Why Change your Password Every 3 Months?

At work, you’re probably required to change your password every 3 months or so.

Why? To restrict access.

It’s to kick out an attacker that may already be inside your system.

That’s it; simple and logical eh.

Because remember the golden rule – it’s not IF you’re compromised, it’s WHEN (more here)

Small business owners – it’s good practice to do this at least once every 3 months, ideally more. And when you do, be mindful of this sad stat – the more often employees are required to change passwords, the higher the chance it will be both written down, and super crappy, example: Summer2014 and Winter2015

A good password looks like this:
M{c^TJ.`?W@Y?I6i1@O%yq4?o

Blog tag = passwords

This post has been brought to you by Nuix and KeriBlog.

Meet Nuix here.

 

 

Introducing the Nuix & KeriBlog Security Series

Announcing the launch of an all-new security series here on KeriBlog, brought to you by Nuix and KeriBlog.com.

I’m especially excited to get Nuix’s input on the posts, because I am no expert, and the type of topics we’ll talk about is baby stuff for them.

Who is Nuix?

Found in 45 countries around the world, Nuix specializes in threat intelligence, and works with some of the world’s leading enterprises and regulatory agencies, law enforcement and anti-corruption bodies, federal government departments, and advisory firms.

They’re a technology company that enable people to make fact-based decisions from analyzing and extracting knowledge from unstructured data.

Think of it like an “Anomaly Machine” – upload any type of file (logs, emails, documents), and it will hoover up the text and help you find patterns among thousands+ of files.

We’ll make it so you don’t
recoil in horror seeing this:

About the Security Series

We’ve designed an 8-part series to teach you about how to stay safe online. Our first topic is passwords. Did you know that with the help of a tool, I can make 25 billion password guesses, per second. Billion.

Upcoming topics: 

  1. Passwords
  2. So You Clicked on a Bad link
  3. Malware, Viruses, Trojans and more
  4. What is a Pentest and why you need one
  5. XSS is not your friend
  6. Let’s go Phishing
  7. The MITM Attack
  8. Securing a WordPress site

And they’re going to attack me. Neat eh.

I’ll be the guinnea pig, and they’ll attempt (and probably succeed) in breaching my social media accounts, blog, and email to show you how easy it is to be compromised.

Remember the golden rule of online security:
it’s only as good as YOU make it.

Small business owners – a responsibility comes with accepting credit cards and customer’s personal information, conduct your business security accordingly.

***

This post has been brought to you by Nuix and KeriBlog.

 

 

3 – 6% of your IT Budget = Security

About 3 – 6% of your annaul IT budget should be allocated to security.

That’s the finding of the 2014 TELUS-Rotman IT Security Study. Which also found that spending more didn’t necessarily equate to better security. Spending less is an obviously bad idea.

Unfortuantely, the security budget is usually the first thing to get cut.  Which makes no sense, because why bother building something, if you’re not going to protect it?

Moreover, as a small business owner you have a responsibility to protect your customer’s information, especially if you’re processing credit card numbers.

How much are you currently spending?

Compare yourself to the rest of Canada:

About 30% of organizations spend the minimum, I hope you’re higher than that.

Protect your kingdom guys!

Because always remember,
it’s not IF you’re breached, it’s WHEN.

Blog tag = TELUS Security

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.

 

 

It’s not IF You are Breached, it’s WHEN

That’s one of the oldest saying in security, because it’s true.

Thinking you are going to be forever immune is delusional.

Do you not lock your front door? Lock your car when you park it downtown? Take a different walking path at night than during the day? Why would online actions require less diligence and care?

Here’s the mean number of breaches to Canadian companies, over the last 4 years.

Note that none of them are 0.

If you are a small business owner:

You have a responsibility, especially if you are accepting people’s credit card numbers. Because you may be more of a target than you realize… think like an attacker: is it easier to go after 1 large business, that likely has security systems and staff in place? Or 10 smaller businesses, who probably have no clue and are lazy about protecting their assets?

The type of breaches Canadian companies experienced last year.

1 – one careless click, on one stupid link…
2 – how old-fashioned! Never leave your laptop unattended
3 – from the inside…
4 – lock your WiFi network. And change your router password too, how to here
5 – the counter to this attack is listening to your gut. Blog tag = social engineering

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.