Quick Enquiry

IT Security

Why not contact us to discuss how our managed solutions can reduce your security headaches.

Remote Backup

Passwords

 

Good security starts with strong passwords.  All the sophisticated firewalls, aggressive malware protection and email filtering solutions are worth little if you're using weak passwords on your business network.
 

Local threats

A lot of companies feel there's no need for strong passwords on their network.  The staff are trusted and everyone is free to access each other's files and emails in order to get the work done when someone's out of the office.  They may feel that a simple password like Password123, written on a post-it and attached to each user's screen, is perfectly reasonable.

It's good practice in any area of security to only give people access to what they need to access.  If staff are prevented from accessing data that is not required by them to perform their normal duties, then there is no danger of them coming across it accidentally or deleting it by mistake.  The office team may work well together, but what happens when someone stumbles across payroll information and realises one of their colleagues is being paid a lot more than they are?  Why expose yourself to the potential risks of a disgruntled employee who has access to everything on the network?

If everyone knows everyone else's passwords then there's no effective way to manage permissions.

Something else to bear in mind...what about unauthorised individuals entering your office?  If someone were to break in and steal your PCs, how easy will it be for them to access the confidential data stored on the hard disks?

 

External threats

If you really can trust your staff beyond any doubt and your office is impervious to unauthorised entry, then you might get away with using weak passwords.  The thing is, you'll almost certainly want to connect to the Internet - and that's when the real problems start.

Any malicious software that finds its way onto your computer will have a much easier job achieving its goals if it can easily obtain a valid password for a user account.  So if your password is easy to guess (and malicious software can make a few thousand guesses in a few seconds), you could be opening the door to all kinds of hazards.

If you have any kind of remote access configured on your network, whether it be for staff to access emails on their phones, share files via an intranet site while in the field or work remotely from home - you're opening pinholes in your IT defences. 

We've heard a lot of customers say "why would anyone want to try to hack into our network?".  Well, there might be an individual with a specific desire to gain access to your company's confidential information - but it's more likely that your network defences will be targeted by an automated attack.  People often picture a lone hacker sitting at their desk trying to guess passwords through trial and error...tapping in each password manually one after the other.  In reality it will be networks of hundreds, thousands or even millions of distributed computers being co-ordinated to gain access to as many PCs, servers and networks around the world as possible.

 

Best Practices

Hopefully you've realised the benefits of using strong passwords, in which case you might want to follow some of these best practices:

  • Enforce complexity - On a business network you should be forcing users to use complex passwords through such mechanisms as group policy.
  • Manage permissions properly - Instead of sharing your password with other users, take advantage of the mechanisms available in the operating systems and software you use to give them the relevant permission to access your data.  If possible, organise the users on your network into security groups and give access to resources based on group membership.
  • Use Biometrics - Fingerprint readers are pretty common on laptops these days and you can also buy them as add-ons to PCs.  You can use their associated software to store all your complex passwords in an encrypted password bank on your hard disk.   Then when you need a password for a specific piece of software or website you just need to swipe your finger across the sensor - all you need to remember is your finger.
  • Restrict IPs and use digital certificates - As an additional layer of security for remote access, you might want to restrict access by IP address so only people at specific locations can connect to your systems.  You can also use client certificates in order to verify that remote devices are authorised to access your network.
  • Two Factor Authentication - This is the process of asking for two types of ID instead of just one (usually your password).  Users can be issued with hardware tokens that generate one time passwords that have to be entered along with usernames and passwords to gain access to secure systems - these are popular with banks.