And forget daily anti-virus updates, claims security firm
Published: 3 October 2003 09:52 GMT
Activating a password-protected screensaver on users' desktops can provide more protection from unauthorised access than strong network login passwords, according to security firm TruSecure.
The company claims organisations are wasting money on expensive security measures and procedures that can actually increase vulnerability to attackers instead of reducing it.
Jay Heiser, chief analyst at TruSecure, told ZDNet UK that most unauthorised access occurs inside an organisation because users leave their desktops unattended and unprotected.
"When someone sits down at a logged-in terminal they are able to rifle through that user's files and send or read their email. Screen-locking - activating a password-protected screensaver - is one of the most effective things you can do internally," he said.
Heiser said that when users are given long and complicated passwords, they are more likely to write them down. "They are going to write them down on Post-it notes next to their monitor or stick them under the keyboard," he said.
Research has found that companies are hit hard in the pocket when their employees forget their passwords and call the corporate helpdesk. Earlier this year, analyst group Meta calculated that each of these calls costs the company approximately $25.
According to Heiser, regardless of whether passwords are complex or simple, there are lots of tools available on the web that can crack them. A better policy is to use a hardware device, such as a token or smartcard to reinforce access rights.
He said: "You always know if your hardware has been stolen but you don't know if your password has been stolen."
Heiser also dismissed the practice of updating anti-virus signatures every day because it is a reactive action rather than a proactive one.
"There is not a huge difference in updating anti-virus signatures on a daily basis and on a monthly basis. Antivirus software is a band-aid - it isn't worth spending large amounts of time and effort optimising it because there are other ways to reduce risk for a lower cost," he said.
Munir Kotadia writes for ZDNet UK
Diagnose and resolve system issues • Monitor and track issues • Stand-in for 1st line support when required Skills and Competencies for ...
Microsoft Windows Server OS, 2000 onwards* Microsoft Windows Desktop OS, 2000 onwards* Microsoft Active Directory* Administration of managed ...
The ideal candidate will have experience of: o Previous IT support - 2nd Line - Desktop Support Skills at a Legal firm o Expertise in working with ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy