THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Don’t Sacrifice Safety for Convenience
Kent E., Director of Communication & Information Systems, Dona Ana County
Just like any other profession, cyber criminals are continuously perfecting their craft and also collaborating with each other to create new methods of penetration and infiltration. Companies have deployed smart hardware and software to protect their assets and employees.
Outside of work, are you taking precautions to protect access to personal, health and financial information? It may be convenient to designate personal devices to skip multi-factor authentication or store passwords for applications to enable quicker logins, but make sure you understand the risks if your device is compromised, lost, or stolen.
Password Protection
Application passwords have minimum requirements for length, the use of upper/lower case letters, numbers and special characters. They also should not exist in the dictionary. Using special characters to replace vowels and numbers is a weak method for creating secure passwords because cracking software can easily reverse these patterns.
Increasing the length of a password exponentially increases its complexity making it harder to crack. For example, an eight-character password using randomly selected consonants, vowels and special characters would generate ~6.63 quadrillion combinations (958), while a ten-character password would generate ~60 quintillion combinations (9510). Modern computers can process around a billion guesses per second, so it would take about nineteen hundred years to crack the 10-character password using a brute-force attack.
“Making account logins convenient for you also makes it easier for others to gain access.”
With the advances in quantum computing, the time to crack the same password drastically decreases to 2.45 seconds. Increasing the length to 20 characters would only take a quantum computer about 1.9 years. As technology continues to improve, the time it will take only gets shorter. Since random passwords are harder to remember, it’s better to use a long password, like a sentence, that meets the requirements above to strengthen security.
Device Protection
No matter what device you are using, there are precautions you can take to protect it from bad actors and unauthorized access.
• Make sure to use a complex pin code or pattern which is not easily guessed. If the device supports biometrics, fingerprints and facial recognition can be used to secure it.
• Some applications use device registration to restrict access to only those that have been authorized by the owner. This will prevent other devices from logging in without additional verification by the user.
• Where possible, encrypt the data on the device and store the key in a safe place. If the storage is compromised, the data will not be accessible without the encryption key.
• When using Bluetooth or hotspot connections, only allow trusted devices to pair or connect using a unique pin or password.
You also need to be aware of your surroundings while using any device. Cameras can record screens and capture the credentials used to access them. Utilize privacy filters to obscure screen content and sit with your back against a wall and away from the direct view of any cameras or people walking nearby.
Identity Protection
The power of Artificial Intelligence has enabled cyber criminals to easily impersonate the writing, likeness and voice of individuals. The use of social media has provided ample content to train these systems to produce realistic sound clips, images and videos.
To defend against these types of impersonation, you can use a unique greeting or signature to help validate your written communication. For verbal communication, use a safety word or phrase that has been communicated to your coworkers, family and friends in the event someone uses a deepfake to request funds or confidential information.
Minimizing Risk
There are actions you can take to help reduce your exposure to cyber-attacks and data theft.
• If you are allowing your browser to save passwords or using a password manager, make sure that access to that device or application has a very strong password.
• Enable multi-factor authentication so that additional verification is required to access your accounts.
• Never respond to authentication requests that you did not initiate and do not provide that information to anyone else.
• Don’t use the same password for every account and never write them down or store them in an open text file.
• Make sure that the answers to any challenge questions used for a password reset are not public information and have not been shared on social media. Instead of the real answer, use a false statement so it is not easily guessed or data mined by an AI application.
Remember, making account logins convenient for you also makes it easier for others to gain access.
Read Also
