Tag: Passwords

It Security Policies Can Cause Network Data Breaches

Dovell Bonnett asked:

It’s strange how the network security policies in place at a company can actually damage, rather than enhance their security. Security measures which are too stringent can lead to employees going around security for convenience’s sake. Employees can actually create security vulnerabilities which your IT department may not be able to protect against; because they may be unaware that they exist!

Not long ago, I spoke with the business director of a large company (I’ll call her Susan). Her company’s IT department requires employee passwords for their network be at least eight characters in length and be comprised of a random mix of letters, symbols and numbers. She also must change her passwords every sixty days. While Susan goes along with the security policies put in place by her IT department, if you were to walk into her office, she has her logon password written right there on her desk – “Password: 1jy^hndT”.

The work environment in many companies these days involves understaffing, tight deadlines and long workdays. When you add yet another complication into the lives of already overworked employees, it is only natural that they choose convenience over security. You see everyone doing this; from the CEO on down to the temps. While it sounds like a good idea to have employees remember complex passwords, what happens in practice is that it slows things down and leads to security being circumvented.

The real problem isn’t the security policy; it’s actually a very sound one – it’s the way that it is implemented which makes it a problem. IT departments are prone to ignoring the human factor when they design security policies. Most people can’t remember two complex passwords; and many can’t even remember one! By making employees change their passwords every two to three months, they further complicate the situation and practically force employees to engage in insecure practices in order to get their work done while still complying with corporate security policies.

This gives management a false sense of security when it comes to network security, since they don’t even know where to look for potential problems. Let’s say that someone copies down Susan’s password and logs in as her – the network monitoring software simply accepts as fact that she is working at 3 am. These security systems will not be able to prevent these attacks until the damage has already been done.

Password security which does not offer convenient implementation is not something which comes without a cost. Resetting passwords can take anywhere from 20% to 50 % of an IT departments time – this translates into about $70/incident. This time and money could be better used by your IT department. There are other costs; lost productivity when employees are unable to access the network.

A rule of thumb to keep in mind is that the greater the level of password security without a convenient management system in place, the more often you’ll need to do password resets. Smartcard security tokens offer a solution which balances productivity, security and technical support.

Smartcard based security tokens allow employees to manage network and computer security themselves without compromising the security of your corporate network. They do this by:

1. Offering double, two factor authentication – the user has the card (something they have) and the PIN (something they know). The computer has the card (something it has) and stored complex passwords (something it knows).

2. Being portable to other machines.

3. Having no information is stored on the computer for prying eyes to find and use.

4. Convenience – the user only needs one password.

5. Employees always have possession of their passwords.

6. Token data is securely stored and protected in the event that the token is stolen or lost.

7. The token can store passwords for many accounts.

Smartcard based security tokens prevent data thieves from merely looking over someone’s shoulder to learn passwords or look for notes taped to desks or inside drawers bearing this information. If each account is set with its own unique password, even if a data thief somehow gets one password, all other accounts are still protected. Smartcard based security tokens allow employees to stay within IT security policies and keep corporate networks better protected while offering the convenience employees want and need. This can make even the most careless employee a security conscious one.

A Secure Usb Drive for Mac and Pc

Rg Hannah asked:

A secure USB drive is important to those using Mac’s or PC’s who want to stop the exploiting of confidential data. The thieves are not concerned whether your operating system is Mac or PC. But now a secure USB drive is available as an effective strategy to ward off an attack regardless of which system you use. It would seem at this point if you want to keep your mobile data safe a secure USB drive is in your future interest.

Safety and Security with a Secure USB Drive

A secure USB drive has been produced by SanDisk with safety and security in mind. The drives are compatible with Mac OS X 10.4 and 10.5 featuring the best known encryption algorithm developed to date. The secure USB drive has data encryption that is hardware based and is more secure then software based encryption. Strong authentication means if the flash drive is stolen would be thieves are locked out after a number of failed passwords attempts. This essential prevents any unauthorized user from accessing data. The secure USB drive is also hardware based and is independent of the operating system so access to password keys is not possible from within the operating system.

Investing in a secure USB drive like the units produced by SanDisk is an investment in the company’s future revenue. The confidential data company personnel access everyday is valuable not only to future of the company but to thieves as looking to exploit the data. A secure USB drive can prevent unauthorized access to data through encryption.  Even if lost or stolen encryption makes the data the flash drive contains useless. The mindset use to be that only outsiders were interested in gaining access to secure data but a secure USB drive keeps everyone honest, including employees. Various companies have reported the loss of confidential and sensitive data at the hands of trusted personnel.

A Secure USB Drive on Both Ends

One consideration for using a secure USB drive is the strength it possesses on both ends. Sometimes attackers are not interested in specific data and are not out to exploit data, but only to corrupt it. SanDisk Enterprise partners with McAfee a global security company which scans the secure USB drive for viruses with their anti-malware software and eliminates any threat to data or your operating system before it has an opportunity to reach it. Hackers have been known to use the flash drive as a host to get a virus into the operating system and force it to crash. A secure USB drive with anti-malware will detect such a threat and neutralize it before it can cause any damage to data.

A secure USB drive must have a strong front end and back end which will virtually eliminated access by would be unauthorized users. Strong front end security is provided by passwords that are complex and cannot be hacked or guessed. The administration of passwords for the a secure USB drive is an important part of a strong front end which can keep data safe even if the flash drive is lost or stolen.  Data encryption is a mandatory security measure to prevent access even if the strong front end is thwarted. SanDisk Enterprise produces a secure USB drive equipped with data encryption designed with a strong algorithm which will make data impossible to access by hackers and thieves.