Sara Edlington

Freelance Technology Content Writer

Uncategorised

by

A different approach to password security

My name is Sara, and I suffer from password overload. And I have a feeling your staff does too. It’s a security nightmare in the making.

So, what can we do? How about a counter-intuitive approach – use fewer passwords.

Less is more

A report from the Centre for the Protection of National Infrastructure and CESG (National Technical Authority for Information Assurance) suggests they’re only used where they’re needed.

Other options to replace passwords include single sign-on, password synchronisation, biometrics, or hardware tokens. These might cost more, but they mean your system is more secure as you’re less at risk of a password being compromised.

And when you do use them, then the report says: “The important thing is that your organisation provides a sanctioned mechanism to help users manage passwords, as this will deter users from adopting insecure ‘hidden’ methods to manage password overload.”

The report suggests using password managers or something physical like a secure cabinet. If that sounds a bit daft, let me tell you a quick story.

Old school style security for modern problems

A small company I worked with stored their admin passwords in a wall safe. In a pre-password era, someone had attempted to get into this safe using an acetylene torch. The thieves went away empty-handed because the safe’s door was so thick that even the acetylene torch couldn’t get through it.

This worked. The two staff members who had access to the safe would get the password they needed, enter it, then put it back in the safe. So yes, it relied on them being conscientious about returning the passwords to the safe. But most importantly, this system worked for this company.

And that’s one key to password success, a system that works for your staff. Password overload is a human problem, and it needs a human solution that is easy to use.  

The safe story also raises two more points about passwords. First, the more difficult it is to get to your passwords, the better. Only the most ultra-determined hacker is going to spend hours of their time trying to get hold of them. They like to phish in more accessible pools.

The second point is that they can’t hack passwords if they’re stored in, say, a safe or off your connected network. Unless they physically go to the location and rob the safe or get into the remote machine.

But how do you help your staff deal with password overload? I’ll have a look at a few ideas next post.

If you need marketing or learning content on passwords or cybersecurity issues, I can help.

by

Don’t make me think (about cyber security)

“Nope. I haven’t enough head-space to deal with all that.”

My friend Carol hasd asked if I could help ‘super secure’ her social media accounts.

‘Strong password, a phrase that would only mean something to you. Two-factor authentication through an app and biometrically lock the app’ were my suggestions.

She sighed. ‘What I really want is something I don’t have to think about.’

The problem with cyber security

And that, in one sentence, is one of the problems we have with cyber security. It can be too complicated.

In fact, you don’t want to think about it. Because you’ve a million other things you have to think about and one more thing will probably trip a circuit somewhere.

And your staff are the same. What can we do to make things a little bit easier?

It’s automatic now

One way is to make it automatic. Like locking your front door as you leave the house.  

The first few times you leave your new house, you’re extra careful about locking that door.

After that, you know the routine and follow it without thinking. Then when something out of the ordinary happens, the door doesn’t make the usual clicking sound when it’s locked, it gets your attention.

The same goes with cyber security routines. If you keep repeating the same email checking routine, you’re more likely to pick up something that’s not quite right in a phishing email.

It’s not fool-proof, because we all leave the door unlocked occasionally, but it helps.

The same old (cyber security) routine

For this to work, you need to learn what you need to do, then create a routine until it becomes a habit.

‘Sticky’ training (active engagement, using emotions, linking to what you already know, and so on) is good because it helps keep what you’ve learned in front of your mind.

Then it’s down to you. And for that, you need a bit of positive motivation. What’s in it for me?

For example, if you’re training staff in checking for phishing emails, they can also use this knowledge at home. They’re now helping protect the company and themselves and their family.

With the right motivation, you keep going until you no longer need to go through it step-by-step each time.

Then one day you spot an email that turns out to be a sophisticated phishing one, and you’ve saved yourself (or your company) a lot of problems.

And that keeps your headspace free for more enjoyable things.

Do you need help with your cyber security training?

I’m a specialist technology training writer, here’s…

How I can help you

by

Back to the blog

Hello, again!

After a break and a re-think about how I want to take this blog forwards, I’ll be back blogging again on a regular basis.

I’ve decided to focus this blog on where my specialisms and skills meet.

If you’ve arrived on this page directly a quick re-cap. I create and write marketing and training content and scripts on security tech, cyber security, and enterprise software.

So, you can expect to see content on marketing security tech and also about how to teach and train your staff practical security skills.