A good workman never blames his tools, as the saying goes. I have never quite agreed with that as every time a job needs doing in the garden or house, the best part of the whole thing is buying a new tool! However, having the right tool does not guarantee that the job will be done well.
A similar process happens with IT security. The temptation is to always run out and buy the latest security products. By having those products we will somehow become immune to all risks; the hackers will be kept away, the users will never surf to malware infected sites.
There is no denying that a good UTM firewall – like Sonicwall – will help control these risks. However, the issue is that many security breaches and risks do not occur via the front door – they don’t need to as there are hundreds of other ways to get in.
In the recent hack on Adobe, they reverse engineered the password list. Out of the millions and millions of usernames and passwords stolen, 1.3 million users had set their password to be 123456, closely followed by 1234567 and adobe123. In August, Google did some research into their users passwords, and found that for 1/6 of their user base they were using their pet’s name. This makes it all pretty easy to hack if you want to log into somebody’s account, or steal their license keys, or read their email, or read their bank statements which were sent to them on a pdf in their email etc etc.
In fact so much of our life is posted online these days, as our partner – mkryptor – highlighted in our recent seminar, it is fairly simple to gain a whole profile of somebody just by looking at standard free websites. A great example is one company only asking for the month of your birth, another asking for the day. Together with your school record listed in Facebook, somebody can quickly work out your date of birth. Of course if you post pictures of your adorable kitten on Facebook, then there is a good chance that 1 in 6 of you are using ‘fluffy’ as the password to Google right now.
In businesses, security needs to start with policies set by management; making sure that all employees in an organisation know the procedures to keep data safe, making sure they don’t save files onto unencrypted disks, or send emails in clear text containing the latest balance sheets
The right tools then help reduce risks further, making it easier to implement safer and more secure systems. This is why, having established a password policy, many of our clients are using or considering using two factor authentication to add an extra layer of security on top of the ‘fluffy’ password.
If you want advice on any aspect of IT security, including thinking beyond the tools – maybe a review of how your organisation deals with risks – please do contact us.
Contact Instant On IT for: IT Security, Cloud Services, Infrastructure Consultancy, IT Management & Support