Tuesday, 5 July 2011

IT Security in the small business – Part 2

It is still with some alarm that I come across people and their lack of understanding of the importance of keeping their passwords safe and making passwords more difficult than ‘12345’ or the good ol’ favourite ‘password’.

Passwords still are and will be the primary security mechanism for computing for many years to come.  A Password in its simplest definition is a word or string of characters that will authenticate and allow you access to the information you seek.

It is surprising that most people do not change the default the ADSL router passwords for example and even if they do, the password is changed to something easy like ‘12345’ and even further to this the password is left on a note stuck to the router.

Granted most people think passwords are a waste and a nuisance. How would you like it though if anyone could just access your details like for instance your bank details? Or gain access to your e-mail account or even get onto Facebook as yourself and say what they wish.

Since the majority of passwords are ‘12345’as proved in various e-mail hacks a couple of years ago, why are people still reluctant to change their default passwords? In many corporate companies, people are forced to change their password every 60-90 days. Yet in the small business, most computers do not have passwords, anyone can access the computers and worst of all if there is even a password set, the entire office knows what it is.

Often people will use the same password and username on all the sites they are registered for, so the username and password for Facebook will probably work on a number of different sites. People need to be taught about password management, how to construct difficult but easy to remember passwords.

The ramifications of a leaked password for a normal person are bad enough, but imagine now that person is the accounts person for your company. Most likely the password that person used is also going to be used to gain access to your accounting package. That is of course if there was a password setup in the first place to protect your data?

Further articles will detail some tips on how to manage and construct passwords.

No comments:

Post a Comment