I am asked time and time again about securing a clients computer or network.  My usual answer is I need to send out a technician with some software to install or to update the anti virus software they already have. The problem is not usually the software they are running but the users themselves.  Security software is only as good as the weakest link and 99 out of 100 times it is the user and not the software’s fault it failed.

Here @ AlphaKOR Group we take great pains to ensure our client is safe against viruses, worms, etc.  It is not only our job to keep up with the latest software and appliances but we also have to educate our clients to be safe on the internet and e-mail.  Here are some simple rules to go by.

1.    Do not open e-mail from people you do not know.
2.    Delete those e-mails that have been forwarded again and again.
3.    Be very suspicious of e-mails with a vague subject line of “Free Vacation” or “I Love You”, etc.
4.    Keep your anti virus software updated with the newest virus signatures.
5.    Don’t forget that most anti virus software needs to be fully upgraded every year.

Just by doing these simple things you can save yourself a lot of grief and money.

Chris Brenner

Over the next few weeks I’ll be looking at the various computer and network security myths that we often come across as an IT provider. Since almost all business information and an increasingly large amount of your personal data is stored digitally, you can be more informed and more in control when in comes to protecting yourself in the digital world.

“I don’t care about the data on my computer so I don’t care if someone hacks into my network”

This is the number one myth we hear regarding computer security. The idea behind this is that if your data is boring or unimportant, or if it only has value to you then you’re not a target for malicious activity. At home or at work, you are considered responsible for the activity on your network, so the number one cause of network attacks is not data theft but hackers looking for somewhere to begin their malicious activity. If your account is detected as the source of a malicious attack it will be you that is held responsible and you that faces the consequences. Most computer and network equipment generate logs, but these are often insufficient when it comes to proving your innocence in a court of law. Another reason why you could be a target is the illegal sharing of copyright materials. If your network is easily compromised, an intruder could store music, movies or even pornography on your systems, even in a way you may not discover them immediately. Your network is your responsibility, and one of the major foundations of network security is that prevention is the best cure. Contact us for more information, and look out for our next security myth soon.

When you turn on your computer you type a password. When you access your e-mail online you type a password. When you log into your chat program you type a password. When you access your bank account online you type a password. Everything you do in the digital world is measured and protected accordingly, and normally the level of security is not decided by you, the end user. Choosing the right password is one way to control how secure your digital world is.

If your password is ‘password’ or your name, or your cat’s name, you’re not as secure as you could be. If this is for your Hotmail account then you might not be too concerned, but if you use the same password for Hotmail as you do for internet banking and someone manages to break into your Hotmail account then it’s easy to see how important security is online.

The practice of “cracking” passwords is mostly known as “brute force”, as in to open by brute force. An attacker will use a text file such as a large dictionary as a list of words to attempt to try to guess your password. The best hackers will have enormous dictionaries containing combinations of numbers, letters and characters. For example, if your password was the word ‘aardvark’ then your account would take less time to break into than if it was ‘zebra’. Using combinations of letters and numbers used to be enough, but now it’s considered best practice to include characters and capital letters too.

Once you’ve decided to go with a more secure password, the question becomes how do you remember the complex string of characters you use, and how do you vary the password you use on different sites and for different purposes? Here’s one way.

Pick a regular word that has some meaning to you. It should be around 6 to 8 characters. It can be your nickname at school, your mother’s maiden name or your favourite hockey player’s name. For the purposes of this example I’m going to use the word ‘edgware’, a place name. Now we have to add numbers into the mix - choose 4 numbers, as random as possible. Most people have a PIN number for banking purposes, but you can use an important date or year. For this example I’m going to use 2002, the year I got married. Now combine the two somehow, preferably not by simply placing them one after the other. So far my password looks like this:

e20dgewar20e

Clearly, a word that wouldn’t appear in any dictionary, but still not impervious to random character attempts. Now add a character such as an exclamation mark or ampersand. Don’t simply place it at the end, add it somewhere in the middle. Finally, capitalize two letters. Now my password looks like this:

e20dge#War20e

Voila. This seemingly random string of characters means something to you and contains a word and number easily recognizable to you, but would be almost impossible to break without either a massive dictionary of words or a huge number of attempts. Bear in mind that the strength of this method is that you create a logical path for how you arrived at the password, and you can begin to vary it across the different sites you use. For example, my password for amazon.com might be:

e20dge#War20e

and my password for Hotmail might be:

20edGe20wa#re

The characters are the same but the numbers are placed differently and different letters are capitalized. Simple to remember because they contain the same basic elements, but still impossible to break even if one became compromised. This is important because people sometimes choose weak passwords for Hotmail and use similar passwords for internet banking, which creates a vulnerability.

Here’s one more method for creating and remembering a good password. Begin with another word of around 6 to 8 characters, also memorable to you. I’m going to use my first car, cavalier. Now take your initials and count out how far along the alphabet each letter appears. For A it would be 1, for Z it would be 26, etc. My three numbers are 20, 16 and 12. Now replace the first letters of the word you chose with the first number and the last letters with the second number. Then add the last number in the middle. So far I have:

20va12li16

Then add a random character in the beginning, middle and end. Now my password looks like this:

!20va1&2li16!

Again, the result is a password completely random to anyone but you, yet still easy to remember assuming you remember the method you used to produce the password. A good variation on this might be to simply replace the characters you added in the final step. Don’t forget, the important bit is to figure out a logic path that’s your own that no one could easily guess - simply using your name reversed or adding ‘1234′ at the end won’t be enough!

Here is Microsoft’s page devoted to choosing a good password, with some great advice.  Also, here is their password checker, a tool you can use to test the strength of the password you choose.