In a recent research paper, Microsoft principal researcher Cormac Herley asserted that security measures that are being recommended are a waste of time. He argues that security protocols that attempt to protect an individual or organization from the consequences of a security breach often exact a much steeper price—in the form of user effort and time expended. While everyone knows that "123456" is not a good choice for a password, is it … [Read more...]
The Problem with Passwords
Last December, someone hacked into the Web site RockYou.com, and exposed a list of usernames and passwords on the Web, in plain text. A month later, security analysis firm Imperva analyzed the most common passwords. The results are eye-opening and should serve as a reminder to you and your staff about the importance of creating and using good passwords. By far, the most popular password on RockYou.com was "123456," which satisfies the minimum … [Read more...]
Consortium Works on Password Solution
Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton have formed a nonprofit company to oversee the development and exchange of online identity credentials on Web sites as a way to help with the user ID and password problems we all face. The goal of the Open Identity Exchange (OIX) is to create a “trust framework” and certification program that lets organizations and individuals exchange digital credentials and know what … [Read more...]
Protect Client Data
On September 1, 2009, Portland insurance agent Robert Spruill of Brooke Auto Insurance consented to a Cease and Desist order from the Oregon Department of Insurance. Spruill had not properly disposed of business records that contained sensitive client information. According to the order, “On or before April 28, 2009, Spruill discarded over 1,000 insurance business records and/or other documents related to insurance transactions of Brooke … [Read more...]
Agency Computer System Security Deters Thieves
I received this story from a college student and wanted to pass it along. "A week ago, an insurance agency office was burglarized and it appears that the burglars were looking only for personal data. They stole computer monitors, but left the CPUs and hard drives. But in the neighboring attorney's office, they stole the computers. Reason: The lawyers had not secured their data but the agency had a super tight security system… difficult … [Read more...]
New ACT Webinar
Protecting Independent Agent Clients with Secure Email Using TLS (Transport Layer Security) Protecting clients' and prospects' personal information is becoming an increasingly important issue. Most insurance agencies do not currently take any steps to protect or encrypt information that they send by email to a third party. Unsecured email and attachments are like sending an open postcard through the mail. State privacy, security, and data … [Read more...]
Encrypting Personal Data
The state of Massachusetts has passed a new law that goes into effect May 1, 2009, that requires businesses that “own, license, store, or maintain personal information” on customers to encrypt that data, especially on portable devices such as laptops. That responsibility is extended from the primary business to contractors, such as telemarketing firms, and it extends to transmissions on wireless devices such as BlackBerries. This law is more … [Read more...]
How Secure is Your Password?
People tend to choose passwords that are easy to remember. That can be very dangerous because it makes it easier for a hacker to break the password. The following passwords are most common. If you use one of these, change it immediately: Password, 123456, qwerty, abc123, letmein, monkey, myspace1, password1, link182, (your first name) … [Read more...]
