Hackers and data thieves are increasingly focusing their efforts on small business according to an article in Business Week. Criminals are enticed by how easy it is to break into the often woefully under-secured networks of smaller companies.

There’s no doubt that small business are the low hanging fruit in the hacking world. The article cites a 2007 study by Visa which found that 57% of small companies don’t think they need a formal plan to secure their data, and 61% say they’ve never sought information on properly protecting their files. A study by software security firm Webroot found the similarly worrisome statistic that 75 percent of companies with fewer than 1,000 computers have an IT staff of less than 10, meaning that security concerns fall on the shoulders of an already busy group.

The Business Week article talks about some highly practical and effective strategies that small businesses can take to shore up their security issues. Author Eve Tamincioglu advises firms without an IT staff to hire a consulting firm to deal with issues. Even those with IT staff need to look to make serious investments in firewall hardware and software.

But as Tamincioglu points out, the biggest part of fixing security is more subtle than hardware. It’s about educating your employees. The article focuses specifically on how to prevent phishing attacks and teaching people about the dangers of unencrypted wireless networks, but leaves out an arguably equally important issue, too simple passwords. Though most larger businesses have policies that require strong, frequently changed passwords, smaller businesses often don’t require this same level of rigor.

A strong password is generally at least 7 characters long and made up of a completely random string of letters and numbers. Of course the problem with strong passwords is they’re incredibly hard to remember, which causes users to write them down or save them to a computer, especially if they have to juggle more than one, compromising the whole point of a password in the first place. There are lots of password managerment programs that try to deal with this issue, but they require either working on a single computer, carrying around a usb stick with the program installed on it, or uploading password information to third party web-servers, all less than ideal solutions.

Which is why I’ve been really happy to stumble across Password Maker,a password manager that uses a bit of mathematical magic to solve the issue. The program allows you to generate a strong password using a master password and a key phrase like “email,” “work computer,” or even urls. The algorithm behind Password Maker will always generate the same password when fed the same information. The result is that you only have to remember your master password and the key phrase associated with each login. And since there’s a web-based version of the program you can use it even when installing software isn’t an option. A real great solution for the password problem both on a business and personal level.

No related posts.