Security in HVAC


www.heatingandventilating.net


Still too careless with passwords


Matt Rhodes of Quiss Technology explores the cyber security risks involved for business, including those involved in HVAC, and advises on what constitutes good password practice


W


ith so much publicity given to serious data breaches and the devastating effect a hacked password can have for individuals


and businesses, the National Cyber Security Centre (NCSC) is currently warning about COVID-19 related phishing scams and the risk of ransomware attacks.


Safety from phishing attacks Phishing uses a personally addressed email that


typically requires a little social engineering on the part of the criminals so they can appear as trustworthy as possible.


Personal social media channels or the target organisation’s website will contain most of the information criminals need, like friends and colleagues’ names, birthdays, office locations, etc. This easily found information allows them to create emails that closely imitate communications from sources known to the target.


Phishing emails regularly request the recipient to confirm account details, check an order or delivery iinstructions, or even prov id


t ti d


users to a fake website, telling them they need to change their password, provide network log-in


Lack of understanding shocking Change your passwords vide passwords, or re-direct di t


to attack a target and analyse the response until it succeeds, or fails often through lack of time.


The most common example of a brute-force attack uses a password dictionary, containing millions of words and numbers that can be tried in combinations to discover the correct password, which can take minutes, hours, days or even years – the programme has enough patience.


The hacker is not sitting at their laptop manually entering details, this is now an effective organised criminal activity, which runs to the root of the problem, password security.


An NCSC breach analysis found 23.2 million hacked accounts of victims worldwide used 123456 as the password, which is unlikely to take a sophisticated hacking app long to ‘guess’.


Good password practices


Consider these pointers to increasing your password hygiene and that of those you work with; like vaccinations herd immunity is important. Whilst there are many ways to create secure passwords, here are a few of the simpler ways of reducing the risk of a damaging hack:


Whil t th W t t secure


favourite books, foreign words, top brands, pets etc., so it looks something like: MercedesBinkyRojoDaVinci The NCSC recommends using at least three words, but remember the more you can use and the more random the combination, the better protected you are. And don’t forget, you can


make it even harder to crack with


a few random characters inserted into your combo, perhaps numbers or punctuation between the words or within them, but make it something you’ll remember.


Two-factor authentication - technology is quickly adopting two-factor authentication (2FA) and multi- factor authentication (MFA) to improve security, requiring something in addition to your password, like a code sent to your phone, biometrics (fingerprint, eye scan, etc.), or physical interaction with a keypad. The problem with passwords is by wanting to recall them quickly, people make them simple to remember and then use the same one, or a slight variation, for


Th bl ith passwords is by wanting to recall passwords is by wanting to recall d i b ti t ll


22


May 2020


www.heatingandventilating.net


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36