In light of the recent cyber extortion visited on several American hospitals, it is apparent that vigilance should be our watchword against cyber attacks. To be vigilant there are several set pieces that need to be in place for our IT infrastructure. Even the best plans can be compromised some day. It is not a matter of "if" it will happen but " when." Here are a few ideas that we should use to minimize the damage.
Disaster Recovery: You should be backing up your data in two locations one that is connected to your current network and one that is off premise. If the American hospitals had done this their data could not have been held hostage. They were not backing up their data. Instead they paid the extortion to the hackers who held the keys to the compromised data encryption. One's disaster recovery plan should take this scenario into account to minimize the effect that this would have.
Passwords: I know what a pain it is to have a password policy for the network that has to be enforced but it is one of the leading vulnerabilities in our systems. In a recent article in "The Journal of Accountancy," the two most used passwords are "1234567" and "password". This is a sad comment on our laziness. The longer the password the harder it can be to remember unless one has a method. Here is one that I use. I break my password into three parts. The first is a number like my telephone number. The second is the name of the entity this relates too and the third is a pin. Here are some examples:
American Express 5052215012AMEX4561
Bank of Albuquerque 5052215012BOA6572
This type of system makes a very strong password and is easy to remember for you only have to remember the last four digits that will be unique.. I am sure that you can improve on this system but remember that the longer the password and the more characters involved the stronger your password will be.
Vigilance is our by-word. We should always look to our security and improve on what we have in place. You are your own last line of defense. Let the data flow and keep being paranoid.
Written by:
Dr. John D. Walker
Network administrator
Atkinson & Co.