Keeping data and systems safe, accessible and fully backed-up.

, , , , ,

Passwords, encryption and good practice

Passwords should be complex and changed regularly. Encryption should be implemented for any business critical information and especially for any information which is mobile or transported in any fashion. Why then do we still get asked the question “why do we need to change our passwords so often” and “do we have to have such difficult passwords”?

Admittedly a good policy is not to just enforce password changes and complexity, as that only satisfies the need for security without taking in to account the needs of the users, therefore, account lockout policies should not be applied haphazardly. While you increase the probability of preventing unauthorised access to your organisations information, you can also unintentionally lock out authorised users. This can be quite costly for your organization, in loss of productivity and inability to carry out functions which could be brand or perception affecting.

In the age of simplicity and self-service we’re big fans of the ability to synchronise user information, securely of course, using the Azure AD Service. Coupled with an on-site Appliance, which enables self-service password management, information is secure, organisations can easily adopt cloud services, providing employees and partners with an easy single-sign on experience. Most importantly users and administrators are frustration free as users are able to manage their own passwords without intervention. As long as they can remember their security questions!

All of which makes us happy. Our customers are secure from network attack and self-managing. Azure AD Basic is free and we use Nervepoint Technologies, a UK company, for our Self-Service Appliance, which in the non-Enterprise version, is free for unlimited users.

, ,

Cyber Security and Cyber Fraud

Cyber security and cyber fraud. Look, there is no easy answer to this, albeit many pundits, commentators and politicians would have you believe there is. First of all, I’m a technologist, I love it. However, technology does not hold the key to the solution to this issue. The simplistic application of some ethereal technical solution is laughable. Politicians are especially prone to this quick fix approach, quite possibly because they surround themselves with self-publicising ‘experts’ who know who they’re talking to, but don’t know what they’re talking about.

I read a statement a couple of days ago by Ed Vaizey, Minister for Culture, Communications and Creative Industries, that companies should encrypt their data. Now that’s an excellent idea, but what are we encrypting here and how are we encrypting it? Is it the communication between the consumer and their browser and the server of the provider? Is it the storage volume of the data? Is this all data? All communication?

What is being asked for is in actual fact already carried out, especially the communication of data via the Internet through your browser. But who’s to say your computer has not been compromised because you’ve not updated it for six years? Or that you are completely secure, yet accessed a website in order to move your life savings by clicking a link on an email? Much of the information a fraudster would need can be found by rummaging through the bins, the only cyber element here is that fact that millions of people can be targeted.

Vaizey’s other bright idea was even more worrying, some form of Kite Mark (BS/ISO) in order to denote an organisation is ‘safe’. An organisation such as TalkTalk, with the processes and procedures would easily achieve such an approval. Sadly, if you listen carefully to what TalkTalk are saying, they did have a data breach, however, the data could not be used on it’s own. It can be used to fraudulently acquire funds in the same old-fashioned way. Conning someone into believing that they’re something they’re not.

Oh wait! That actually gets to my point. If someone calls you and offers you something which could be too good to be true, it probably is. Education and empowerment of individuals is money far better spent than on a distraction such as a Kite Mark. I’m old enough to remember the Green Cross Code and Klunk-Click Every Trip from the seventies. Perhaps it’s time we have more educational initiatives based around todays’ issues.

Where we’re not really geared for mass re-education programmes, we can help with the deployment of Unified Threat Management devices to mitigate your business users’ mistakes, coupled with excellent understanding of best practice for your users.