September 22, 2020
Good morning, everyone!
|This week’s critical vulnerabilities: WordPress Sites Attacked in Their Millions – if you use the File Manager plugin, make certain your software has been updated! And CISA has issued a stern warning about critical Windows patches that should be installed immediately. Finally, Apple has released iOS 14 which fixes 11 critical flaws in earlier versions.|
A recent survey shows that “Incident Response Exercises Not Taken Seriously by Business Leaders” – and this is a problem! Register now for my September 29 work(fromhome)shop Adding "cyber" to your Disaster Recovery Plan
On a personal note, I have to say that Hurricane Sally left me worn out, so this newsletter will be brief. Hope you don’t mind. I’ll dump a lot more on you next week! :)
A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?
However, the problem with depending on password complexity is that computers are highly efficient at repeating tasks -- including guessing passwords. Last year, a record was set for a computer trying to generate every conceivable password. It achieved a rate faster than 100,000,000,000 guesses per second.
So what makes a good password?
- Longer is better. At least 12 characters, preferably 16 or more:
“with cloud-based technology, guessing an eight-character password can be achieved in as little as 12 minutes and cost as little as US$25”
- Think of pass phrases, not pass words. They are easier to remember, easier to type, and much longer:
- Play word games! Use your imagination! When you play password games with yourself, you engage both sides of your brain. That means better passwords that are easier to remember!
Remember, always use two-factor authentication (2FA) whenever and wherever it is available. That’s the best protection for your password.
Check out this website: https://haveibeenpwned.com – you can sign up to be alerted when your email address shows up in a password dump on the dark web, so you know where you need to go make changes.
The Feds say they are better than private industry
An analysis of data collected by the Cybersecurity and Infrastructure Security Agency shows civilian government agencies are doing better than private sector owners and operators of critical infrastructure when it comes to a major indicator of adherence to basic cybersecurity practices. “For the federal civilian executive branch, we’ve seen patching timeframes consistently hold at 15 days for critical vulnerabilities and 30 days for high,” said Boyden Rohner, associate director of vulnerability management at CISA. “However, outside of the federal civilian executive branch, in other critical infrastructures, the timeframes to patch have been largely longer.”
Seriously?! The federal government is faster and more efficient at something than private industry? If this is true, we need to up our game! Talk to your IT people to be sure that you are getting patches applied as quickly as possible.
Zoom Brings Two-Factor Authentication to All Users
Hooray! Go sign up now! 'Nuff said.
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺
Talk to you again soon!