Many hackers simply want access to private information, like databases filled with credit card numbers and sensitive company data. All they have to do is figure out your administrator password. Many times they'll attempt to grab it through "social engineering"-calling or e-mailing you or an employee, claiming to be a technical support person. Then they'll go to work on schmoozing you out of your password. Hackers may also try to "crack" your password, choosing from a variety of password dictionaries, which automatically try thousands of word/letter combinations. Take the following measures to avoid this scam:
- Create and use good passwords. A successfully cracked administrator password gives an intruder virtually unlimited power, so make sure your password is complex. AntiOnline.com, an Internet security journal, recommends you use a combination of upper and lower case letters, numbers and symbols. Don't just spell a word backward or add a couple of numbers to the end of your name. Never use a password that can be found in a dictionary of any language. Create a unique password for every instance where one is required, and change your passwords periodically.
- Separate customer data. "The safest thing to do is have a Web server that's totally separate [from confidential information]," says Erik B. Sherman, networking expert and author of Home Networking! I Didn't Know You Could Do That (Sybex, $19.99) Transfer credit card and other personal data to a stand-alone computer each day, erasing the sensitive information from the server.
- Never tell. Obviously, never divulge your password, ever, no matter who claims to need it.
- Create a company security policy. If you have employees or contractors with access to the network, outline procedures for password safety in a company security policy. Make sure your staff understands how vital password secrecy is to data security, and that you are the only person with whom they should ever share their password.