Classic Hackers: What War Games Taught us About Technology in the Workplace
By Mike Jaworske
Network Administrator
Much like the premise of the classic 1983 movie, War Games, and its computer whiz-kid lead character David Lightman, sometimes even the most complex passwords and security protocols within a business are compromised from one common, yet entirely preventable misstep: in-house protection.
Just as David Lightman snuck into the open and accessible area of the high school secretary’s desk to copy the password and change his grade, and developing a more complex breach leading him to the brink of global thermonuclear war, company employees are doing much the same. How? By posting passwords and logins on a sticky note on their computer, slipping pieces of paper with sensitive information under the keyboard, or “secretly” tucked away in the top right drawer of their desk.
Tsk. Tsk.
Many companies rightfully focus on the big picture when thinking technology and securing client data. But, beyond the best infrastructure, firewalls and encryption, lies easy-to-overlook lapses. What can you do? Whether you are a business owner or an employee, continue reading to find three great ideas you can do right now to secure your company and personal data at the workplace:
- Ensure your company protocol eliminates a single point of entry A single point of entry can be devastating for a company. Examples of a single point of entry include (Router/firewall port forwarding, no password, lack of drive encryption, an open WiFi network)
- Implement multiple barriers to entry Example: Keep physical systems behind locked doors. If you are using WiFi, use a high-end unit such as CISCO Aironet. Invest in a business class firewall and VPN, adopt complex passwords, use full drive encryption along with two-factor authentication)
- Implement a password changing schedule While there are several theories surrounding the frequency of how often employees are required to change their password, keep in mind that asking employees to change passwords too frequently (monthly) could lead to the employee becoming burdened and confused, resulting in writing it down and placing that sticky note on the computer. Instead, I recommend a challenging password (combination of letters, numbers and special characters) that is changed every year or so. Hackers know that when passwords become too difficult, employees resort to easier methods of memory, such as meaningful dates, sequencing or common combinations.
- Instruct employees to use a different password for their work email than their system log on. Should a breach occur, stopping the bleed will be easier from one password hack and entry than that same password leading not only to the employees email, but also the company time entry, payroll, and system applications.
- Educate employees to become prudent so as not to write out their password files. Sure, you can likely trust your employees, but who else may be near your workstation? After hours? Vendors? Maintenance workers? Other building or office guests? Delivery personnel? Disgruntled workers?
- Encrypt your emails Email systems do not automatically include encryption software. Simply, do not send anything in the email that you do not want someone else to see. Period. Surprisingly, encryption software is incredibly affordable and without it, incredibly devastating. To protect our client data, we use Citrix Sharefile. There are many products on the market; be sure to understand not only the cost (around $20 per employee per year) but also that encryption protects just the file attachments, not the message. For example, if I put a Social Security number in a Word document and attach to the email, the Word doc would be the encrypted message. The email body or “cover letter” is simply transmittal language.
Keep in mind E-mail encryption is just one facet of encryption. There are several areas that encryption can be applied such as databases, hard drives, flash drives, applications, network traffic, etc.
Additionally, understand there are three different levels of encryption available and that all are not created equal:
- AES-256 bit encryption – same as used by the US government for top secret information (RECOMMENDED)
- AES-128 bit encryption – also approved and used by the US government, but for classified or secret information
- xxTEA-128 bit encryption – fastest, yet least robust of all three (great of you do not transmit sensitive personal information)
Related read: Preventing Identity Theft Starts with Securing Your Personal Information
Unfortunately, not all companies are on board with encryption. Not because they don’t want to, but because many simply don’t understand what it means.
Many in business complain about security threats, but often, it is simply a matter of thinking in a different way. For example, even though faxing is considered archaic, it is still more secure than email because of the way it transmits the data (over a phone line).
So, if storing passwords in the brain through memorization is the most effective, how do hackers get into your brain? It’s not always some young kid in their bedroom trying to steal data. More likely it is someone trying to break into your home. They are looking for the simplest and easiest opportunity: windows that are left open, unlocked doors, mail or newspapers piling up, no lights on at obvious times of the day. Simply, when it comes to business, ensure the windows and doors to your work home are shut, locked and in proper working order.
Our management advisory team is ready to help you enhance your business security. If you have any questions, please don’t hesitate to contact me at mjaworske@zinnerco.com or any of our Zinner professionals at 216.831.0733.
We’re ready to have the conversation to help you avoid a thermonuclear war game from occurring in your place of business.