Get A Quote

[contact-form-7 404 "Not Found"]

Category Archives: IT Security

Click here to view all blog posts »

← Older posts

EU-GDPR is on the way

Posted on June 06th, 2017 by

As you may or may not be aware the data protection act is coming to an end. The data protection act was implemented two decades ago and the world of business IT has changed significantly in that time. The EU-GDPR (General Data Protection Regulation) is the replacement and in May 2018 this legislation will take effect in the UK (it will take effect irrelevant of Brexit outcomes)

This legislation is fairly significant. The data protection act left a great deal up to individual businesses as to how they went about protecting personal data. For most organisations data protection took a back seat over day-to-day business. The EU-GDPR is significantly more prescriptive and the fines for non-compliance are potentially very high (up to 4% of turnover or €20 million).

At Geek-Guru we have been preparing for the EU-GDPR for some time.

Whilst the EU-GDPR has now been formalised there is still some uncertainty about how the legislation will be formalised in UK law. The feeling is therefore that this will very much be an evolving subject with changes coming in as and when these laws are tested in court. The key term here is ‘tested in court’. This legislation gives a great deal of power to ‘data subjects’. These are the people for which you hold personal data. We do not want our clients to become test cases in what will be one of the most wide-reaching changes in IT legislation for decades.

So, what can you do?

There are several aspects to this. Some are technical – such as IT security provision. Some are policy and procedures – such as incident management. However, the majority of your obligations will come down to data itself. How data is identified, how data is stored, how data is processed and how data is protected. The key provision in the legislation is ‘data protection by design and by default’. For this to happen you will need to understand your data in a way that you’ve probably never had to think about before.

Over the coming weeks we will be putting together info for our clients on what you will need to do, who you will need to speak to, and what you will need to look at to ensure you are compliant. In the short term, we feel that it would be good if clients start thinking about where their data is stored, what applications are used to store personal data, and how are they accessed. If these are big named software houses like Sage and Microsoft then the changes should be possible with limited fuss and expense.  If these are custom applications, or older legacy applications, then now may be the time to start a dialogue with your software provider about what they have planned for EU-GDPR compliance. This absolutely should not be left until the last minute!

What can Geek-Guru help with?

Within a few months we will have the following certifications and specialisms on board:

CIPP – Certified Information Privacy Professional/Europe

https://iapp.org/certify/cippe/

CISSP – Certified Information Systems Security Professional

https://www.isc2.org/cissp/default.aspx

CND – certified network defender

https://www.eccouncil.org/programs/certified-network-defender-cnd/

ECES – Certified Encryption Specialist

https://www.eccouncil.org/programs/ec-council-certified-encryption-specialist-eces/

As I’m sure you can appreciate this is huge investment in regard to engineer training and recruitment. However, it is the only way we feel that we can provide the level of expertise that will be required of us going forward.

We will be putting together some consultancy packages to help clients with the transition. This will include help with policies and procedures and also with technical measures that will be required to achieve compliance. We’re also on hand for any questions or advice you may need.

Posted in: Data Privacy (EU-GDPR), It 4 business, IT Security

Ransomware and the NHS attack

Posted on May 16th, 2017 by

Ransomware is not a new phenomenon. However it takes something like the NHS hack to really highlight quite how damaging it can be. If an organisation as large and security obsessed as the NHS can be hit then how do smaller organisations protect themselves?

“More than 4,000 ransomware attacks have occurred every day since the beginning of 2016.” – CCIPS

There is no doubt that these types of viruses can be damaging to businesses of all size. There are however a number of steps that businesses can take to both protect themselves in the first place and minimise the impact of any infection.

“54% of UK companies hit” – Malwarebytes

Policies

Policies and training make up the backbone of an IT security program. It would be foolish to think that technology alone is enough to prevent infections or data breaches. There is no magic button you can press that will instantly prevent anything nasty happening to your network. Security comes down to careful planning, preparation, and planning and these things take time and commitment. A clear and concise IT policy is a great start. It can help clarify a company’s position on security, help inform staff on what is and is not expected of them and ensure that risks are clearly communicated to users of the network.

  • Have an IT policy that defines what is and is not an acceptable use of the IT system.
  • Ensure that staff receive training on security issues and have read and understand the policies.
  • Ensure that policies are followed at all times with no exceptions – even by management. Management often have the greatest access to data and yet take security the least seriously. It sets a bad example if management flaunt the rules and staff will quickly determine security is not as much of an issue as has been made out.
  • Ensure that if something does happen, and a breach does occur, that staff know how to react quickly and appropriately.

