How Often Should Passwords Be Changed?
How old are your passwords? Almost half of the 2,000 U.S. and U.K. respondents in a TeleSign survey admitted they have not changed their passwords in five years. Even worse, more than 20 percent of them were using passwords that were more than 10 years old.
You likely will not get much argument that these passwords are too old. But how often should you and your employees change them? Surprisingly, this is a not an easy question to answer.
For many years, security experts recommended changing passwords frequently, usually every 30 to 120 days. However, a Microsoft study questioned that conventional wisdom — wisdom that even Microsoft product documentation touted for years.
The Microsoft study found that frequent mandatory password changes cost billions of dollars in lost productivity with little security payoff in return. Frequent password changes are not as effective nowadays because hackers have machines that can crack weak passwords in seconds. Once they have a password, it is doubtful that they will wait even a week before exploiting it. Thus, changing passwords every 30 to 120 days does little to increase security.
Requiring strong passwords, in addition to mandating frequent password changes, can even weaken security, as some chief information officers point out. Employees are becoming frustrated with having to constantly create and remember strong passwords. A Janrain studyrevealed that 38 percent of the 2,208 adults surveyed would rather scrub toilets and tackle other household chores than try to come up with yet another password. As a result, they might resort to using variations of old passwords, re-using the same password for multiple accounts, or writing down passwords.
While it is not a good idea to require frequent password changes, you should not go to the other extreme and never require them. You need to find a happy medium. The Information Technology Laboratory at the National Institute of Standards and Technology recommends that you set different password expiration policies for the different types of systems and software in your business. That way, you can have employees change their passwords more often for high-security systems and software and less often for low-security systems and software.
You also need to make sure that employees understand how risky it is to re-use the same password for multiple accounts. Hackers know that re-using passwords is a common practice, so when they crack the password for one account, they will try using it to access other accounts. Similarly, they will try opening other accounts with variations of that password.
Creating and remembering a unique strong password for each account can be challenging for employees, even when they do not need to change their passwords very often. Using a password management tool can make this task much easier for employees. They can have the password manager automatically create strong passwords. The password manager will also store those passwords so that employees do not have to remember them. Besides having happy employees, you can take comfort in knowing that your company's accounts are protected with unique strong passwords. It is a win-win situation for everyone, except hackers.
What Surveys Say about Moving to the Cloud
Cloud computing has surged in popularity. The 2015 Cloud Security Spotlight Report clearly makes this point. More than 70 percent of the 1,010 participants reported that they use or plan to use a cloud computing solution. Yet, some organizations are still apprehensive about using the cloud.
Common Concerns
Organizations hesitant about cloud computing are often concerned about:
- Security. Security is by far the biggest concern preventing organizations from embracing the cloud. They are afraid that their data will not be as safe in the cloud as it is in their on-premises systems.
- Lack of control. Some companies are leery they will lose control of their data if they move it to the cloud.
- Compatibility. Organizations fear that their applications will not be compatible with cloud computing solutions.
- Just a fad. Some companies view the cloud as just another fad. They believe that if they were to start using the cloud, their IT systems would become obsolete as soon as the next technological marvel comes around.
Discovering What's Right for Your Business
Fears about the cloud often come from misinformation and a lack of knowledge. Learning about cloud computing can help ease your apprehension.
The 2015 Computerworld Forecast survey reported that over 40 percent of the IT executives surveyed predict they will increase their spending on software as a service (SaaS) and a mix of public, private, hybrid, and community clouds.
Searching the Internet about cloud security is not as helpful. For every article or blog you find saying it is safe, you will find another one saying it is not. Talking with IT experts is a better course of action. You can discuss the security issues that pertain to your data and applications to determine whether using the cloud is a good fit for your business. They can help you decide on the best type of cloud options for your company and show you the best ways to keep your data safe and in your control.
IT experts can also find out if any of your applications are incompatible with the cloud. If that is the case, they can help you find a suitable replacement.
6 Reasons to Use Remote Monitoring to Keep an Eye on Your Systems
Many IT service providers use remote monitoring tools to gather information and send reports about their clients' computer systems. Almost anything can be monitored, from routers and firewalls to virus detection and email services.
Here are five benefits of using remote monitoring to keep an eye on your systems:
1. Reduce the Chances of Downtime
In order to operate smoothly, your company needs its computers up and running. If they stop working, you could end up losing a lot of money.
Remote monitoring can reduce the chances of such an event. Your service provider can set alerts that trigger when a problem starts to develop but before it impacts system performance. This early notification means the issue can be resolved before it develops into a crisis.
2. Respond to Problems Instantly
An IT service provider's remote monitoring team can protect your computers around-the-clock. This 24/7 service means that providing a solution to your tech troubles doesn't have to wait until the morning.
3. Handle Problems Anywhere
Because of remote monitoring, it doesn't matter where you are, where your systems are, or where your people are. A remote monitoring team can contact you, find out how you want a situation handled, and then take care of it for you.
This means that you don't even need to leave the comfort of your own home in order to take care of a problem. This aspect of remote monitoring is especially appealing to companies with facilities in distant or rural locations.
4. Track System Health
Remote monitoring collects system statistics over time. When viewing this data in monthly or quarterly reports, long-term trends can be identified, even before they reach levels that would trigger an alert.
Using these reports, you can address potential problems as they develop and prevent them from ever impacting your computer system. Trend analysis can also identify needs for system expansion and help with technology budgeting.
5. Monitor and Support Every Device You Use
Remote monitoring is comprehensive. Every device can be monitored and supported remotely, whether it's a server, a desktop, or a mobile device.
Additionally, a remote monitoring service can provide for automatic updates. Configuration files and other changes can automatically be deployed without users needing to take any action.
6. Have Support Staff That Show Rather than Tell
If one of your employees ever has a computer problem, an IT expert can use remote control tools to take control of the employee's desktop while they are watching. Remote control is different from remote monitoring, although the two are closely related. When it comes to IT support, remote control tools let technicians teach your employees about the issue at hand and explain to them how to address it in the future.
The Bottom Line
Businesses today rely on their computers. They need their IT infrastructure up and running at all times. They need to know about problems before they happen, and they need support regardless of their locations. Remote monitoring provides a cost-effective way for companies to fulfill these needs.