Official TEKConn Blog

Learning from the IT mistakes of others

Using separate passwords for personal and business email and Web accounts is a good way to protect against various cyber threats.

Using separate passwords for personal and business email and Web accounts is a good way to protect against various cyber threats.

In the last year there have been several high-profile hacks making headlines and causing companies more than a few migraines. From Sony to Yahoo, Gmail to NVIDIA, LinkedIn to E-Harmony, some of the biggest businesses around have proven that anyone can be vulnerable to cyber threats these days.

Hackers are getting more and more ruthless – afterall, who targets a site where people are just trying to get a date? In light of these malicious miscreants' attacks on residents of the World Wide Web, TechRepublic ran an article highlighting several lessons we can learn from such incidents of cyber warfare.

Today, we're going to focus on two that should be high on the priority lists of businesses everywhere. The first is a familiar topic: passwords. Companies must be more vigilant than they've ever been when it comes to employee passwords. Start by enacting a policy that prohibits the linking of personal email or other Web accounts to work email addresses.

Here's a scenario that organizations have recently been hit hard with. It starts with an employee that has a personal email account – let's say through Gmail. Then Gmail gets hacked and hundreds of thousands of user accounts are compromised. That individual linked his private and business addresses, and now he is opening messages containing malicious content at work, exposing the business network to all kinds of threats.

So, to avoid this, keep personal and work accounts separate, which includes using different passwords for each, and encourage employees to change those passwords regularly.

The second item is a commonly overlooked one. Technology audits are an essential part of keeping IT assets up to date, secure and productive. They should be conducted periodically to make sure that no software upgrades, new installations or user preference changes have nullified critical security measures. Sometimes individuals make changes on purpose. Other times, they do it without even knowing. But, with managed IT support, costly mistakes can be recognized and rectified before they do too much damage.