|
What does your password say about you? (or, Data Security 101)
A person’s password speaks volumes about their personality. What does yours say about you? Would it stand up to a security test?
In the last ten years of my life as a “Computer Person”, I’ve seen it all when it comes to passwords. Are you a Computer Science graduate? Maybe your password is Spock, Gandalf, dungeons or megabyte.* Maybe you build PC’s for friends on the weekend – is your password Radeon9800? Or maybe your password is how you see yourself. Are you a gladiator, hercules, or diva? Perhaps your password is inspired by your pet (fluffy), your children (sally&billy), your significant other (bob), or your favourite holiday destination (italy). Perhaps you fall into the “no imagination” category, with an easy to guess password based on your name, date of birth, initials, nickname, address, postcode, or telephone number. Why am I asking? I’d like to invite you to review the security of your customer data, specifically the contact information that you use in your email marketing. This information has been entrusted to you by your customers, and misuse of personal information can carry heavy penalties. In the past few months, I’ve noticed some areas that could use improvement:
The password is usually the weakest link in the security of any system. You could have your customer information loaded onto a system that is ostensibly “un-hackable”, but if your password is “brisbane” then all your efforts could be for naught. Here are some password tips for you: - When you are first issued with a password, log in and change it.
- Change your password as appropriate. The regularity will depend on the importance of the system that you are accessing.
- Do not choose a password that is a word in any dictionary, or even a combination of words. Remember, some dictionaries include place names and even people’s names.
- Don’t use your pet, child, partner, town, postcode, telephone number, name, nickname, initials, postcode, birthday or any other personal information as your password.
- Avoid keeping your password in a file on your computer.
One common strategy is to switch numbers for letters in a combination of words. For example, if your favourite food is red jelly, your password could be r3dJe11y. Another idea that I recently discovered is to take a phrase that you can remember and use the first letter from each word in the phrase. For example, “A stitch in time saves nine” becomes asitsn, or As1ts9.
Review the access that each staff member has to sensitive data. Consider a “need to know” policy where staff members can’t access data that they really have no reason to access. You don’t need to become a control freak, but it is worth at least knowing who has access to particular information. Is it easy for staff to guess each other’s passwords using staff ID numbers? Or do all staff members log on using the same password? This may not be an issue when everything is running smoothly, but as soon as one staff member becomes disgruntled, you have a severe security problem.
When a staff member leaves your organization, do you immediately turn off or reset their accounts to your systems? Even if you think the split was amicable, you have a responsibility to protect the information that the staff member could previously access.
I’m not suggesting that there are hackers lining up to access your data, but don’t think it can’t happen to you. I'm sure you'd rather take a little time now to review your security than spend hours later explaining to your customers why their data was leaked because you used your name as your password.... So, off you go to think up a new password and I’ll be back next month to talk about the issues surrounding Email Deliverability.
|
