The importance of password strength is critical to your Network’s safety. Businesses spend countless time and resources on software and equipment to protect their sensitive data, only to have their Network compromised by a User with less than secure password practices. “Why do I care if someone hacks my Company’s Network?” Here’s why. Your company uses proprietary and sensitive data on a daily basis, some of which may include, but is not limited to, payroll and tax information about YOU. This could include your Social Security number, address and phone number. We have all heard the horror stories about the repercussions of identity theft. So, I would argue that it IS in your best interest to help keep your Company’s Network secure.

Hackers can use many methods to acquire your password. The most prevalent method is a dictionary attack. Dictionary attacks are derived from lists of words found in a dictionary. These programs are capable of adding numeric characters to the word lists to accommodate for any numbers that you may have added to the beginning or end of your password.   The program tries thousands of words per second until it eventually finds the right combination. This type of attack is often times successful due to our tendency to use words and names familiar to us.

So what makes a strong password?  There are many methods that you can use to help you create a strong password, but will also keep it easy to remember. 
Here are a few guidelines to use when picking a password:

• Passwords should be at least 8 characters
• Do NOT use any variation of your first or last name (no family members either)
• Use combinations of lower and uppercase letters
• Substitute numbers for letters, e.g.  Hello could be h31lo. I have substituted “3” for “e” and “1” for “l”. 
• Substitute characters for numbers by holding down the “Shift” key, e.g. 45678 now becomes $%^&* 

These are just a few suggestions which can help you create a more secure password. My personal favorite method is to choose a phrase. Take for example:

“I understand that passwords are very important for security at work”, would become:

IuPavI4S@w

This password is more than 8 characters long, combines lower and uppercase letters, substitutes numbers for letters and is easy for me to remember.

So how strong is your current password?  Here at Ossa Technology Solutions, we try to provide our customers with the tools and resources to make their life easier. Follow the link below. It will redirect you to a password checker that we provide to our customers.

http://www.ossatechnology.com/support/support.aspx

Put in your current password and wait for the results. You may be surprised to find out how secure (or unsecure) your password really is!

Hope for the best yet prepare for the worst.  This little addage holds water when it comes to backup planning.  In NE Ohio we have seen tornado devastated communities.  In flood zones, whole areas are put out of commission.  My question is how far do you think your off-site backup should be in relation to your office?  Perhaps 10 miles away from the office should work.  Now, how is the tape going to get there?  Most of our clients do not have a full-time IT person.  Some have an employee who takes the tape or drive off-site but lives within a 10 mile radius of the office.  Distance is not really a major issue if the disaster your comapny is looking to avert is a fire or theft or even an isolated natural disaster. 

Another important item to consider is the who and how of the off-site equation.  Who is the person responsible to take the backup off-site.  Is the data secure?  When we add the how is the data trasnsported off-site then some more issues are raised.  Now that the data is going off-site, how easy is it to access your data in the event that the tape or drive was lost or stolen?  For most companies the idea of having their data compromised is not acceptable.  

Can you afford to have your data stolen, destroyed by fire or a natural disaster?  One of the new solutions we offer is a off-site backup to a data center maintained by EMC, a leader in data storage.  Backups are encrypted, stored in a world class data center and accessible from anywhere there is internet access.  If your building was destroyed we coud recover your files to a new location.  We can even have the backups shippoed FedEx to arrive the next business day in the event that large amounts of data need restored.  This low cost, manageble and secure solution can alleviate the worry of keeping a copy of your data off-site.  Please call our office for more information at 330-551-2280.

Backups are only as good as the ability to restore them, successfully.  At times they have a tendency to be forgotten.  Without good monitoring or testing we are not able to have the peace of mind that our data is safe.  In some environments backups are tested monthly when one or more users 'accidentally' delete an important file.  In other cases backups go months, if not years without testing.  There are even cases in which a good backup has not run for weeks and no one is the wiser. 

If you are not monitoring your backups, please start today.  Windows Small Business Server has built-in alerting and monitoring features that let you know when your backups fail or succeed.  Most third-party tools have an email alerting feature built in.  Windows native backup tool reports on its backup and places the log file in your %userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup folder.  An admin can keep a shortcut on their desktop that folder and review it daily. 

Try to test your backups every so often.  The more critical the need to recover the more often you should check the data.  Plan on restoring several critical files to an alternate location once a month.  Verify that the files were restored successfully.  Now you can feel at ease.

The other item to consider is off-site storage of these backups.  I recommend that you keep some type of backup off-site.  This could be a copy of your daily, weekly or monthly.  There are several ways to accomplish this.  Next week I will expand on this and talk about some of the different services available.