Perimeter

 The perimeter of your network can be seen as the external fortification of your IT system. It is what separates your internal network (your servers and computers) from the wider internet. In days gone by the perimeter of your network was more clearly defined. Computers and servers lay within the perimeter; everything else outside. With smart-phones, bring your own device, remote workers and cloud computing the perimeter has become significantly more amorphous. The perimeter is however, still a critically important concept.

  • Ensure you have a firewall in place and ideally a full UTM device (unified threat management) such as a WatchGuard. This will actively filter traffic as it passes through it rather than just allowing it or blocking it. A UTM will also look for signs of an attack and inform the appropriate people.
  • Ensure you have a spam filter in place to identify and remove malicious emails before they reach users. No filter is 100% effective but they can significantly reduce the number of malicious emails that make it through to users inboxes.

“In 2016 40% of all spam email had ransomware” – IBM

  • Ensure that there is an enforced policy on how USB storage devices are used. Do not allow staff to use their own devices or attach unauthorised devices to the network.
  • Consider web-filtering if users do not need to access the entire internet to perform their job function. Do not allow personal use of the internet – even at lunch. Users invariably have smart-phones they can use for that and if needed a guest WIFI or guest computers should be provided.
  • Closely monitor the use of remote access to those that require it and ensure that access is granted only to those systems that are needed at the time.

Internal Protection

 Internal protection measures are those measures you should take within your network. These either help to prevent infection in the first place or limit the spread of an infection should the worst happen.

It would be foolish to assume that perimeter security is always going to be completely effective. By operating a layered approach to security you make life as difficult as possible for would be hackers and give yourself extra time to deal with the results of an infection.

“Attacks expected to double in 2017” – Beazley via SC Magazine

  • Ensure that machines are updated with Windows updates but also software updates such as Java and Adobe.
  • Ensure machines are running up to date anti-virus software.
  • Ensure your anti-virus software is monitored so infections are spotted quickly.
  • Older machines running operating systems that are beyond their support window (such as Windows XP) should be considered an immediate threat that CANNOT be secured.
  • Consider running all machines without local admin rights for day-to-day users.
  • Servers should be set up such that files are only accessible by those that absolutely need access to them. This minimises the risk should a user’s machine become infected.

Backup

Lastly, even companies with huge IT security budgets can still pick up infections. The final bastion against any hack or infection is a good backup. Backup is critically important – we cannot say this enough. Without a decent backup of data paying the ransom may be the only viable option for recovery of data. With a decent backup, a ransomware infection becomes an inconvenience rather than a complete disaster.

“70% of businesses paid the ransom” – IBM

  • Ensure you have a backup of ALL your critical data – be that data stored on your server or individual PCs.
  • Ensure your backup is rotated regularly and that one copy is always offline. A backup to a networked device, such as a NAS, is a nice part of a layered backup strategy but should not be considered fool proof. If a virus can infect your server it can also infect any networked devices.
  • If swapping of backups is problematic, or unlikely to occur regularly,  consider an automated cloud backup system.
  • Ideally have multiple layered backups. This maximises your chance of a successful backup and ensures that different data types are dealt with in an appropriate manner.
  • Ensure that backups are monitored so if there is an issue it is picked up early and remedied.
  • Consider how long you could be without your IT system and choose your backup appropriately. If 24-48 hours is too long then you need to consider a backup system that has a business continuity function.

“Most businesses face at least 2 days of downtime” – Intermedia and Aberdeen Group

Remember IT security does not just happen. Equally, IT security is not the job of just one or two individuals. IT security is the job of the entire organisation!

Posted in: It 4 business, IT Security

IT Security: UK Security Breaches Survey 2017

Posted on April 25th, 2017 by

The UK government performs a cyber security survey each year and the latest report has just been published. For those that are interested, the full report can be found by following the link below. However, we have summarised some of the salient points for our readers:

(Gov.uk: Cyber Security Breaches Survey 2017)

In 2016 / 2017, 46% of UK businesses suffered one or more security breaches. Medium and large businesses accounting for a greater proportion than smaller businesses. The severity and scale of breaches is not always measured financially. However, of those that did calculate it, the average cost to the business over the year was £1,570 with larger businesses showing higher losses at £19,600.

