I am continually amazed at how lax some individuals and organizations are when it comes to securing their computers and networks.  Here are some helpful hints to securing your technology infrastructure.

First, regularly change all passwords, especially ones with administrative access to systems.  Additionally, when you add new networking hardware, change the password from the default value.

Second, write down all important passwords and keep them in a secure location, like the school’s safe or a locked file cabinet.  I know that most of you have probably heard that you should never keep a written list of passwords, but it’s preferable to being in a situation where no one knows what those passwords are.  Case in point, I know of a several situations where an organization contracted out some computer work (server, etc.) without obtaining passwords from the people doing the work.  Later on, those same individuals refused to hand over the passwords.  Further, the individuals in question had remote access to the servers, so the organizations were forced to pay someone else to redo all of the work that had been done.  Always, always, always, get your passwords from outside contractors, and change them once the work is complete.

Third, make it clear to all employees that they should never give any password to anyone.  The only possible exception to this may be to give a password to an internal tech support staff member (but never a student worker) in the event of a user-specific problem.  And if you do give out your password under these circumstances, change it immediately afterward.  Also, stress that users should log out or lock their computers if they are leaving the room.

Finally, create a list providing staff with some ideas for creating difficult to guess, but easy to remember passwords.  Emphasis that passwords should never be names of family or pets, birthdays, or anything else easily guessed by someone with a bit of information about someone.