If everybody’s handing out security advice these days, what’s a good strategy for sorting through the various ideas? How can you pull out the essentials?
Trust
Yes, it’s a matter of trust. My hope is that you’ve developed a great relationship with your managed IT service provider and can lean on them to bring out the best ideas, and answer questions that inevitably come up.
Accepting Reality
I’m old enough to say “back in the day”, and back in the day we had seven or eight accounts and thought it was a pain in the ass. Little did we know that it’d get worse – much worse…
Dashlane shared that in 2015 the average user had 90 different online accounts!
In order to manage this overflow of accounts, end users make perfectly understandable, but insecure, choices:
- 38% Write passwords down on paper
- 17% Use the same password for multiple accounts
- 9% Keep passwords on a file on their computer
And these choices reduce the security of their online presence. And this doesn’t even touch the concept of shared organizational resources!
Making IT Secure
And while computers can place filters on password creation to encourage “better” passwords, the reason we need to do that is because, given no guidelines, fully a third of all passwords would end up abc123…
Coming up with a password should be more robust than trying to figure out a new way to manipulate your beloved pet’s name and birthday.
And Another Thing
If in addition to a username and password, logging into critical applications required the person to “have” something, that would clearly stop intruders. The most common tool that we can employ is a cell phone – we’ll have another level of confident if we require a code from a cell phone app in order to login.
The Two Fundamental Steps
And so, every user needs a digital vault for account information. And every environment that allows an additional key at login time needs to be configured to do so.
The best digital vaults will assist in the creation of arbitrary passwords that meet stringent composition rules, store those passwords, supply those passwords when logging into web sites, and allow teams to share specific secure information between themselves. We’ve selected Lastpass as our preferred vendor. It doesn’t mean you can’t choose any of the options out there – but if you’re going to ask us to assist, you probably want to use the one we’re familiar with.
And while not all environments support Multiple / Two Factor Authentication (MFA/2FA), Office365, Google, and many other useful sites do. There are several different apps to choose from to load on your Android/Apple phone. Some are free, others come with a modest subscription. For practical purposes, pick an app that is native to your device and works with your most important sites.
BTW – when Lastpass is setup it requires that second factor…
If you have additional questions, we’d be happy to talk. The fun starts when you bring up the unique situations that face your organization.
In the Rochester area, CMIT Solutions provides local, responsive IT support and technology services for small to mid-sized businesses. As your IT partner, we ensure systems are running, your data is secure, and your staff is productive. Backed by a national system, we have over 200 locations across the country with local ownership in Rochester.
Steve Tylock is a systems infrastructure professional with broad information technology experiences in servers, desktops, networks, security, applications, team development, and solution architecture across the domains of business, education, government, and manufacturing. He specializes in analyzing environments leading to strategies and plans for growth and excellence.
