Shane's Blog - February 2017
Howdy from Texas where it is mid-February and we are having a false Spring,
When it comes to computer and network security, I am down right paranoid. So much of our private information is stored across cloud server farms and on our metalcasting and home computers. Every hour we learn of another website that has been hacked. I thought I would devote this month’s blog to keeping your information as safe as can be.
One of the most frightening attacks these days’ concerns “crypto lockers” where the computer or network is infiltrated by a bad actor and your entire system is “locked down” and all your data is encrypted. The attacker will inform you that you need to pay a certain amount of money to unlock your data, with the payment generally required in the untraceable bitcoin and of course there is no guarantee that you will ever get your data back.
Backing up your data every night is critical. Using low cost services, it is possible to automatically backup the data to the cloud where it is safe and secure. If done right, there will be many versions of the data, so that it is possible to go back in time to a point before the attack happened, should you be unfortunate enough to be attacked; especially by a “crypto locker”. Additionally, you should also consider on-site backups of the data as extra protection. When I was at Citation Texas Foundries as the IT manager, we had multiple backups of data. The old magnetic tapes were stored at a local bank vault as well as copies taken to my house thirty miles away. When I was at EDS, Electronic Data Systems, as a Systems Engineer, during the Three Mile Island nuclear scare, all data was put to tape and flown out of the local data center on the corporate jets. Data drives business and the loss of data can put a business out of business.
All computers should have strong anti-virus and anti-malware software that is constantly updated and running. I know of some people and companies that rely on “free ware versions” of this critical software. The advantages of paying for this critical software is that it generally updates itself and provides constant protection. Which version to purchase? I advise checking out reviews from bellwether sites.
Passwords are the gatekeeper to the information and the first line of defense. Strong passwords are difficult to keep up with and remember and there are online secure storage sites for your passwords. However, with that said, I am so paranoid that even with secure password storage sites, I never store the actual password, only “hints” of what the password is.
Creating a strong password is based on the length of the password and the use of upper and lower case letters, special characters, and numbers. With my paranoia, I have four levels of passwords:
(1) SECRET: These passwords are used for accessing applications that I really don’t care about and if they get hacked, no big deal. These passwords maybe used on any number of websites. What makes it a low-level site, it has no identifying information and no credit card information. Generally, when I sign up for these types of sites, I am using bogus information anyway and not my real name or address and have what I call “throw down” email accounts or email accounts that I use for nothing, never check them, and they are just there.
(2) MID SECRET: These types of sites would have real contact information in them, but the information contained in not sensitive and not financial in nature.
(3) TOP SECRET: Passwords for sites that store credit card information and other sensitive information would use longer more complicated passwords.
(4) BEYOND TOP SECRET: These are the holy grail sites that bandits would like to overrun and gain access to. Examples of these sites would be financial institutions, extremely sensitive information like medical records, social security, and driver’s license information. The passwords to access your network will fall into this level of security. To access my network, a twenty-digit password is required. If you want to get to the cloud storage of all my passwords, a thirty-five-digit password is required. Extreme, yes, but, I sleep better at night. The bad guys and gals never sleep.
Coming up with strong passwords is easy! A favorite quote or nursery rhyme are good places to start. An example of this would-be Charles Dickens writing from a “Tale of Two Cities”. It was the best of times, it was the worst of times. A password could be made out of this based on the first letter of each word, tossing in a few numbers and special characters.
Iwtbot,Iwtwot885% - the 885 might be your street address with percent sign in. In the cloud password storage, I would have this stored as “Charles Dickens Tale of Two Cities cap both street address %. Thus, if someone managed to get into the cloud password storage, they will only find a riddle.
When a site allows it, always go for what is known as two factor authentications. Anytime I access my bank account either from work or home or on the road, I enter my top-secret password then the bank turns around and calls me on my mobile phone with a secret number code that I must enter into the website. Some sites I access even have three factor authentications in which in addition to the aforementioned, when I enter the password it provides a picture that I preselected. If I go to the website and it does not show my picture, then that implies that the website is bogus. One US Government website I access has a four factor authentication. The fourth factor is that a “scrambled” non QWERTY keyboard is displayed on the screen to use, which prevents virus programs from “reading” the keystrokes.
A few final tips for you:
(a) When traveling, never access top secret sites from free WIFI. I have a mobile secure hotspot on my phone.
(b) Select “Do Not Save Credit Card” when completing online transactions.
(c) Never ever click on email links from any site. If you get an email from your bank saying to go to this link, then go into your web browser and type in the known website by keyboard.
(d) Having had my identity stolen, I strongly recommend one of the services that monitor your accounts and private information. Having this service in place saved me a lot of time and money as some bad person was opening credit card accounts and making purchases left and right. I was alerted almost instantly that something horrid was happening and could lock things down. I didn’t purchase the $10,000 curved flat screen TV. The only actions I had to take were making a phone, writing a letter, and filing a report with the local police department.
(e) There is no such thing as a totally safe website. Any and every website is subject to being hacked and your information stolen. The less information you can store online, the better.
Think about it for a moment. If all your data was instantly gone, could your business survive? On your home computers, think about all the digital memories that we be forever lost. At the foundry, we had a fire drill and no one stopped to close the huge walk-in fire safe while rushing out of the “burning” building. I pointed this out to the controller that we had “lost” everything in the “fire”. He was not too amused about this prospect and from that point forward, if the safe was not in use then the safe was to be closed.
Until next time, see you on down the road.
Shane Allen
SYNCHRO ERP Head of North American Operations
- Share this:
- More news:
-
Upbeat AFS Texas Meeting
Howdy from Texas,
I’m just back from the January 2017 AFS, American Foundry Society, meeting at the Sam Houston Horse Race Track; in Houston, none the less!
It is always so good to catch up with fellow metalcasters that embody the spirit of the AFS and continue the long historical legacy of turning liquid metal into castings! The turnout for the board and general meeting was better than expected and in the end, it turned out to be a large crowd of approximately seventy members.
-
May the 4th Be With You
Yoda says, “may the 4th be with you!” Win a cool USB and lanyard if you can hazard a guess as to which SYNCHRO ERP team member this is. Submit your entry to social@synchroerp.com
