These are among the tips from the US organisers of the global
event, including Security Awareness Inc. and the Information
Systems Audit and Control Association. Now in its ninth year,
Computer Security Day exists to remind people to protect their
computers and information.
The day is on 30th November each year and the organisers list
53 ways
that offices can participate.
Suggestions include:
- Check for viruses
- Protect against static electricity
- Vacuum your computer and the immediate area
- Back-up your data
- Post 'No drinking' and 'No smoking' signs in computer
areas
- Hold a discussion of ethics with computer users
In a climate of high-profile security breaches, most notably
HM Revenue and Customs' loss of 25 million
records, protecting information to the highest standard has
never been more vital to maintaining customer loyalty and business
reputation.
OUT-LAW is embracing Computer Security Day this year and
encourages readers to review the passwords they use for work and
personal purposes if they are weak or any older than 60 days.
Passwords-schmasswords
Almost two-thirds of people never change their passwords,
according to a survey of 1,800 adults reported by the Department of
Trade and Industry in June. One in five people said they use the
same password for non-banking websites as well as their online
bank. And over one-third recorded their password or security
information by either writing it down or storing it somewhere on
their computer.
Such behaviour is asking for trouble, according to US security
guru Bruce Schneier.
"People should change their online access passwords regularly,"
Schneier told OUT-LAW.COM. "The risk is that a password has been
compromised, and changing your password regains security."
Microsoft suggests that a password that is shorter than eight
characters should be considered "only good for a week or so," while
a password that is 14 characters or longer (provided it follows
Microsoft's
rules and tips for passwords) can be good for several years.
Others suggest that you can safely keep a password for 60–90 days
as a general rule of thumb.
The HMRC incident has prompted many individuals to take
protective steps. HMRC wrote to the families potentially affected
by the data loss. Its letter addressed online banking risks and
stated: "If your password uses any of your personal data, for
example your child's name or date of birth, you may also wish to
consider changing any passwords you use."
According to APACS, the UK payments association, 10% of Child
Benefit recipients have since changed their online banking
passwords. Six percent changed their PINs.
How to choose a new password
Andrew Moloney, a director at security firm RSA who specialises
in the financial services market, offers the following tips:
- "If your password is linked to personal data – e.g. a date of
birth or child’s name – it should be changed.
- The longer a password, the more difficult it is to crack. Thus,
make yours of a decent length, say 10 to 16 characters if
possible.
- Replace words for numbers e.g. For = 4, to/too = 2, add
punctuation like exclamation marks and change capitalisation
- Consider using a phrase that includes both numbers and words
and use the first letters/numbers from that. An example would be
“On the 12 days of Christmas my true love gave to me =
Ot12docmtlgtm”. This has a great combination of being
hard to guess but easy to remember. That's the ideal
scenario."
Visit your online bank now.
