` – “The strongest password is the one you will never be able to remember unless you write it down. But if you write it down somewhere it’s much worse.” It is around this paradox that Corrado Giustozzi, an IT security expert, entrusts ` with a reasoning on how to protect our data and those of the company we work for from malicious intrusions by cybercriminals, as happened to a smartworking employee in the Region Lazio, a fact that started the hacker attack that in recent days has brought regional IT systems to their knees.
“Today private life and online working life tend to become increasingly confused, and the sudden adoption of smartworking due to the pandemic has accelerated this process, aggravating the precariousness of online security for people and companies”, explains Giustozzi, a former member of the Advisory group of the EU Cybersecurity Agency (Enisa), one of the leading experts in Italy when it comes to security.
No words of complete meaning or of our online life
Although nothing is completely safe from a well.trained cybercriminal, for Giustozzi there are still good practices to be adopted: “First of all, the password must always be long and must not contain a meaningful word in itself. Italian there are less than 800,000 entries, including inflected forms, and it takes a computer less than a fraction of a second to check them all “.
In any case, “it is necessary to use special characters, but without exaggerating because using 4.5 in a password, between dots and signs, it becomes difficult to memorize it”. If you really can’t help but use meaningful words, “choose at least two, always with special characters” and in any case “never words or names that can be easily traced back to us, such as the name of our wife or ours cat, it’s all information that can be easily found on social networks, now our whole life is online, and for someone who wants to violate our account, orchestrating an attempt to access with passwords linked to objects or people that affect our life is quite simple ” –
Change your password often
A password, however, is not forever. “It needs to be changed often, at least once or twice a year”, continues Giustozzi. “because in the dark web there are dumps with millions of passwords, maybe old ones, and if it is there and it is probably still good a cybercriminal could try it, access our accounts and maybe read our emails or empty our account”.
However, it is essential to never write them, anywhere: “If you write your passwords on a file or on a sheet and the file is stolen, there is no protection you can take”. A spreadsheet? “Better, but only if protected by a password. Nothing that an experienced criminal cannot violate, but at least it is protected by someone who can read our screen or access our computer”, explains the expert.
Apps that aggregate passwords
However, there are also applications that make the password safekeeping service: “Now there are thousands of them, I can’t say which are the best, but they all offer a similar service with cheap subscriptions. They are useful, with a single password you can keep all your passwords that we need, a rather safe and comfortable solution “.
The risks of smartworking
The urgency to run for cover on security issues was accelerated by the events in the region that hosts the capital, but also by smartworking, for Giustozzi the real trigger for the resurgence of cyber attacks: “Imagine, from one day to the next all the companies have had to make their employees work from home. But the computer we use at home, even with the VPN, is not sufficiently protected. It may not have an updated antivirus, or it may not have it at all. It could be the same one used by our children to play with it, or with us to do the shopping. Inside the company the environment is controlled, outside it is not. Huge gaps have opened up in the security of the systems “.
Is the VPN not enough? “Not at all. It only guarantees that on the other side of the computer there is you, or rather your user. But if you do something potentially dangerous with the machine in use, or suffer a violation, you put the entire company at risk. – There are many companies that have adopted smartworking very quickly, forced by the pandemic, and have done so by sending their employees home, hoping that nothing serious or compromising would happen. Unfortunately, this often did not happen “, concludes Giustozzi. As the events of these days seem to have shown.