The average time taken to recover from a breach was 1.2 days. For some breaches this could be a minor consideration (for example if a single machine is infected by a virus and taken out of action). In other cases a breach could be much more damaging with multiple systems or employees affected. A business reliant on their website for sales could notice a significant impact from 1.2 days of downtime.

There are a number of graphs in the report and we have identified four that are of particular interest. These are the type of breach, the result of breaches, the outcomes from a breach and the actions taken afterwards.

Types of security breaches

By far the most significant attack vector continues to be fraudulent emails. Whilst filters and anti-spam systems can reduce the incidents of bogus emails, no system is 100% effective. Staff training in how to spot fraudulent emails continues to be our recommendation.

Ransomware makes it’s first appearance in the list in 2017. Ransomware is a specific type of malware that makes a company files inaccessible in some way. The fraudsters then attempt to extort money to restore access. This type of malware has been on the rise for several years. It represents a significant threat to businesses of all sizes. Our recommendation is to ensure that anti-virus software is regularly updated, consider a perimeter anti-malware system (such as a WatchGuard router) and ensure backups are working and complete.

Types of breach - bar graph. IT security survey

Result of security breaches

The results of security breaches are probably no surprise; most businesses reporting temporary loss of access or other ‘recoverable’ issues. The cost of these to business is therefore measured in loss of productivity. Some businesses may be able to continue operating during downtime but for others it may have significant ramifications.

Perhaps more immediately concerning are the 7% of businesses that report permanent loss of data and 6% of business reporting stolen money. These represent a ‘non-recoverable’ outcome – a lost which may be irreplaceable.

Result of breach - bar graph. IT security survey

 

 

Outcomes of security breach

Outcomes include loss of productivity, additional costs to repair damage and prevent future breaches. They also include reputational damages. These include loss of goodwill, complaints from customers and changes to business activity.

The important point to realise is that a breach can result in damages that can take a long time to recover from. Goodwill, reputation and share value may have been earned over many years. In extreme cases these may never get back to pre-breach levels.

 

Actions following security breach

Lastly, the survey looked at what businesses were doing to prevent future breaches. By far the most prevalent of these is staff training or communications. We continue to recommend policy, training and communications as the thing that every business should be looking at if they don’t already have these in place.

Anti-virus software, firewalls and system updates are almost a given. They should not be neglected, but equally they should not be considered as a perfect solution. They are a part of the security puzzle that must be maintained alongside other solutions.

Actions following breach - bar graph. IT security survey

 

Posted in: It 4 business, IT Security
Geek Guru Shield

Stopping Malware Attacks - Updates and Exploits

Posted on August 14th, 2013 by Emily

 

Following our blog last week on Anti-Malware software and support, this week we continue to take a look at some steps you can take to help secure your PC or network from online threats.

Divider

Did you know that as well as protecting your computer or network with software and hardware, you can protect it by updating frequently?

It may come as a surprise to hear that most malware out there right now works on the theory that people don’t update key software on their systems as much as they should, or turn off or ignore prompts to update.

Most of us have been guilty of this at some point. A box pops up telling you an update is available, but you’re working on something important, so you click “later”, “postpone” or “remind me at restart”. Next time might be the same. Eventually you end up with out of date software and several updates to apply at once.

It used to be that unpatched copies of Windows would be at the greatest risk, but with things like automatic updates and integrated security features, this is becoming one of the lesser favoured avenues of attack for malware.

Windows and Internet Explorer accounted for only 3% of total exploits in 2012, while Java was by far the most vulnerable, with a whopping 50%; Acrobat Reader came in at 28%; Adobe Flash came in at 2%. Java and Acrobat Reader have been up there on the list for a several years now. But this doesn’t mean that the software is bad – of course the vendor must always take some responsibility for the security of their products, but the fact is there are simply more attempts made to exploit holes in Oracle’s Java because so many computers around the world use it. Acrobat Reader and Flash are similar cases, although Adobe has focused on making the latest iterations of their popular software more secure.

Most often, as soon as a piece of malware is discovered, the security hole it exploits is patched by the software vendor if this is possible. If a security hole is discovered before any malware is released to exploit it, a patch is also released as soon as possible. The problem is that people do not download these updates when they should.

Essentially, if you want to keep your network or computer at its most secure, make sure you check regularly that all regularly used software is up to date, especially Java, which is used by most web browsers.

If you’d like to read in more depth about the most common exploits used, head on over to this article on the Kaspersky website.

