands a ransom to be paid to the perpetrator in order for the restriction to be removed.

But what exactly does this all mean and how can it affect me? What happens?

By cracking your password or gaining unlawful remote access to your computer, an encryption program is downloaded on files you require for normal business operation, e.g. MYOB, PDFs or Microsoft Office files. When you go to access the affected computer a ransom message will appear preventing you from operating on the computer any further. The message will tell you that your computer, plus any external drives you may have attached to it, has been encrypted and will only be returned if you pay (the current amount of $500) to a specified overseas account number.

Am I an easy target?

You are at risk of being held hostage if you own a business network computer. Be aware though, this crime is expected to also spread to home computers. What are the two main danger alerts that make you stand out as an easy target: using passwords on your software easy to crack, and/or using the same password as login details on websites. If you have remote access on your computer system you are also highly sought out by these criminals.

Anything else I should know?

According to CERT, so far criminals have returned access to the computers when the person has paid. However, doing this is not recommended as it will only encourage the criminals to continue this practice. You should also be aware that even by paying, it won’t guarantee your computer being returned in its original condition, or stopping it from being comprised in a fashion that allows for further ransom demands.

The scary part is both national bodies; the CERT and AFP currently can’t do anything to access details of the perpetrators. The bank accounts being used by the criminals are located in foreign countries, and therefore prevent the CERT and AFP having any power over accessing the account holder details.

If your computer is encrypted, while it may only affect some of the data on your hard drive, the criminals will ensure it is data that elicits a payment from you for the recovery. It may include anything from email files, database files, document files, spreadsheet files, backup files and other business related data stores.

In a case investigated by our own CCSiT engineers, we found the data on the hard drive could be accessed using various methods enabling the identification of encrypted files; however none of the affected files were recoverable.

Further investigation of the affected hard-drives revealed the data had been removed and the drives were subjected to an overwrite process, likened to a military grade wipe/rewrite. The data was then replaced on the drive in different physical locations on the disc platters, further complicating any recovery attempts. Basically, it meant even specialist hardware data recovery firms couldn’t find the data to recover. The drive had been completely wiped of any history.

What can I do if it does happen to me?

The two most likely options for you are either to; pay the ransom and obtain access back to your data (NOT recommended), or have your computer completely reformatted, restoring your latest data from the most recent unaffected backup.

So what steps I can take to prevent this?

  1. Password Security

For access to your business network change your password to a pass-phrase. Instead of a single block of letters and numbers, use a short phrase that you invent and cannot forget. E.g. < My Daughter Turned 1! > You should include spaces, numbers, uppercase/lowercase and at least one character such as an exclamation mark or asterisk. Note, only ever use the password for access to your business network, never for any other application as well.

  1. Backup Routine Integrity

You should be conducting frequent backups to a removable medium (Hard-drive, Tape, Disc, USB stick), physically removed from the network. There are many options, and for a corporate environment you should choose a solution designed for your particular requirements and operations. CCSiT can help you formulate the most effective solution.

  1. Shut down computers when not in use

No one can access your computer remotely if it is turned off. This is also a great idea in terms of reducing fire hazard, heat reduction and electricity usage in the office, along with enabling computer system longevity.

We’ve Moved

Big changes have been happening at CCSiT this year. The big one was a move to our new offices in Sumner Park. Aside from a great new open plan workspace for our IT guys, we also have the perfect space for our hosting servers, guaranteeing only the best corporate cloud solution and service. If you have popped by for a visit, you will have noticed we have a relaxed new reception area. Everyone is loving the new premises and layout.

The other big change is our new website, thanks to Ronin Marketing. Stay tuned for fresh updates, regular IT industry news articles and helpful business and personal technology tips and tricks through Facebook and Google Plus.

Need Help Now?

Simply give us a call or shoot us an email and we can make your life easier straight away!

Call us on
(07) 3376 3033

Send an Enquiry

newsletter

Latest CCSiT News