Digital Security
Passwords: I have known for a long time that passwords such as "password" or "123456" are next to useless for protecting your stuff online. However, I really struggle to think up new passwords every month for apps which require updating this frequently (usually work apps), and I can't cope with more than 2 or 3 passwords on the go at once - they just all become a blur.
I did a check of some of my passwords and discovered that some can be decoded within 2 hours. However, add a couple of cunning symbols or bits of punctuation somewhere in there and it'll take 200 years to crack. I will bear in mind the suggestion of using the first letters of an easy to remember phrase or piece of poetry for future password changes.
I have now discovered the password management app, and am trying out Dashlane to see if it will help me avoid forgetting which variation of which password I may be using, or at least remember it for me.
With regard to permissions, again I already had a rudimentary understanding of this, as often when I download apps I am asked what permissions I will give. However, I have never monitored, checked, or reviewed permissions, and now I am equipped to do this through app settings with a minimum of difficulty. I was a little surprised how many apps have free access to my camera, photographs, and address book, and will review whether I need them all - and also have never considered that when apps are updated the permissions may revert to default - although I was aware of press reports that facebook often makes changes to its format which often results in changes to permission settings.
Questionnaires, there are many of them on the net. I don't think I have ever been asked potential password data in a questionnaire, but on reflection there are lots of questionnaires, which do ask personal questions, and it is common to be asked for identifying information, especially when entering competitions.
As a social worker in Adult Care I am aware of many people who have been scammed on the internet, whether through the notorious Nigerian prince who has fallen on hard times and needs some serious cash wired through to his personal account, to much more elaborate "mirror" websites which have succeeded in accessing and emptying the bank accounts of some of their victims. Anybody who assumes they can outwit all of these sometimes elaborate scams does so at their peril.
In addition to the precautions I have learned in this session, with regard to my personal use, I use a specific banking protection app to protect my financial transactions, as well as a firewall and antivirus software which come with my broadband provision.
With regard to work, the secure transmission of information is a hot topic. Although I am employed by a Health and Social Care Partnership, we are still not allowed to share client / patient information between Health and Local Authority servers due to security concerns. The Royal Mail remains the (expensive and slow) transmission method of choice. Alternative approaches we have used to date have included encrypting data, and allowing some staff to use both servers. The actual solution is probably to introduce a shared partnership server, but whether this can happen in the forseeable future under current budget constraints is questionable. The fact that there is so much concern around the risks of sharing information, even across secure gcsx emails, (along with some shocking and well publicised examples of hacking of NHS, banks, and broadband providers) suggests statutory services amongst others are still a long way from being as secure as we need to be.
Personally, I would never use a public server in a shopping centre or airport for instance, to access work data over wifi. Instead I use my own or mobile phone as a wifi hotspot, or a work location, or a private home wifi. I feel this is an area our IT department should be investigating further.
I did a check of some of my passwords and discovered that some can be decoded within 2 hours. However, add a couple of cunning symbols or bits of punctuation somewhere in there and it'll take 200 years to crack. I will bear in mind the suggestion of using the first letters of an easy to remember phrase or piece of poetry for future password changes.
I have now discovered the password management app, and am trying out Dashlane to see if it will help me avoid forgetting which variation of which password I may be using, or at least remember it for me.
With regard to permissions, again I already had a rudimentary understanding of this, as often when I download apps I am asked what permissions I will give. However, I have never monitored, checked, or reviewed permissions, and now I am equipped to do this through app settings with a minimum of difficulty. I was a little surprised how many apps have free access to my camera, photographs, and address book, and will review whether I need them all - and also have never considered that when apps are updated the permissions may revert to default - although I was aware of press reports that facebook often makes changes to its format which often results in changes to permission settings.
Questionnaires, there are many of them on the net. I don't think I have ever been asked potential password data in a questionnaire, but on reflection there are lots of questionnaires, which do ask personal questions, and it is common to be asked for identifying information, especially when entering competitions.
As a social worker in Adult Care I am aware of many people who have been scammed on the internet, whether through the notorious Nigerian prince who has fallen on hard times and needs some serious cash wired through to his personal account, to much more elaborate "mirror" websites which have succeeded in accessing and emptying the bank accounts of some of their victims. Anybody who assumes they can outwit all of these sometimes elaborate scams does so at their peril.
In addition to the precautions I have learned in this session, with regard to my personal use, I use a specific banking protection app to protect my financial transactions, as well as a firewall and antivirus software which come with my broadband provision.
With regard to work, the secure transmission of information is a hot topic. Although I am employed by a Health and Social Care Partnership, we are still not allowed to share client / patient information between Health and Local Authority servers due to security concerns. The Royal Mail remains the (expensive and slow) transmission method of choice. Alternative approaches we have used to date have included encrypting data, and allowing some staff to use both servers. The actual solution is probably to introduce a shared partnership server, but whether this can happen in the forseeable future under current budget constraints is questionable. The fact that there is so much concern around the risks of sharing information, even across secure gcsx emails, (along with some shocking and well publicised examples of hacking of NHS, banks, and broadband providers) suggests statutory services amongst others are still a long way from being as secure as we need to be.
Personally, I would never use a public server in a shopping centre or airport for instance, to access work data over wifi. Instead I use my own or mobile phone as a wifi hotspot, or a work location, or a private home wifi. I feel this is an area our IT department should be investigating further.
Comments
Post a Comment