Divider

At Geek Guru we’re interested in helping our customers and their data to stay as secure as possible online and offline. We are here to provide advice and support to our customers whenever they need it, and we explain things without jargon.

If you’d like to get in touch, you can call us on 0845 234 0580 or email us at info@geek-guru.co.uk

Divider

 

Posted in: It 4 business, IT Security Tagged , , , , , , , ,
Geek Guru Shield

Anti-Malware for Businesses – Impact of Malware

Posted on August 07th, 2013 by Emily

 

We hear about the potential threats of malware all the time, but what could an infection mean for your business in real terms?

Divider

Many of us have been there. We clicked “Yes” to something we should’ve clicked “No” on while clicking through a program installer, and installed something we didn’t want, like a Browser Toolbar (Commonly known as BHOs or Browser Helper Objects). Or perhaps we’ve installed something based on its claims, because it looked useful. On the surface these software programs claim to be helpful, but really inside most of them are there for one purpose – to make money. How they do this can vary, many of them will install some kind of spyware and change some browser preferences, like your default search engine, making it use their own. The changes made in a few seconds by a piece of rogue spyware or adware can take hours to put right by hand.

Unfortunately, user data is a very, very profitable commodity. These “tools” can store and send data about your computer and browsing habits, your searches, how long you spend on specific sites, even the links you click on. This data can be used by companies who then target you with spam mail or advertisements based on what they learn from you. Spyware collects the data, Adware displays the advertisements that come from it. As well as being something of an invasion of privacy, and causing unwanted popups, advertisements or spam mail, spyware and adware can cause your computer to slow to a crawl, as it drains system resources in order to collect and send data.

Often, people are tricked into installing two or three pieces of spyware or adware at once, and it goes without saying that the more junked up a computer becomes with these things, the slower and slower it runs, and the more problems you may face. In extreme cases, spyware and adware has been known to crash computers entirely or make them almost unusable. Adware and spyware doesn’t tend to spread unless it’s coupled with a virus, so most of these annoyances can be removed with time, patience and a good IT professional.

Divider

  • Viruses, worms, trojans and keyloggers, however, have the potential to do much more serious and long term damage to your systems and possibly even your customers.

Some malicious software is programmed to cause as much destruction as possible to the systems it infects, for no other purpose than entertainment of the programmer or programming team. Some is designed to make companies aware of security flaws or to prove a vulnerability, while others are designed to steal data in order to make money in a much more direct fashion.

Data can be stolen, deleted, corrupted or otherwise rendered unusable by malware. When you’ve got a whole server full of critical or sensitive information, and a network of computers that access it, this can be very bad news.

Depending on the severity of the malware attacks, you could be forced to wipe your systems clean in order to get rid of the infection, or even replace parts of the system if enough damage is done. Left unchecked, infections can spread to backups you create from an infected network, meaning that you are then unable to use the backups of the data you have stored.

Divider

  • All malware can lead to lost time, which means lost productivity and lost potential profits.

The best defences against malware are to keep your software up to date, (for example, using Windows Update or similar tools) and using a security suite that defends your network or individual computer from attack. There are also hardware defences against intrusion attempts, like firewalls, which we’ll discuss in a later series of blog posts.

If you suspect there may be malware on your computer, get in contact with an IT professional as soon as possible, particularly if you are worried about your business network. If you’re a home user, there’s a tool you can download called Malware Bytes, which is available free for home use. It helps detect and remove the offending malware, and we recommend running through a full scan. You can find it at http://www.malwarebytes.org/

Divider

On Friday, in our final post of the week, we’ll be discussing the antivirus and antimalware software and support options we provide, and the advantages of each for different types of businesses.

If you’d like to talk to us about anything IT related, give us a call on 0845 234 0580 or email us at info@geek-guru.co.uk, and we’ll be happy to help.

Divider

 

Posted in: It 4 business, IT Security Tagged , , , , , , , , , ,
Geek Guru Shield

Anti-Malware for Businesses – Malware Explained

Posted on August 05th, 2013 by Emily

 

This week in the Geek Guru Blog, we’ll be taking a look at malware, the impact it can have on your business, and the steps you can take to protect yourself, at home and at the office.

Divider

Malware is an all-encompassing term for malicious software and code out there that’s designed to negatively impact computer systems in one way or another. There are various forms of malware; most people who know how to use a computer are aware of at least one type, the virus. However, there are many more different kinds, all designed to do something slightly different.

