Page 21 - The Edge - Spring 2018

P. 21

MAINTAINING CONFIDENTIALITY Under the question of “What” the presenters discussed
passwords. Sanders said the policy at Mesa Public Schools is clear:
CONTINUED FROM PAGE 20 “No passwords are changed or given over the phone.” He said

and with mobile devices employees have access to an information teachers would call during the summer asking to change their
system from just about anywhere, McLaughlin said. password.
She tackled the “Who” question: Who gets access to what? McLaughlin recommended putting a space in a password,
“You should only have access to what you need to do your job,” making it more di cult to crack. Change your password every 60
she said. days, and you shouldn’t re-use one of your last ve passwords.
But, who decides who gets access? It varies from one district to Sanders asked if any of the attendees has a password policy.
the next. Some districts give that responsibility to IT, others to the A few did. He explained that a password with eight characters
Finance Director or HR. Another question to be dealt with is: How is “weak” and can be cracked by hackers in a matter of hours. It
do you decide who has access to nancial information? takes ve days to crack a password with nine characters. With 10
McLaughlin mentioned the prospect of changing someone’s characters, it takes four months to crack, and for 12 characters, it
access when that person changes jobs. She knew of a situation would take at least 200 years to crack, Sanders said.
where ve versions of a speci c job were found, and HR said they Conway cautioned against using your birth date. “If a hacker
were all correct. Not having an updated job description can be a nds that, they can go in and have access to everything,” she said.
problem. People o en use the same password for access to several
“When responsibility changes, who changes access?” she asked. information systems, which is frowned upon because it makes
“How do you let IT know when changes occur?” it easier for hackers to crack several systems. Instead of using a
Conway said she knew of a situation where an employee was word or collection of characters, attendees were encouraged use
using the sign-in of a person who had been gone for two years. It’s a sentence, such as: “My dog likes to run every day.” It’s easy to
not uncommon for employees to fail to inform IT, for example, remember, but hard to crack.
when an employee changes jobs or leaves. Who is the gate-keeper? e panelists commented on the “When” question, such as:
Who restricts access? when do you start giving access and even more importantly: when
Conway noted: “ ere is a di erence between determining
access and giving access.” CONTINUED ON PAGE 22

GENUINE PARTNERS

Building for tomorrow’s future, TODAY.

www.mccarthy.com
AZ ROC 080911, 080910
AZ ROC 080911, 080910, ,
138400, 251222

16 17 18 19 20 21 22 23 24 25 26