26 THE DISTRIBUTOR’S LINK Don Conant Don Conant is the General Manager of Valley Nut and Bolt Company, Inc. in Olympia, Washington. The company is a fastener distributor and steel products manufacturer servicing the Pacific Northwest since 1969. Don is also Assistant Professor and Director of the MBA Program at Saint Martin’s University in Lacey, Washington. He earned his Master’s Degree in Business Administration from Saint Martin’s and his Ph.D. in Leadership Studies from Gonzaga University in Spokane, Washington. FASTENER DISTRIBUTORS NEED A PASSWORD MANAGEMENT POLICY On December 19, 2013 Target announced that hackers had breached their network stealing information from 40 million credit and debit cards. The market reacted by avoiding the retail chain during the holiday shopping season. Target posted a 46 percent drop in fourth quarter earnings compared to the previous year. The hackers gained access to the Target network through an HVAC subcontractor that had been granted access to the Target network to facilitate electronic billing, contract submission, and project management. Hackers often begin their attacks on large systems by attacking smaller vendors whose IT system security policies are lax. Every organization, large or small, needs to develop a reliable and sustainable IT security system. A password management policy is the starting point for any IT security system. In a connected environment, passwords serve as the gatekeepers. In this article I will summarize some of the best practices small businesses can implement to ensure their password management policy limits access to authorized personnel only. I will summarize the conflicting expectations that exist between system users and system managers, provide some best practices for password management, and make a few suggestions for policy implementation. Conflicting Expectations A National Institute of Standards and Technology (NIST) report on password management behaviors referred to the conflict between the expectations of users and system administrators with regard to password management policies. Users want passwords to be easy to remember, they want to use the same password across multiple systems, and they don’t want to have to change their passwords. On the other hand, system administrators want long passwords that use CONTRIBUTOR ARTICLE upper and lower case letters, numbers, and special characters; they want a different password for each system; and they want users to change their passwords frequently. Companies that disregard the recommendations of system administrators significantly increase their chances of experiencing a security breach. However, companies that ignore the expectations of users may drive frustrated users to write down passwords and hide them near their workstation or cause users to waste time resetting forgotten passwords. Is it reasonable to expect users to recall from memory multiple complex passwords that change without repetition two or three times a year? Users might be able to remember a few complex passwords that they use regularly, but what about passwords that are used infrequently? Best Practices There are no simple or complete solutions to this problem. Some companies allow users to password protect their computer and then let their web browser store and manage their passwords. Unfortunately, web browsers are made primarily for web browsing, not for password security. Other companies employ software specifically written to store and manage passwords securely. Both of these approaches share similar vulnerabilities. They both put all of your passwords in one place and use a password to control access. As with many problems, every solution involves a tradeoff. There are solutions that are better than others at satisfying the expectations of users and system administrators. I will focus on six practices that, if followed, will improve the security of most systems. These practices are training, strong passwords, unique passwords, changing passwords, keeping passwords secret, and intruder lockout features. CONTINUED ON PAGE 134
76 THE DISTRIBUTOR’S LINK HUDSON
80 THE DISTRIBUTOR’S LINK YANKEE
84 THE DISTRIBUTOR’S LINK SOUTHEA
86 THE DISTRIBUTOR’S LINK J.W. Wi
PWFA CONNECTION RECEPTION - ROCK BO
94 THE DISTRIBUTOR’S LINK NAW INS
JJJ FASTENER DRILLING CO. 259 Dexte
BAY SUPPLY 30 Banfi Plaza North, Fa
102 THE DISTRIBUTOR’S LINK SOUTHE
106 THE DISTRIBUTOR’S LINK NORTH
THE DISTRIBUTOR’S LINK 109
Perfect Lock Bolt America, Inc. int
114 THE DISTRIBUTOR’S LINK BENGT
THE DISTRIBUTOR’S LINK 117
THE DISTRIBUTOR’S LINK 119 NEFDA
SEFA ANNUAL SPRING TABLETOP SHOW NA
124 THE DISTRIBUTOR’S LINK GUY AV
126 THE DISTRIBUTOR’S LINK NATION
THE DISTRIBUTOR’S LINK 129
THE DISTRIBUTOR’S LINK 131
136 THE DISTRIBUTOR’S LINK MID-WE
138 THE DISTRIBUTOR’S LINK DENNIS
146 THE DISTRIBUTOR’S LINK CARMEN
148 THE DISTRIBUTOR’S LINK BART B
150 THE DISTRIBUTOR’S LINK ANTHON
152 THE DISTRIBUTOR’S LINK SPIROL
THE DISTRIBUTOR’S LINK 155 Weeks
SFA 2015 SPRING CONFERENCE SANTA FE
THE DISTRIBUTOR’S LINK 159 FASTEN
THE DISTRIBUTOR’S LINK 161 LAUREN
THE DISTRIBUTOR’S LINK 163
166 THE DISTRIBUTOR’S LINK SEFA N
168 THE DISTRIBUTOR’S LINK CARMEN
170 THE DISTRIBUTOR’S LINK JOE DY
172 THE DISTRIBUTOR’S LINK YANKEE
THE DISTRIBUTOR’S LINK 175
THE DISTRIBUTOR’S LINK 177 GLOBAL
180 THE DISTRIBUTOR’S LINK Cresce
PWFA SPRING CONFERENCE & TABLETOP S
SEFA ANNUAL SPRING MEETING NASHVILL
SEFA ANNUAL SPRING MEETING NASHVILL
192 THE DISTRIBUTOR’S LINK MID-WE
196 THE DISTRIBUTOR’S LINK D THE
200 THE DISTRIBUTOR’S LINK S SCRE
Loading...
Loading...
Loading...
SHARE A PAGE FROM THIS MAGAZINE OPTION 1: Click on the share tab above, or OPTION 2: Click on the icon (far right of toolbar) and then click on the icon (top right of the page). |
Copyright © Distributor's Link, Inc. All Rights Reserved | Privacy Policy