Why Your Business Requires Security

The States and Federal Identity Theft and Privacy Protection Laws now require businesses, agencies and organizations of all sizes to protect all personal information they store, and report to all their customers whenever a breach occurs. The financial ramifications after having a data breach can be very substantial to both present and future business. In some many cases a company never does recover from a breach and is forced to close down. Currently, the average cost on a company is $3.7M per incident.

Justin Williams’ on Twitter Security


Justin writes a great article about the Twitter hack (see below). Password security is much more than about just having strong passwords, it is also about managing passwords. If a company’s IT department puts the burgen on users to change passwords frequently and to have longer passwords, then users will write them down on notes for people to find.

SOLUTION: Invest in a secure password manager that is based on smartcard technology.

JUSTIN WILLIAMS: Twitter hacking points out need to secure information

Back in May, Twitter was hacked by someone who got into the accounts of several of the company’s employees. The hacker also gained access to the Twitter accounts of several high-profile users.

Besides just snooping around, the hacker gathered hundreds of documents from Twitter’s Google Docs account — including employee lists, credit card numbers, contracts, meeting notes and salaries. Last week those documents ended up in the hands of TechCrunch, a popular Internet blog, which posted many of the documents outlining Twitter’s business strategies and financial forecasts.

How did the hacker gain access to this information? Relatively easily, actually. He acquired a Twitter employee’s Google password, which gave him access to e-mail, Google Docs and more. He didn’t use a dictionary attack or guess the password. Instead, he used the password recovery features of Gmail which will e-mail the password to a secondary e-mail account. In this case, the secondary account was an expired Hotmail account that, when reregistered, had the recovery e-mail from Google waiting there.

While your e-mail and secrets may not be as tantalizing as Twitter’s, this episode should serve as a reminder to think hard about how secure your computing practices are.

First and foremost you want to make sure you have a good password — a mixture of letters, numbers and symbols. It also should have a mixture of upper and lowercase letters. You want to avoid common words and names because they can be cracked fairly easily by trying to log in using every word in the dictionary.

You also should have a unique password for each Web site you visit. Having a unique password per site gives you an extra layer of protection should that account be compromised because the intruder won’t be able to access any other sites you may use.

Remembering dozens of passwords isn’t practical, so I recommend using a password manager that integrates with your Web browser. On the Mac, I swear by 1Password (agilewebsolutions.com/products/1Password). I let it generate and manage all my passwords, personal information and online credit cards. I also use 1Password to fill out online forms for me through its integrated browser plug-in. RoboForm (www.roboform.com) offers an excellent alternative to 1Password for the Windows platform. It seamlessly integrates with both XP and Vista machines and works in Firefox and Internet Explorer.

Twitter’s misfortune is a reminder of good password practices, but it also may be a warning sign of what the future holds for cloud computing. The blow to Twitter would have been much less if the company had not been storing all of its sensitive documents and information in Google Docs, an online equivalent to Microsoft Office. If you can’t imagine something getting in the hands of wrongdoers, it is probably better to keep it stored locally in your home or office instead of on a server somewhere on the Internet.

Justin Williams is the owner of Second Gear, a local Web and software development firm. He can be reached at justin@secondgearllc.com.

Categories : Uncategorized

Comments are closed.