Five quick tips for improving security in your office

We take security very seriously at Urban Insight. A focus on security is an important part of everything we do, from development to day-to-day work flow. But security isn’t just about correctly configuring firewalls and ensuring you have the latest service pack installed. It’s also about having a secure work flow around the office.

Here are some quick tips that we use around our office to ensure we all start work with a secure base:

Tip 1: Use a master password in your browser

Most browsers allow you save usernames and passwords for web sites. This is a really handy feature as most of us have too many logins to remember, but it also means that your browser contains a treasure trove of login information for your online identify, from Facebook to your bank’s online branch. If your laptop was ever stolen, these passwords would be easy for the thief to find.

Some browsers (Firefox and Opera at least) include a master password feature. Essentially this is a single password you must type in the first time you start up Firefox and go to a page where you have “remembered” login information. If you don’t know the master password you can’t get to treasure trove of login information contained inside your browser.

Tip 2: Use an encrypted file share for confidential documents

If you need to store really sensitive information use an encrypted shared with TrueCrypt. TrueCrypt is an open-source program that lets you create a special secure storage space in the form of a single file. The cool thing about TrueCrypt is that it turns this single file into what looks like an external drive to your PC (so it appears in My Computer just like a thumb stick would).

But that single file has its own is security, so you can back it up and share it in Dropbox without worrying about exposing what is inside. Unless you know the password, you can’t do anything with the file.

Tip 3: Store your password in a text file in your encrypted share

Using the share you setup from tip 3, create a text file inside this share for all or your login information. Instead of yellow stickies or an old, wrinkled piece of paper use this file to keep all or your password safe.

Tip 4: When you send a password by email send two emails

When you need to send the login information for a low priority account in an email try using two emails instead of one. Use your first email to include information on the account, the username, login URL, and any other relevant information. But for the password say “See next email.”
In that second email include a simple subject that does not mention “password” and include the password in the body of the email.

Tip 5: Make your passwords secure

A common method of compromising a system is gaining access to at a weak point and escalating your access inside of the system over time. Think about all of your own accounts across your daily life: They form into a system of its own. Your personal email account is where forgot passwords link go from your bank or credit card. You probably share passwords between your personal accounts and your work accounts. A flaw in one password could put your entire online identify – and all that it touches – at risk.

Therefore, even one simple password for one account could put your others at risk in unintended ways. Try to always use strong, complex passwords when creating accounts, no matter how trivial you think the account may be.