Monthly Archives: December 2015

ABC123: Passwords are ruining your software security

Last week we discussed how to beef up your software security to avoid data breaches in your own office. One thing we glaringly left out was how much of a danger passwords are to cyberscares like Heartbleed in 2014 – a security bug that left around half a million of the Internet’s secure web servers certified by trusted authorizes vulnerable to the attack, which allowed the theft of private user’s sessions and passwords.

password.jpgGeneric Passwords

As we support many clients around the country, it is surprising how often people use generic passwords like Admin, Password, 1234, or their name. These passwords are worthless and you would be just as good not having one. Some may claim that a bad password is better than no password, but that is simply not the case with these as they are the first guesses that anyone is going to try. These are the equivalent of having 3 deadbolts on a door yet choosing to leave it unlocked because the door handle will keep the door latched and you feel the appearance of the 3 deadbolts will deter everyone from entering.

SplashData periodically releases a list of the worst passwords for a year. In 2013 these were the top 10 worst passwords:

1 123456
2 password
3 12345678
4 qwerty
5 abc123
6 123456789
7 111111
8 1234567
9 iloveyou
10 adobe123

Do any of these look familiar to you? If so, run to your computer and begin changing them now. While most security experts recommend have a unique password for every site you login to, it’s really impossible to ask of people to do.

Shared Passwords

Another common practice that we run into is that a password may be a secure one, but everyone in the office uses the same one, or everyone knows each other’s login. When a non-Admin employee can log in as any one of five users and gain access to permissions not assigned to their login, then the whole purpose behind the user permissions is compromised. Your office may be small enough that you are ok with that, but this should encourage you to reconsider.

Plain-sight Passwords

Some people will create passwords that meet every qualification for top security, but will then stick them to the monitor with a Post-It note. While this is efficient against outside cyber attacks, it does no good for someone that is able to physically gain access to the computer. If you do need to write down your passwords then store them in a safe or other location that is not as easily accessible to everyone.

If you haven’t already stopped reading to check out your passwords, consider changing the ones that contain the most sensitive data of yours including personal and payment info. You can also check into apps and computer programs that save and create secure passwords so you don’t have to such as Dashlane and LastPass.

Source: SherWare Blog

Three Ways to Beef Up Your Accounting Software Security

Have you been hearing about all the cyber attacks happening at major corporations this year in the news or had to cancel your credit card because of the recent credit card hack at Target? These big cyber scares can mean serious problems for customers across the country – but did you know there are security breaches in your own office just as serious?

Source []How many different software programs do you use at work on a daily basis? Between tracking your contacts, financials, sales, email, and much more, it’s starting to add up. The login process for all of these can be burdensome and often results in poor security practices. One sure way to beef up security in your office whether its big or small is to set user permissions for your most sensitive data.

Here are three signs that are typically an indication that user permissions should be used:

Computers are left unattended:

Many employees fulfill a number of roles within most companies. This will often force them to leave their computer for various tasks like stocking supplies, getting the mail, and running errands. Computers are often left on and logged in to several software programs. This may not be a problem in small closed office environments, but should be a concern as the number of people with access to the office increases. Typically the employees that require the most in depth access are located in less accessible areas of the office. Those in more public areas of the office may only need basic functionality for most of what they do. Limiting the access of those in more public areas ensures that even if an unauthorized person gets on the computer, they are not able to see confidential areas or accidentally change something.

In many companies the person at the front desk fulfills many roles and does need full access at times. A good security compromise in this situation is to have two user permissions setup for this person. One for basic access that allows them to complete the daily entry tasks, and another with full access for the times they are utilizing the depths of the program. The user can then still have access to everything at times, while choosing to have limited access at other times. This will help limit what can be seen and changed by anyone that happens to come across unattended computers.

Multiple Departments:

Software security is not the only concern that is addressed by user permissions. Problems are often created by well-intended people that accidentally delete something while trying to look something up. Any employee that doesn’t use the software regularly can make mistakes while digging through the data. A great peace of mind can be obtained when someone knows that they can log on with limited access that will allow them to see their reports without chance of messing something up.

A great example would be the individual or department that handles Payroll. It is safe to assume that you trust this person, so security isn’t a concern. However, an occasion may arise where they need to perform a task that isn’t a part of their standard procedure. As they access a different parts of the software the possibility for mistakes increases. Since they don’t usually use the different windows, they may not recognize if something is deleted or manipulated incorrectly. Having user permissions that limit them to Payroll would force them to seek help from other employees that have more knowledge in the other areas which reduces the risk of mistakes.

Networked Computers:

It is a universal best practice to setup user permissions when software is installed or accessed across a network. With this setup it is likely that multiple people will be accessing the software. When networked, the software becomes much more accessible and the concerns from every other area mentioned become a greater concern. Security is also a concern, because without user permissions anyone in the office can now have access to the confidential aspects of the software.

Source: SherWare Blog