Friday, November 20, 2009
The 'ABCs' of Password Management
Today's typical user has about a dozen systems they need to access with a user name and password. While passwords are an important and almost inevitable part of our everyday lives, they can put your organization at risk of financial and reputational damage if they are mishandled or compromised. Thus, it is important to be careful when choosing a password and logging in. Here are the "ABCs" of password management, with advice on how best to protect yourself when accessing your small business’ information—and your own:
1. Always be confidential. You should never share your password with others, period. Anyone else who has your passwords can impersonate you—accessing information and making transactions without your knowledge and leaving you to deal with the resulting problems. If employees want your password to access a given service, have them contact your IT department and get their own accounts. Nor should you reveal existing passwords when getting computer service; your help desk should be able to change your password for you or log on with its own account. And always be aware of your environment, watching out for ‘shoulder surfers’ who might watch you access your systems.
2. Be current. Make sure the computer you are using is up-to-date with the latest security software from one of today’s main vendors. Be sure, too, that you have an active subscription to updates and have regularly scheduled automatic scans of your system. Antivirus software alone is not enough, so look for a complete client-protection package from the leading vendors, including anti-spyware, anti-malware, host-intrusion prevention, and a desktop firewall. Unless you are properly protected, software can be installed on your system to watch keyboard input and easily steal your passwords without you noticing anything,
3. Consistently break consistency. Don’t use the same password for all systems. If your Gmail password is the same as your Chase Online Banking password, someone who compromises one system would logically and successfully attempt to use that password on all of your other systems. Separate any work passwords from personal banking passwords, and keep these distinct from your personal e-mail and social networking accounts. This limits your risk exposure.
Article taken from : http://www.businessweek.com/
Jared Beck
Senior Security Architect
Dimension Data
New York
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
1. Always be confidential. You should never share your password with others, period. Anyone else who has your passwords can impersonate you—accessing information and making transactions without your knowledge and leaving you to deal with the resulting problems. If employees want your password to access a given service, have them contact your IT department and get their own accounts. Nor should you reveal existing passwords when getting computer service; your help desk should be able to change your password for you or log on with its own account. And always be aware of your environment, watching out for ‘shoulder surfers’ who might watch you access your systems.
2. Be current. Make sure the computer you are using is up-to-date with the latest security software from one of today’s main vendors. Be sure, too, that you have an active subscription to updates and have regularly scheduled automatic scans of your system. Antivirus software alone is not enough, so look for a complete client-protection package from the leading vendors, including anti-spyware, anti-malware, host-intrusion prevention, and a desktop firewall. Unless you are properly protected, software can be installed on your system to watch keyboard input and easily steal your passwords without you noticing anything,
3. Consistently break consistency. Don’t use the same password for all systems. If your Gmail password is the same as your Chase Online Banking password, someone who compromises one system would logically and successfully attempt to use that password on all of your other systems. Separate any work passwords from personal banking passwords, and keep these distinct from your personal e-mail and social networking accounts. This limits your risk exposure.
Article taken from : http://www.businessweek.com/
Jared Beck
Senior Security Architect
Dimension Data
New York
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Subscribe to Posts [Atom]
