Posts

What Value Does Your Company Place on Their Customer’s Privacy and Livelihood?

From Eric Levy: ITAD SalesEPC, Inc.

EPC, Inc, now in its 30th year of business, continues to be a centerpiece of information in regard to Data Security. We have been offering companies of all sizes options that ensure compliance with specific industry standards to help protect a company’s reputation and information. A recent article from DataBreaches.Net shows just how important it is to be compliant.

“Nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging.”

This is a staggering number and cannot be overlooked.

That means that if your company had an “average sized” Data Breach from a mishandled asset or drive of 554 leaked names*, you would have 139 customers or clients that now have had their entire identity taken from them. This is a process that can take from 3-7 years to reclaim not to mention the untold number of dollars that it will cost YOUR COMPANY to make this happen.

The next time you have retired assets that your boss told you to “get rid of” don’t just think of your potential feel good moment of running into that boss’ office and telling him you got rid of all of those “old” computers and were able to do it for no money. Think about that boss’ reaction when you have to tell him the guy that did it for free just stole you client’s identities and you now have to deal with the absolute costs associated with a breach – along with the unknown costs of lost business.

EPC offers true, peace of mind and for very little time on your part. We offer fluid solutions to fit any company in any industry.

Please feel free to contact EPC and learn more about our Industry leading Data Security operations. We would love to help you review your protocols to make sure you are compliant within your industry.

*The data to describe an average size breach is from 2012. We expect the average size of a breach to continue to grow exponentially for the foreseeable future.

Dealing with password fatigue

How many passwords do you have? According to a study done by the NTA Monitor in 2002 the average computer user has 21 different passworded accounts. Twenty One! And that was before Facebook, Twitter, or any other social networking tool. I personally have well over 100 distinct account credentials on various websites and servers.

It’s no wonder that many users resort to picking easily guessed words, put passwords on sticky notes, or use the same password for every service out there. A recent study even indicates that IT security professionals are suffering from password fatigue.

Password Managers

One solution to password fatigue is using a password manager. Many operating systems, like OSX and Windows 7 even include password management tools within. My personal favorite is KeePass, an Open-Source manager that was developed for Windows, but has been ported to OSX and Linux.

The main drawback with password managers is that they require extra effort to maintain. Every time you create a new account or change a password on an existing account you have to keep your password manager in sync. Over time it is easy to have the wrong password on file, or worse, not have the password you need on file.

Password Schemes

An alternative to password management tools is coming up with a consistant scheme for generating new passwords. The idea is that if you use the same rule for generating passwords, you can figure out what the password would be.  One scheme is to use a base password, then append something related to the service. So for example, your base might be ‘asdf’. So if you were creating an account on Yahoo you might use the password ‘asdfyahoo’ or ‘yahooasdf’.

The drawback with this approach is that each site has its own password guidelines. Some require alpha and numeric characters, some require a combination of upper case and lower case, and others require extended characters like ‘$’ or ‘&’. Coming up with a scheme that supports all the requirements is a challenge. And what about services that require your password to change regularly. Either you have to create multiple base passwords or multiple service keywords – and once you do that you are back to keeping track of individual passwords.

Choosing Memorable Passwords

A third option is picking passwords that are easy to remember. The challenge is in picking a password that is both easy to remember and secure. For example, while everyone can remember ‘password,’ it is not a very secure choice.

One trick is to pick a phrase that can be remembered such as ‘The fox jumped over the tall hedge’ and use the first or last characters from each word. So in our example phrase you might use the passwords ‘tfjotth’ or ‘exdrele.’

While this approach makes passwords easier to remember, you still should not use the same password for every service, so it makes sense to pick a few phrases that can be remembered and cycle through them.

How do you deal with the many passwords in your life?