Cybersecurity is the new “it topic” at compliance CLE conferences. It’s a nice break from the drone of the latest Foreign Corrupt Practices Act fines or the number of deferred prosecution agreements. Our firm receives numerous requests for cybersecurity best practices or what an appropriate policy should look like. We usually joke that the first step is to use caution when hooking free souvenir USB drives to your company network. After the latest breach involving Target and our friends in Washington proposing new legislation, we thought we’d better get serious (and regular readers of this column know that’s not easy) about cybersecurity.
1. Express Yourself With a Passphrase
First, a lesson in hacking terminology. “Brute forcing” is a method in which a computer “guesses” a password. That is, it first generates a random password such as “aaaaaaaa,” encrypts it and compares that encrypted password with the stolen password. If it matches, then the stolen password is discovered. If it does not match, the computer tries another password, such as “aaaaaaab,” encrypts it, compares, ad infinitum. It is called brute forcing because it requires a lot of processing power to generate all those combinations. Modern computers are able to make a billion such attempts per minute, with that number increasing each time computers become more efficient. Passwords that are eight or even 10 characters long may be compromised within a few minutes or hours.
A simple data protection measure companies can implement involves switching to passphrases instead of passwords. Passphrases are passwords made of three or more words. For example, a simple passphrase such as “LSUHasTheBestCollegeFootballTeam!” would be much more difficult to brute force than even an intimidating looking password as “F|^s3TQr@.” This is because the passphrase has 32 characters instead of 10, and passphrases are also easier to remember. Another tip: use pronouns and stay away from verbs and articles, because there are far fewer verbs and articles than pronouns—which means these are more vulnerable to guessing.
2. Don’t Use an Unsecure Cloud
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]