Passwords are the Key...

Information System Security topped the list of concerns in a recent American Institute of Certified Public Accountants (AICPA) survey. Because the Internet is such a dangerous place, prudent users must take every precaution to defend themselves from the risks, which include both external threats, as well as internal threats. A comprehensive data security plan must take into account data backup, virus/spyware protection, patch management, spam control, and access controls.

One of the most often overlooked aspects of Access Control is weak and/or non-expiring passwords. A “weak” password is one that can be easily guessed of broken by an attacker using an automated password cracking tool. On the other hand, a “strong” password is one that cannot be easily broken. I recommend creating and using strong passwords for your network, as well as any Internet site that holds your confidential information.

Use these steps to develop a strong password:

1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase (defined below). Use a memorable sentence, such as “My dogs name is Sam He is 12 years old”.


2. Convert the sentence into a password or pass phrase by writing down the first letter of each word. For example, “My dogs name is Sam He is 12 years old” becomes “MdniSHi12yo”. This technique allows you to easily remember a complex password without writing it down.


3. A “pass phrase” is a password with a space somewhere in the random character string, such as “MdniS Hi12yo”. I recommend the use of pass phrases if the computer network or online system supports them. This simple step dramatically increased the strength of your password. In addition, when it comes time to change your password, it’s easy to change the first of second portion of the passphrase and keep the other half the same.
   

Password policy recommendation:
I strongly recommend a password policy with the following requirements:
Minimum of a 10 characters with complexity (defined below), expires every 90-180 days, and cannot be reused within 24 passwords.

Password Complexity—Passwords must:

1. Not contain the user's account name or parts of the user's full name that exceed two consecutive characters


2. Be at least ten characters in length


3. Contain characters from three of the following four categories:
   English uppercase characters (A through Z)
   English lowercase characters (a through z)
   Base 10 digits (0 through 9)
   Non-alphabetic characters (for example, !, $, #, %)

Mommy, Why is There a Server in the House?

In case you haven’t seen this yet, here’s another very creative marketing piece from Microsoft on the Microsoft Windows Home Server - a children's book to help kids understand why Daddy brought a “server” home.

Even though this book is a high-tech spoof, the product is real and available from http://www.shopping.hp.com, or from other online retailers. The Windows Home Server packages some very powerful technology into a very easy to use product that solves some real world problems.

The Home Server is a great product for anyone with two or more computers in their home. The key benefits are automatic backup of your important files, sharing of music, photos, or almost anything else, and sharing of files with people outside the house, like Grandma and Grandpa!

Get more information on the Windows Home Server and read the book to your children or grandchildren at http://stayathomeserver.com.

7 ½ Ways to Survive the daily E-mail Flood

Are you drowning in the flood of e-mail messages you receive each day? Is your Inbox overflowing with hundreds or thousands of outdated messages, leaving you gasping for some form of relief? Rest assured that you’re not alone. Good e-mail management requires both strategy and disciplined daily activity. Here are some straightforward steps that will help you manage the volume of e-mail you receive, and allow you take control of your Inbox!

1) Recent statistics reveal that 10 out of every 11 e-mail messages worldwide is spam, also known as Unsolicited Bulk E-mail. The global impact on business productivity is staggering – clogging e-mail servers, Inboxes, and deleted-items folders everywhere. Spam filters are not 100% accurate and you do risk blocking a few legitimate messages, but the advantage of running one or more spam filters far outweigh the risk. Modern filtering techniques can do a very effective job at knocking down 95% or more of this stuff, so if you’re receiving more than 10 spam messages per day, you need to look into better protection, or multiple levels of protection. For a recommended antispam solution that’s right for you, e-mail me at FightSpam@MakingTechEasy.com.

2) Avoid spam by protecting your primary e-mail address. Create one or more secondary addresses with free online e-mail services such as gmail.com or hotmail.com. Use these secondary addresses whenever you wish to keep your private e-mail account anonymous. If over time your secondary e-mail account begins to get spammed, cancel it and apply for a new secondary account. Alternately, Google the phrase “disposable email address” and consider registering for one of the free DEA services listed there.

3) Take your eyes off the Inbox! Effectively dealing with e-mail is serious business. Rather than being interrupted every time a message arrives, I recommend turning off your “incoming e-mail announcements” and setting aside time periodically throughout the day to process and organize your e-mail. The benefit is that you will have time to focus on that specific task and can make proper decisions regarding each message. Of course, if you are expecting an urgent message from your boss, please scan your Inbox more often.

4) During your dedicated e-mail task time, use the four D’s of decision making. Delete it, Do it (then delete it), Delegate it (then delete it), or Defer it for later action. This last point, “Defer it” is the most difficult because you need some place to store the message so that you can come back to it later. Many people use their Inbox for deferred action items, which results in their Inbox becoming a giant task list. I suggest moving the item to your task list, or moving it to a “pending-work” folder or set of folders. The benefit is that the task doesn’t get mixed in with your incoming messages. Treat your Inbox as an “INBOX,” not a storage location.

5) Establish a set of organized e-mail folders to store information that you need to reference later. Think what would happen if you stored every letter or report that you wanted to save in a giant pile in the middle of your desk. This type of filing system is messy, makes it difficult to find important items, and could crush you if it toppled over. Keeping all of your saved or deferred e-mail messages in your Inbox is not the best approach for the same reasons. Creating a filing system that works the way your brain thinks is critical. Create as many or as few folders as you need. The important point is being able to quickly find the information when you need it.

6) Important! Use the delete key! If there is one tip from this list that you follow, please make it this one. Many people have a problem using the delete key in their Inbox because of their fear of removing important information. Proper use of the delete key is critical to managing your Inbox. Delete, Delete, Delete, Delete, DELETE!!! J If the message is important enough to save, then make that decision and immediately move it to a storage location or reference folder. If not… use that delete key!

7) Take action to clear out your backlog of e-mail. If you have unread messages that are several months old and you haven’t yet read them, it’s likely that you never will. Begin by taking anything that’s older than two or three weeks and move the whole batch to an archive or save folder. If you ever need to search through it, you can go to it. Then start at the top of your Inbox and apply the techniques listed in steps 4, 5 and 6 (especially 6). You should quickly begin to feel the stress of an overflowing Inbox melt away.

7 ½) If you are serious about getting control of your Inbox and ultimately improving your productivity, I highly recommend the Microsoft Press book titled “Take Back Your Life!” by Sally McGhee – ISBN: 9780735622159. It is specifically written for Microsoft Outlook users, but many of the techniques will apply to any e-mail system. The key to success is disciplined execution. Now that you have the skills, make it happen!