 |
||||
|
|
|
||
|
Insight Focus 
Introduction
Passwords
Network and PC Hygiene
Mail
Printing and other media
Physical security |
|
||
|
|
||||
|
|
||||
- Strong passwords make a good starting point. The idea is to come up with something that is difficult to crack by both guesswork and by brute force, but at the same time is easy for you to remember.
Avoid using single dictionary words, names or birthdays (especially those of family members or pets). One approach is to think of a phrase you can easily remember such as a line from a song. Take the first letter from each word to form a password, and then change some letters to similarly-shaped special characters. You can use the entire phrase, but the novelty soon wears off when you're typing it in for the tenth time in a morning. - Australian Standard AS 17799 recommends passwords be at least eight characters and contain a mix of characters and case. Hence "Mary Mary quite contrary, how does your garden grow?" might become "MMq<,hdygg?".
- The value of a strong password is reduced if you don't log out or at least engage a screen saver lock when you're away from your computer. Those carrying out the majority of security breaches tend to have physical access to systems.
- Once you do come up with a memorable password, don't write it down on a Post-It note that lives under your screen or the keyboard, or anywhere else for that matter.
Keep in mind that while social engineering attacks (such as "this is Jim from IT, we're resetting all the passwords so I need to know your password, please" or bogus surveys), while not widespread in Australia, can still pose a risk. Remember, you might not know what the questioner already knows or will later be able to find out about you. - Change passwords regularly. Intervals of six to 12 weeks balance the inconvenience against potential exposure to threat. Make a note in your PDA or organiser of the dates on which you should attend to this. Bear in mind that other passwords (such as voicemail) are also valuable and staff should also be making efforts to keep them secure.
- Lastly, if you have been given a security token for two-factor authentication never let anyone else use it.
