Data Security Experts Stress Importance of Frequent Password Changes

It is important to change a password every 90 days and to not use the password for other accounts.

by Alli Knothe, Tampa Bay Times / October 20, 2016

(TNS) -- TAMPA, Fla. — Bill Davison has always had a passion for his career. But outside of his field, few others understood what he did.

"Now I say I'm in cybersecurity and their faces light up with interest. They ask about networks and state attacks... I'm not used to that," he said.

It's now common to talk about private email servers and ransomware at the dinner table. The U.S. information security consulting industry is valued at about $9 billion and is expected to grow about 14 percent in the next decade, according to research firm IBISWorld. Several data security companies have moved to the Tampa Bay area in the last few years, where they can find qualified employees and potential clients through MacDill Air Force Base.

On Saturday, the Tampa Bay Chapter of the Information Systems Security Association (ISSA) hosted a hacker competition. About 50 data security experts and aficionados who typically work to guard against cyber breaches spent the day in a simulation that involved breaking into a fake Hillary Clinton private email server, accessing a bogus Donald Trump chatroom and about 20 other challenges.

"Like a locksmith, you have to know how to pick locks," said Joe Partlow, chief information security officer for the event's sponsor, Tampa-based ReliaQuest. These and similar events are held regularly throughout the country to encourage networking and professional growth in the cyber security industry. Partlow said the election-inspired theme was a fun twist on everyday challenges within the profession. The event organizers also played loud YouTube videos of Trump sniffling and Clinton laughing in order to distract the hackers from their tasks.

Most of the participants Saturday were data security professionals who spend their days protecting companies from hackers trying to steal their information. Some are white hat, or ethical hackers, who are hired to test company security systems by trying to break in to their systems and report system weaknesses before a breach occurs.

One of those hackers is 38-year-old Dave Switzer. He said the biggest thing companies and people can do to protect their information is to keep their passwords secure. He recalled being able to break into one client's email just by figuring out that the client's password was his street address, which is public information. Rather than using a pet or school name, ZIP code or loved one's initials, which are easily figured out by looking up someone's Facebook page, he and other experts recommend using three random words strung together as a password.

"Anything on the Internet can be looked up," Switzer said.

It is important, he said, to change the password every 90 days and to not use the password for other accounts. That way if a hacker accesses your email, he or she can't also break into your bank account. Davison, 31, who works for a cloud services company in Tampa, recommends consumers turn to password encryption tools like LastPass to keep track of it all.

Beyond the election-inspired challenges, hackers during the event Saturday had to figure out how to find a hidden document disguised in the code of a picture, pinpoint the coordinates of a fake wifi account at a bar in downtown Tampa, and even access a fake bank account.

"It's creepy, but its cool," Switzer said.

©2016 the Tampa Bay Times (St. Petersburg, Fla.) Distributed by Tribune Content Agency, LLC.

Platforms & Programs