In one of my previous post I argued that in cyber-warfare, we’re all made collateral victims for lack awareness. The following article from the WSJ harkens back to that notion. It describes how small business have been left to fend off increasing sophisticated tactical attacks, because they’re seem as soft targets of opportunity. A simple strong password policy and management and go along way to achieve target hardening. It’s sure to be the most sensible thing we all can do to protect our confidential information.
Passwords 101: How to Protect Your Company’s Data
Wall Street Journal (10/28/09) Richmond, Riva
Strong password protection is essential to ensure the security of company data. Small companies often do not employ the same level of protection as large companies, making them even more vulnerable to a breach. Experts say that small companies should take the time to teach employees better password strategies. Workers should choose passwords that are difficult to guess- with at least seven characters- including numbers, capital letters, and symbols. They should also have different passwords for different company and Web applications, and should change these passwords at least every 90 days. These passwords should not be written down or recorded in any way, and should not be shared with anyone. System administrators should also be sure that they can control which employees have access to data, and that they cut off access for former employees. There are a number of technologies that can help companies achieve these objectives, but the first step any company needs to take is to look at its own specific security needs. As Todd Chambers, an executive at access-management company Courion Corp. says, “There is a risk-management process that every business should go through.” Such an assessment should take into account the sensitivity of data the company stores and how much damage would be done to the company and its customers if that data were to be breached. If the company does not store sensitive data, employing the services of competent IT personnel may be sufficient to protect information. However, companies that do have sensitive data should consider hiring security experts to set up and maintain an adequate cybersecurity system.