blogarticle

security what is the single most useful bit of advice you could give me

I was talking to a colleague earlier today about writing an article that was a high value, "how to" article as part of an experiment that we are doing with Neil Simpson. Without hesitation the response was the title of this article and so here is my "how to" secure your data, be it on or off line. But first, let's give this some context ...

Competition time

People still use the same password for everything and don't implement strong passwords, e.g. password123 and was something I touched on in a recent blog: "how to remember secure passwords". Imagine having a single master key that opens all the locks in your office, home, car, locker at the gym etc., Now imagine someone getting hold of your keys ..... Having the same password to access your bank account and using the same one to unlock the next level of Angry Birds would be insane, wouldn't it?

We often get clients asking us to change system passwords to enable them to create user accounts using their favoured password and we have to say "no" and then explain why. We've even had clients demanding it and whilst a few years ago we might have given in, we no longer do.

So, how do you go about setting up and implementing a secure system for protecting your personal data; I'm not talking about GDPR or the Data Protection Bill that will be read in the autumn ... I'm talking about you taking responsibility for your own protection. So put away all the excuses, we've heard the all!

Risk assess your data and set-up protection that is appropriate, if someone managed to breach your security. When I worked for the Home Office in the early nineties I was involved in accessing risk associated with software applications we were rolling out. The "security expert" asked what would happen if the Sun (newspaper) got hold of data we held .... after some thought I surmised that could topple a government. Obviously this required some serious protection!

1. Categorise where data is held: on / off line and then determine of data held off line is still vulnerable. OK, so you have important contract document on your laptop and it's off line ... or is it? You are connecting to public Wi-Fi hotspots that are easily hacked, so is it really off line? These days nearly everything is accessible via a third party via an internet connection, blue-tooth, etc.

2. Implement a password policy that is robust. This means that you should not use the same password for any two sources; passwords should be a minimum of 16 characters that contain a mixture of upper and lower case letters, numbers and symbols. Work out a way to remember these - see article about how to remember passwords - and then change them every ninety days.

3. Protect off on-line content using an encryption application like Pretty Good Privacy (PGP) - see http://openpgp.org/ - to keep off line files safe and secure.

Consider reviewing your business by signing up to Cyber Essentials.

Lastly, remember that most hackers still view you as the weakest link! Social hacking is still one of the main courses of data breaches and I am constantly reminded of a story I heard years ago. An ethical hacker walked into a major banks headquarters and placed a box beside the main reception to the building with a simple message:

Write down your user name and password; the best password wins a case of champagne!

Within eight hours over 1,000 employees had entered the completion!

Cyber Aware

Date: 06/09/2017

gettingintouch

If you like to get in touch, please telephone our offices on +44 (0) 1364 582017 or complete our on-line form and we'll get back to you as soon as possible.

stayingintouch

Stay in touch with what we're up to at Ayrmer Software by following us on one of our social media feeds: we'd be delighted to welcome you as a follower on twitter, become friends on facebook or add us to your circle on Google+. You'll also find us on Linkedin, of course.

clienttestimonials

You need this booking system [CoB]! It is easy to use, the team are brilliant and very patient. This software is very easy to use. It saves me so much time with this software. I wish I never waited so long to get it. The prices is very cheap consider...

Andy Abel Managing Director
Sport Star Limited

Read more ...