Passwords and the Internet

There’s a lot I have to say in this topic, so I’m going to spread this over a few posts.

Have you ever signed up to a website and seen this field:

‘Enter your password as an 5 character word, using only alphabetic lower case letters.’

If so, bad news, the person who created the field has about as much knowledge of internet security as a brick. Your password and hilarious pun-based user name is probably now in the hands of whoever could be bothered to do a quick search.

Let me give you an example – in 2009 there was a rumour that RockYou, a relatively small online social media gaming company (who utilised the above password restrictions), had suffered a security breach. In the days that followed RockYou said absolutely nothing to any of its 32 million customers and when the damage was fully surveyed and released (not by RockYou) it turned out every single account had been compromised. The passwords had been stored in an unencrypted form in plaintext.  It’s the IT equivalent of writing your passwords down on a piece of paper on your desk, and the hackers utilised an SQL security flaw for access that had been common knowledge for a decade.

I have a theory that it was a social experiment to test the kind-heartedness of the internet, because I can’t quite believe anyone could think this level of carelessness was a good idea.

So how do you guard against this? Unfortunately it’s not very easy to know, any company with common sense isn’t going to tell you how they store information. Interestingly, Rockyou’s privacy policy says that they use ‘commercially reasonable’ measures (accurate as of 19/6/13); ‘reasonable’ is certainly better than ‘none whatsoever’ but to what that extends to is anyone’s guess.

If I was them I would be making a big song and dance about how secure they are NOW.

These 32 million passwords form a large part of how most hackers decrypt modern day passwords. I’ll explain how this happens in my next post.

Managing to make the most of cloud technology in business

Have you ever heard someone say: ’I hate cloud technology, why can’t I just have a piece of paper in front of me? It’s so much clearer.’

Yes it may be clearer, but you could well be costing your business a whole lot more than you realise.

Let’s start with the most obvious – printing costs of ink and the paper it’s on. Of course even with cloud technology you don’t have to get away from paper altogether if it’s your preferred medium, but replenishing printer cartridges and those heavy boxes of paper can add up. And what do you do with all that paper? Storing paper documents in your office is another wallet scorcher – about £25 a year for a single document.

Still not convinced? Here’s another – how much time a year would you say you spend looking for documents each year? Two hours? 5 days? Try 6 weeks.  Mind boggling to say the least, now imagine that multiplied by the number of people in your business, and heaven help you if that document is filed incorrectly.  That’s a lot of time and money that could be better spent on just about anything else. In the cloud it’s easy to move, share, search for and update documents in real time.

If you want to read a more in depth article on why to move your business to the cloud, visit http://www.aiim.org/Research-and-Publications/Research/AIIM-White-Papers/Managing-and-Sharing-Documents. 

Feel free to add anymore you can think of!

Guy

Cloud Technology for Beginners

Zip, Just, Easy, Amazon, I; but which is the right cloud solution for you? Here are a few suggestions on what to look for when selecting a cloud solution for a new business:

SECURITY

Security is an important question, however many people do not know their triple DES (data encryption standard) from their AES (advanced encryption standard) which hopefully I’ll cover in a later post. In layman’s terms: most online banks operate at 128-bit AES; no-one to date has ever successfully penetrated this level of encryption via brute force, and not through lack of trying. However, a few cloud providers offer 256-bit encryption to demonstrate their pledge of security to you. If you wonder which yours is operating at; click the lock that appears where the URL is displayed.

DATA AND PAPER

A key aspect is to choose a company that won’t alter the type of document that you originally uploaded, which would mean committing to the company forever unless you are happy to watch fees for data exporting pile up. Make sure there is also a solution for your existing paperwork and that the blinkers aren’t on when you’re selecting all of your forward thinking options.

RELIABILITY

Always, always, always make sure that you thoroughly research anyone who you’re considering giving money to. There are lots of websites set up to lull potential customers into false senses of security, so that you’re not aware of the full horror show until you’ve paid your first years balance. This is sound advice not just for cloud providers too. A personal favourite for seeing terrible customer service is http://www.trustpilot.com.

PASSWORD PROTECTION AND USER CONTROL

Two words will save you a lot of hassle: Dual-Authentication. A simple system that will mean you spend an extra 30 seconds logging in each time. But that could save your bacon if an employee happens to leave a briefcase of user names and passwords on a train or there is a security breach, see Evernote. Make sure you manage who can and who can’t access parts of your cloud for sensitive data purposes. It is equally wise to check whether or not staff at the host company will be able to access your data.

REMOTE ACCESS

Finally, true cloud flexibility is all about having what you need anywhere at any time. It’s all very well having your data securely locked away, but the whole point of spending your time putting information into the cloud is so that you don’t have to be sat in your office to get it back.

- Guy