Dr. Elliot King

Companies and organizations really should know better. Allowing intruders to breech their networks is not good. People break into a network because they want to do bad things and after they do break in, they leave backdoors and Trojan horses behind so they can steal data on an ongoing basis. And ever since networks became the critical backbones to most IT infrastructures, organizations large and small have invested heavily to prevent network intrusion. You know all this, but does everybody?

According to TrustWave SpiderLabs, many IT professionals do not. This security team has conducted at least 1000 data breach investigations in connection with law enforcement officers and thousands of technical application and network penetration tests. 

Based on that experience, TrustWave reports in CyberThreats 2011, that breaching the network is one of the most commonly used methods of attack for data intruders and the most used tactic to get unauthorized access to a network is weak or blank passwords at administrative level accounts. The second most frequent hole in network security is weak or no passwords for database services at the administrative level.

The upshot is that hordes of intruders are not sneaking into your network; they are coming in through the front door. And your administrators are the ones holding the doors open for them.

Password protection is not a complicated process. The first step is to make sure that your administrators use them. Most people should have at least two passwords and perhaps more, depending on their responsibilities. One password should be used for secure sites, such as those needed to conduct financial transactions. Some people like to use at least three passwords—one for secure sites and systems, one for sites and systems that hold personal, though not secure, information, and one for everybody else.

If use is the first step, making sure you have a strong password, one that cannot be easily compromised is the second step. There are plenty of methods for creating strong passwords. But even more importantly, don’t use a weak password. For years, the most common password on the Internet was “password.” 1234, your birthday or anything else easily associated with you, and words out of the dictionary are also no good. The best passwords usually consist of letters, numbers and special characters put together in a way that is easy for you to remember.

Enforcing the creation and use of strong passwords is Security 101. Many haven’t learned that yet. Has your company?

Image contributed by: Salvatore Vuono