In true Geek Guru style, we’ve decided to cut down the jargon and present these different types in a way that’s clear and straightforward. It’s often much easier to understand how you are protected by security software when you’re aware of the type of threats you are protected against, and how they work.

 

  • Viruses – A cover-all term for most types of infectious code. A virus will, when run, replicate itself by injecting its malicious code into other files. They can work in many different ways, but the defining characteristic is that a virus will install itself and replicate itself without the user knowing, but requires a file to be executed (launched or run) by a user in order to activate. While the term “computer virus” does have a specific definition, many people use it to encompass all of the malware types we mention in this article.
  • Worms – These are portions of malicious code or software that seek to accomplish the same things a virus does, but unlike a virus, they do not require user interaction in order to copy themselves. You do not need to click anything for a worm to replicate itself, once on a machine it can be completely autonomous, and easily spread over a network.
  • Keyloggers – These exist for one sole purpose – to log keystrokes on your computer with the goal of stealing valuable information. As you type, your keystrokes are recorded as data files and sent to wherever the keylogger is programmed to send them, meaning they could steal passwords, credit card numbers and other forms of sensitive data you input using the keyboard.
  • Trojans – Also known as Trojan Horses, so named because they disguise themselves as something normal or desirable (such as free software) in order to get users to download or install them. They can contain malicious code themselves or they can be used as a delivery mechanism for viruses, spyware or adware. They can also be used to turn computers into “zombie” machines for use in botnets.
  • Rootkits – Hiding malicious code from the user is sometimes essential for the proliferation and existence of a piece of malware. Sometimes a virus can seem incredibly hard to completely remove, or may come back seemingly from nowhere – this is nearly always because of a rootkit. Rootkits exist to do this job – they hide processes, files and sometimes even themselves from ordinary users so that they are not detected, and they try to avoid removal by antivirus programs. If a certain process critical to the malware is stopped or removed, the rootkit may reproduce it or restart it.
  • Backdoors – These open virtual “doors” into an infected machine, to allow access from other malicious software, interference from external sources such as hackers, or allow information to be sent out without the user’s knowledge (such as information from keyloggers).
  • SpywareDesigned to spy on the user through monitoring activities such as browsing habits, time spent on certain sites, links clicked, searches performed, logins, passwords, active software on a user’s computer, technical specs of the infected computer and other information that can be profitable to the spyware vendor or useful to marketers.
  • Adware – Mostly irritating rather than actually dangerous, adware (as its name suggests) shows unwanted advertisements to the user, usually in the form of a distracting pop-up window.

All types of malware can lead to theft or destruction of important or sensitive data. They can also lead to greatly reduced PC performance due to computer resources being used by malware, or reduced internet connection speeds due to uploading/downloading data. Imagine a scenario in which you have an office network of 50 computers, all infected with malware, all uploading or downloading data at the same time over the same connection. That would slow anything down to a crawl!

Divider

At Geek Guru we’re committed to doing the best we can to ensure this doesn’t happen to our clients. We offer several solutions, suitable for many sizes or types of business, and we even offer 100% managed solutions – meaning you won’t have to lift a finger to keep your internet security software up to date, or manage possible threats. We’ll do it all for you and notify you if there’s anything you should be worried about or anything that requires your attention.

Be sure to read the rest of this week’s posts which will focus on what these threats could do to your IT, things you can do to prevent these threats, available software and the services we offer to help.

For more advice or information, call us on 0845 234 0580 or email us at info@geek-guru.co.uk

Divider

 

Posted in: It 4 business, IT Security Tagged , , , , , , , , , ,

Updating Your IT - Part 3 - Security

Posted on July 12th, 2013 by Emily

 

In the final instalment this week, we’ll look at how keeping your IT updated affects your security.

Divider

Viruses, Worms, Trojans, Malware, Phishing – all different kinds of cyber-attacks, all out to steal valuable information or cause destruction or inconvenience in one way or another, and you could be putting your information at increased risk from these if your IT is outdated. You may have antivirus software on your computer, and assume that you’re protected. But when was it last updated? What year is it from? Do you tell Windows to shut down without installing its updates, or have Windows Update turned off? Are your machines, servers or network too slow to run up to date security software effectively? These are all things that could compromise your security.

