In just the second quarter of 2017, there were at least 62 million detections of malware on IT systems across the world. This was just the introduction to ABT’s Thirst for Knowledge event last Thursday. Thanks to our Research Manager Randy Earl, I also learned that the first line of defense against these kinds of cyberattacks is teaching employees like me how to be smart about security.
This was the first time my company has help this kind of informational lesson before one of our Thirsty Thursday networking events, and it was a big success. I got to speak with both new and old friends from outside my company, and there were lots of good points in the presentation and an engaging discussion from the crowd. Here are my main takeaways from the presentation:
How to Make a Good Password
Judging by the questions and comments from the presentation, it’s pretty clear that attendees take password security seriously. However, some had gotten bad advice about how often to change passwords and how to design a good one.
Thankfully, Randy provided some helpful guidelines on how to design passwords that a computer wouldn’t easily guess (and that guys with mediocre memories could actually remember!). Having long (12–15 characters) passwords that used a series of unrelated words were both difficult for a computer to guess while being simpler to recall later. Randy taught us that having this kind of longer password in place was more important than requiring employees to change their passwords every 60 days.
Randy also spent some time explaining the need for password managers and how helpful they can be in a larger organization. At Atlantic BT, we use Pass as our main tool to generate strong passwords and store them in a safe location. Naturally, it’s important to use a strong password to ACCESS Pass, otherwise your credentials for this password manager could be stolen.
Mobile Security Takes Some Effort
When will there be a good password manager for mobile devices? Touch ID has served as a good security measure, but for those with lots of logins and/or multiple devices, an easy-to-use mobile password manager would be helpful. As of now, Randy described mobile password managers as “tedious,” implying that their usability needs improvement.
In the meantime, it’s good to see password managers are trying to keeping up with mobile OS updates; LastPass announced AutoFill on the same day as Android announced their new Oreo OS. So it looks like we have the tools to secure our mobile devices (as long as we remember to lock our phones!) even if password managers are still working on usability.
Do Individuals Need Offsite Backups?
While Randy was explaining the importance of backing up critical data to guard against ransomware, one attendee made a big point of keeping data backed up OFFSITE in addition to offline. Randy agreed, since these offsite backups would protect a company if its office flooded, caught fire, or had some other environmental disaster.
It might be easy for an individual to think their data is safe enough that they could get by without an offsite backup. I would disagree; offsite backups are as important for individuals as they are for large companies. We never know when disaster can hit us, so it’s vital for anyone with data they value (so, essentially everyone) to have an offsite and offline hard drive or thumb drive to back up important files.
That in mind, the point Randy made was clear: having a strong backup solution in place will save a business owner from a lot of anxiety—especially if they work in targeted industries like healthcare or finance.
Next Thirst for Knowledge on September 21
All in all, this Thirst for Knowledge event gave everyone a lot to think about and new practices to adopt in matters of security. I’m looking forward to the next Thirst for Knowledge event on September 21. Be sure to follow Atlantic BT via Twitter for updates on the subject and speaker for the next Thirst for Knowledge.