Passwords Phishing

Remember a time when a fishing rod, some bait, and a lake was all that was needed for a quiet afternoon of relaxation and fun. Today, we need to deal with a different kind of “phishing”. This phishing has gone wild in the digital world and has become the preferred method by the bad guys in obtaining easy access to your corporate email platform. Access to a wealth of desirable information that includes transactional information, wire-transfer directions, and personal identifiable information (PII) of your Agents, Staff and Customers. The question becomes, “How can I protect my brokerage from becoming a victim of phishing scams?” Unfortunately, there isn’t a single easy answer. It is difficult and must include layers of defenses to surround your pond. There is a four-layer approach to setting “No Trespassing” signs around your pond. This approach includes: Unique Passwords Multi Factor Authentication Preventive Layer of Defense Education Passwords The easiest place to build defense around your pond is to have a policy and technology in place to ensure people have a strong, unique password. The length, quality, and uniqueness of a password are elements to consider when protecting your pond. The length of a password is simple, the longer the better. Twelve characters or more goes a long way in preventing the bad people from using computers to harvest a password. Password quality is a password which must contain upper and lower-case letters, at least one number, and a special character. Today, Bill Burr, the author of a 2003 official guidance to password security by the National Institute of Stands and Technology (NIST), insists that the use of complicated and forgettable passwords is a flawed policy. In June 2017, NIST released an update version of SP800-63b and it explicitly states the complexity of the password must be easily memorized by the subscriber. In the summary of Appendix “A” of SP800-63b, it states: “Length and complexity requirements beyond those recommended here, significantly increase the difficulty of memorized secrets and increase user frustration. As a result, users often work around these restrictions in a way that is counterproductive.” Bill Burr recommends a good password should be a combination of four words that do not relate to each other, example… bizzzzarePoodle747giant. This password is a combination of words and numbers which are only relevant to user and are easy to memorize. Uniqueness of a password for a system is critical. […]