While there are methods of making your hardware more secure, most of the real threats to security come from out of date software interacting with the internet. Slower hardware may struggle to run some of the security software available and necessary for businesses today, and if that’s the case, you may need to consider some hardware upgrades as well.

So what can you do? Well, there are some steps you can take right now:

  • Make sure Windows Update is turned on if you’re running a PC, or MacUpdate if you’re running a Mac.
  • Make sure you have up-to-date antivirus software.
  • Set your passwords to something that’s not easy to guess. A combination of upper and lower case letters, numbers and symbols is best.
  • Check that you have the most recent version of your chosen browser.
  • Check that all of your important software is up to date.

Out-of-date software can leave serious security holes open to potential hackers, (not to mention a variety of bugs,) so always use the tools provided by the vendor to update your software whenever an update is available.

Often, in larger organisations,  things like updating software and virus definitions is something that is also done by a network administrator or IT support technician, but with standalone machines or some small business networks, this may not be the case.

Unless you understand your IT fully, things like updating firmware for routers and checking network settings are something that’s best left to the professionals, and something that should be included in your IT support package.

Recently in the news, large companies like Sony have come under fire for not fixing security holes in their systems, or not having strict enough policies and allowing details to get out. No one wants this to happen, especially with very sensitive data that some businesses store, and one of the first steps you can take toward security is to keep everything up to date.

Divider

Geek Guru take network and data security very seriously.

If you’re interested in how we could help you to keep your IT updated and secure, give us a call on 0845 234 0580 or drop us an email at info@geek-guru.co.uk

Divider

Posted in: It 4 business, IT Security Tagged , , , , , ,

Laptop backups

Posted on May 16th, 2012 by Tim

When you think of backup most people think of their server. All our clients have a working server backup – we’d have it no other way! But have you stopped to think of your laptop?

Many of our clients have redirected folders meaning the my documents store and desktop are redirected to the server. This is great for desktops and laptops that are synchronised regularly. But what happens if you never visit the office or synchronise over VPN? Equally how do you manage backup if you have no server to synchronise too?

Ask yourself this. If you lost your laptop or it was stolen would you lose anything critical? Could you carry on, business as usual, or would there be something like email, documents, photos or iTunes music that you would be lost without?

Backup of laptops is not as easy as backing up a desktop PC or server as the system is usually mobile. You may not know where the laptop will be during the backup window. Because of this you need a backup system that can either backup on the move or is clever enough to backup when the system is in a convenient location.

Complex backups involving laptops are beyond the scope of this post. However, here are some good general tips for protecting data on the move:

  • If you do have redirected folders attached to a server, synchronize regularly to ensure the server has a recent copy of all your documents. Remember this can be done via VPN if you are not in the office much.
  • Use Dropbox to mirror important files to the cloud or other employees.
  • Use hosted systems where possible to store important data such as CRM in the cloud.
  • Backup your iTunes store to an external drive and keep it at home.
  • Backup your whole laptop to an external drive as often as you can. Preferably at least monthly.

Obviously if you want advice on backup for a fleet of laptops or backup in general please feel free to get in touch.

Posted in: It 4 business, IT Security

PC Security - Microsoft Security Essentials.

Posted on May 11th, 2012 by Emily

As an IT support company, we recommend that businesses protect workstations and data through the use of an anti-viral application suite such as Kaspersky or AVG. These have centralised control, meaning we can monitor and maintain the protection for the entire network from one centralised location. But what about home PCs or very small businesses where centralised monitoring is unnecessary?

Many people still don’t have antivirus, spyware or malware protection because they think they’ll have to shell out a lot of money to buy a protection suite, think it will take too long to download, or simply are unaware of the threats that lurk out on the internet and think they can do without it. If you don’t have any security software, you could be putting your computer and your personal data at serious risk. The solution, however, may not be as expensive or time consuming as you think.

Continue reading →

Posted in: It 4 business, IT Security

Passwords - the good and bad

Posted on March 14th, 2011 by Tim

A new study has revealed that poor passwords are as much of an issue now as they were in the 1990s with the majority of users still opting for insecure and easy to crack words and combinations. In December 2009, a major password breach occurred on the website rockyou.com that led to the release of 32 million passwords. Whilst this was a huge security breach for the sites users, and a PR nightmare for the sites owners, it did give security analysts the opportunity to scrutinise a huge data set of real-life passwords. This is the largest set of data ever analysed and the results are not good reading! Continue reading →

Posted in: It 4 business, IT Security
← Older posts