The other night I was watching the movie, “Gone in 60 Seconds” with Nicholas Cage. If you’ve seen the movie, you will recall the scene where one of the new kids brings in an El Dorado Cadillac along with a big smile, naturally feeling proud of his accomplishment. Instead, he was promptly scolded. Not only was it too easy to “obtain” the car (the keys were left in it), but the car was not even on their list. I guess that is the difference between a professional and an amateur.
I bring this up because it reminded me of something I saw earlier in the week. I saw a post-it where someone had written a system password on it and stuck it to their desk. While this may seem convenient, that behavior left their system open to any amateur with curious eyes.
We do all kinds of crazy things with our laptops and desktops, leaving our systems open to intrusion, even if our companies aren’t on the hit list of some hacker.
Here’s an analogy. If you parked your vehicle in the parking lot with the windows down and the keys on the seat, you are inviting every neighborhood amateur to take your car for a joy ride.
When you lock the door and pocket the keys, you eliminate a large number of the threats. Of course, there are those individuals who are capable of breaking into a locked car and hot-wiring it. This is why we have car alarms, steering wheel locks, kill switches, and lo-jack to further deter those that would attempt take our vehicle.
But even then, there would still be a few individuals who could get around these protection systems faster than you can say “Cat in the Hat.”
Fact is, with every level of protection you put on your car, you reduce the number of people who are capable of gaining unauthorized access. But eventually, you reach a point where only a handful of people have the skills and abilities to take your vehicle no matter what type of intrusion prevention methods you use. It’s only a matter of them wanting it badly enough and having enough time and money to take it.
Our information systems are just like our vehicles. Most of us leave our systems out in the open unprotected, allowing even the janitor to gain access to our information. Naturally, the more steps we take to secure our system, the more knowledge a hacker will require to gain access.
Security steps may seem a little inconvenient at times and will require some variations on your standard operating procedure. But the prize at the end is a little more peace of mind and a lot more security for your clients and customers. Here are 4 steps you can take to secure your system:
Set up your laptop to require a username and a password.
This is an easy one. Most laptops and desktops come set up in the fast-switch mode, the standard windows operating configuration. So the last person to use the machine will automatically be logged in when you power the machine up the next day. Extremely fast and convenient if you happen to be the only user registered on the machine. And really inconvenient if you laptop falls into the wrong hands. The solution here is to 1. make sure every user on the machine has a password; 2 insure that they have to use the password to access the machine. You don’t want just anyone to turn on your system and come up with you logged in. They will have full access to all of your files and data. Put an end to that behavior. Go to your control panel, select the “User Accounts” and change the way users log on.
Set up your screensaver to require a password on resuming activity.
How many times have you been working on some sensitive data, took a walk away to get a cup of coffee and got pulled into a quick, 15 minute, stand-up meeting? When you got back, you simply wiggled the mouse and your system came back up ready to work. So, how many other people have wiggled your mouse and have peeked at your sensitive data? How many times have the room that you’ve were working in was co-opted for a quick interview while you were off to the restroom and they just needed it for the next 15 minutes or so? Who is looking at your data while you are away? Who is connecting a USB drive to your system and downloading your information?Think it doesn’t happen? Well, here is one way to make sure that it doesn’t happen. Right click anywhere on the screen and highlight properties. Hit the “screensaver” tab and then check the box that says “on resume, password protect”. Also, whenever you leave your system, simply put the system into standby or close the laptop (it will automatically go into standby). When it is taken out of standby, it will ask for a password before work resumes.
Choose a decent password (something with more than 10 characters and is not easy to guess).
This goes without saying. In your control panel, click on the “User Accounts” icon. Then, click on your user name and click on the “Change The Password” link. When selecting a password, stay away from things that a hacker can figure out from digging around in your dumpster or checking your online profile. Avoid names of people in your family, pet names, birthdays, former schools, etc… and avoid making your password too short. It’s a lot easier than you may think to brute force an 8-character password.Back in the day, when the Sun “pizza box” work stations were all the rage, one of my old friends had a rather unique method of generating his passwords. Whenever he needed one, he would pull out his bible and find a phrase with 10 to 15 words, take the first letter out of every word, capitalize certain characters and substitute letters for numbers where appropriate and… Voila! He had his password. I would suggest that you try a similar tactic when you create your passwords. Just make sure you remember the phrase used to generate it.
Don’t write your passwords down on paper and keep them taped to the bottom of your laptop.
What good does having a decent password do you if you have it taped to your laptop or on a printout next to your desktop for everyone else to find? Now you may argue, “But we all work in an office environment and we trust each other.” That may be so, but you still invite people in for interviews, your company still gets deliveries and mail, and you still have vendors coming in to do presentations. And in case you haven’t noticed, every cell phone made today comes with a camera built in. No one needs to write your passwords down when they can simply ‘point and click’ in real time. If you are in an office environment and you are working on a secured wireless network (either WEP or WPA), make sure that your team does not have the access key printed and posted for easy reference, or for an even easier photo op.
Coming next: 3 simple technical adjustments to keep information private.