ess than twelve seconds. That’s about how long it takes for password cracking software, which can be purchased online for less than $50, to crack a password fewer than fifteen characters long.
A better approach, says Teresa Rule, president and CEO of RNT Professional Services, LLC, is to use a passphrase, making sure to change it every month. A twenty-two-character passphrase takes about forty-two days to crack, Rule says.
RNT Professional Services is a cybersecurity and data privacy firm with more than twenty-five years in the field. Based in Norman, Oklahoma, RNT has an office in Anchorage and three other locations. It works around the world, conducting cybersecurity audits and assessments for businesses of all types and sizes. Rule started the company with her husband, Randy Rule—both are retired Marines. It’s a theme for the company; Rule says of the eighty-six people RNT employs, seventy-two are veterans.
Rule gave a presentation on contingency planning at the November Associated General Contractors of Alaska Annual Convention and at a Construction Leadership Council Lunch & Learn gathering in December. The information she provided is valuable to businesses as well as individuals.
One of the most important tools for businesses is contingency planning. Just like companies should have a plan in place for natural disasters, having backups in place in the case of a widespread software or system failure is important. How do you back up data? Many people use the cloud, Rule says, but that could be compromised as well. It’s best to have another backup locally—even something relatively inexpensive. One such solution would be using several portable external hard drives, one for every day of the week, and taking them home daily, she says.
Planning for disruption is important, Rule says, but only if those plans are integrated across departments within a company and then revised annually to account for changes over time.
Photo by Photo Emporium Alaska.
Photo by Photo Emporium Alaska.
- Have secure firewalls in place.
- Train employees against phishing attempts, which can take place through emails, a fake web site, text messages, or phone calls. Train employees not to click a link in an email before reading and verifying the URL matches the institution it is purported to come from.
- Guard against insider attacks. Limit access to controls to only those who need it for their job.
- Prepare for malware attacks. This takes a multi-pronged approach: employee training, backups, limiting access to controls, and a strong antivirus software are what Rule recommends.
- Require password security. Require long passwords, require frequent password changes, and limit the number of attempts available before a user is locked out.
Even paying attention to these details, there are risks, Rule says. Every eleven seconds a small business experiences a ransomware attack, she says. Ransomware is a software that prevents users from accessing their computer files, systems, or networks until a ransom is paid to regain control. While it might seem like a “simple” solution to a ransomware attack is to just pay the ransom, that may not be the case.
“If you pay a ransom, you can go to jail,” Rule says.
The US Treasury’s Office of Foreign Assets Control watches and sanctions individuals and countries that pose dangers to US interests. Under the Trading with the Enemy Act, the Treasury can penalize people or organizations whose ransom payments benefit various known hackers or even go to countries on the Specially Designated Nationals and Blocked Persons List.
The best solution is not to succumb to an attack. Preparation is the best protection.
Two final kernels of knowledge to keep in mind, Rule says: Beware thumb drives, and beware public USB slots.
“All USB ports have two ports for power and two ports for data,” she says, meaning plugging a phone charger into the USB outlet in an airport chair might allow someone who installed a device to access your phone and gather important password, banking, or business information. Rule suggests traveling with a data interrupter or USB data blocker, which can be found online for around $15. And finally, carry your own thumb drive; don’t use thumb drives from someone else.
RNT Professional Services has a blog with a trove of useful tips, from how to avoid “skimmers” that can capture data when using an ATM and ways to safely use public WIFI to tips for keeping children safe online. Find it at rntpros.com/blogs/blog.