Category Archives: Passwords

  • -

IT Security Explained: Protect Your Websites for Customer’s Sake!

Tags : 

Have you set up a company and launched your new website to represent your brand and connect with customers? Have you recently decided to upgrade your existing site with new content and functionality? Perhaps you’ve added an online store or given your customers the ability to access their records or transactions with your Buisness. Not a business, but a social membership organisation using your website to collect fees and members’ information?

If any of these apply to you, please read on.

Owning a business website is not quite as simple as it seems, I’m afraid. By law (as referenced below), we now have to give serious attention to online customer protection. Businesses and Organizations have obligations and when something goes wrong with online data security online, ignorance is no longer an acceptable excuse.

Here are 10 questions you need to consider about your website.

1) What information will I collect from customers and why?
2) Do I need all of the information I am collecting?
3) Will this information actually be used or am I collecting it just in case I decide to use it later?
4) What legal obligations do I have when collecting and storing this information from and/or about my customers?
5) What is the impact to my business if this information was stolen?
6) What is the impact to me personally if this information is stolen?
7) What security measures will be in place to protect both my customer’s information and my business from legal action in the event that this data is stolen?
8) How long can I afford for my business website to be unavailable?
9) What will the impact be on my business if my website is turned into a site selling Viagra (for example)?
10) What will the impact be on my businesses reputation if my website is infiltrated and turned into an attack site, injecting a virus on to every customers computer who visit’s my site?

Can you really afford to develop a business website but then not giving all due diligence to the associated security issues?

IT Security does not have to be as expensive as you may have imagined. The introduction of a few security standards can go a long way and does not have to cost you an arm and a leg. It is well worth budgeting a rigorous and expert security review as part of your website development costs, especially when the costs of not doing so can end up being very significant indeed.

Key information about your responsibilities can be found from the Information Commissioner Office here

Thanks to Gary Sharpe for his editorial assistance.

  • -
Personal IT Security

“Two Step Authentication” What it is and Why You Need It.

Tags : 

In two decades plus as an IT security expert, it has been apparent to me that when technical people begin to explain IT security issues to business executives, glazed expressions sweep through the room like a Mexican wave if technical terms are used. So the purpose of this “IT Security Explained” series, which began with my article on “Phishing”, is to remove these mysteries behind the IT Security jargon and ultimately to aid businesses in becoming more aware of the dangers as well as to help businesses help themselves.

We tend to forget during the internal battles for budgets and resources that without the Business there would be no IT or IT Security needs and without IT and IT Security there may not be a business left to manage. The key to unlocking IT Security is better internal communication and realizing that IT is integral to business, while it is the business whom IT departments are there to serve.

Speaking of keys, that’s the theme of this, my second post in this series. Here we consider something called “Two Factor Authentication”. I will now explain what this actually is and why you should be using it.

Imagine a building which contains something of high value, something to be protected. We could lock the door with a key or we could lock the door with a combination lock. To be really secure we would have both types of lock, so that to enter the building we need both a physical key and the passcode.

Two Factor Authentication is the digital equivalent of the case of having both locks on the door – but with one vital difference: the passcode on the combination lock changes every few seconds! Imagine now to get into the building, we have to have both the key (password) and the one time code for the combination lock.


So with standard authentication, to access an online account we just need a key (the password), but with Two Step Authentication, we need both the key and the one-time only passcode.

Most of the bigger companies provide “Two Factor Authentication” for free and you may already be using it. Gmail, LinkedIn, Facebook, Twitter all have this as an option and if you are using these for business you really should have this protection turned on. These work by sending the passcode via SMS/Text message direct to your mobile phone or via an App installed on your phone, after you’ve entered your password. Receiving passcodes via SMS/Text message can also be useful as an alerting system, because if someone steals your password and then tries to access your account, this will trigger a passcode to still be sent to your phone. Therefore you immediately know if your password has been compromised. If you receive a code when you are not expecting it, you know you need to change your password, not just on the account which alerted you, but on all and every online account for which you use the same password.

Many accounts accessed can also be integrated with the Google Authenticator app, which can be found at



This is app is worth serious consideration, if you are not using it already.

For some online banking systems, you might be provided an individual app which works similarly to Google Authenticator or even provided with a small physical device which usually looks similar to a small calculator or a key fob with a digital screen which displays the passcode.

Thanks to Gary Sharpe for his editorial assistance.