Technology Advisor Blog

Is your password 123456? Change it TODAY!

Posted by Ann Westerheim on 1/22/15 1:34 PM

computer_helpThe annual list of the worst passwords for 2014 has been posted.  Last year, there were over three million leaked passwords.  One of the interesting by-products of these leaks is the list of the top passwords.  SplashData posted their list of the top-25 (and therefore, worst!) passwords.  If you see any of your passwords on this list, change it!

1    123456 (Unchanged from 2013) 
2    password (Unchanged) 
3    12345 (Up 17) 
4    12345678 (Down 1) 
5    qwerty (Down 1) 
6    1234567890 (Unchanged) 
7    1234 (Up 9) 
8    baseball (New) 
9    dragon (New) 
10    football (New) 
11    1234567 (Down 4) 
12    monkey (Up 5) 
13    letmein (Up 1) 
14    abc123 (Down 9) 
15    111111 (Down 8) 
16    mustang (New) 
17    access (New) 
18    shadow (Unchanged) 
19    master (New) 
20    michael (New) 
21    superman (New) 
22    696969 (New) 
23    123123 (Down 12) 
24    batman (New) 
25    trustno1 (Down 1)

Interesting to note that the number one password has been unchanged for years.  I even saw it on a nationally televised game show a few years back.

Your security is only as good as your weakest link. Passwords should be "strong".  That is, passwords should be at least eight characters long, and contain uppercase letters, lowercase letters, and symbols.  At your next staff meeting, share this list with EVERYONE in your small business.

What is a Data Breach?

Posted by Ann Westerheim on 1/20/15 4:33 PM

Laptop Work-10Recently one of our clients got a system infected with a virus and worried about whether or not they needed to report it.  First, it IS possible to get a virus even though you're doing everything right, such as maintaining up-to-date anti virus protection, firewall protection, and security patch updates.  But in most cases, although viruses can create a lot of damage and disruption, no data is exposed to the wrong hands.

The Massachusetts Data Protection Law and many industry-specific standards such as HIPAA have rules regarding breach disclosure requirements.  To gain more insight into what actually constitutes a breach, here is a definition of a breach from the HHS.gov website (Health and Human Services).  In this case, the language specifically relates to protected health information, but similar guidelines can be used ot understand other protected information.

“Definition of Breach

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.  An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:

  1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the protected health information or to whom the disclosure was made;
  3. Whether the protected health information was actually acquired or viewed; and
  4. The extent to which the risk to the protected health information has been mitigated.”

In some cases, viruses can introduce key-logging software that could lead to a breach, but in general there is no “use or disclosure”.  The damage done by a virus may be thought of as analogous to someone physically damaging your computer with a hammer.  It's damaged, and harm was done, but no information was disclosed - more of an act of vandalism as compared to theft.

We strongly advise all clients to keep up to date with security training and make sure all employees understand the need for maintaining up to date security protection.

Tags: Security Requirements, breach,

New Years Computer Security Resolution - Lock your Computer!

Posted by Ann Westerheim on 1/7/15 8:43 AM

Windows-Key_L-1It's a new year and time for resolutions. With data security in the news almost every day, and several very high profile breaches last year (Sony, Home Depot, Staples), we recommend data security at the top of your technology plan for 2015.  
Here's a real simple tip to get started on the right path.  Get in the habit of ALWAYS locking your computer when you leave your work area even just for a few minutes.  Its quick - simpy hit the Windows Logo Key and the "L" key and your system will be locked. Raising awareness to all your employees will help keep your data safe.  This is one New Years resolution that's so simple there's no excuses!  Make it a company policy and at your next staff meeting remind everyone to take action. 

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.