June 2017 www.SecurityInfoWatch.com / Security Dealer & Integrator 27
virus – which caused Iranian centri-
fuges to spin out of control – was likely
inserted by an infected USB stick.
Most information from vendors can be
provided via website or other secure
means, so do not use or accept USB
sticks from an untrusted source.
While certain actions such as vul-
nerability assessments and penetration
testing can and should be taken by
organizations, dealer/integrators can
help both themselves (internal poli-
cies) and their customers by helping to
secure the following low-hanging fruit:
• Passwords – If you are working
with devices that require passwords,
immediately move away from the
default. Remember that the longer
and more randomized a password,
the more difficult it is to crack. Use
all character types available to you. If
passwords must be changed, do not
Together
we
can
Educate
Inspire
Heal
Nourish
Children and families in crisis across the USA need our help – and yours. And as a 501(c)(3) organization, Mission 500 now
has even greater flexibility to work with local charities to better support existing and new sponsors and volunteers. But even
with over 1100 children sponsored and many acts of charity performed to date, there's still a great deal of work to be done.
Get involved today! Visit mission500.org for more information.
Supporting Families Across America
Request information: www.SecurityInfoWatch.com/10487869
make the new password a variant of
the old, as that is easier to guess. Use
a password generation and man-
agement service such as LastPass or
DashLane to make this doable and
more effective.
• Email – Whether it is from your
mother, special other, or long-lost
uncle from Nigeria looking to give
you a million bucks, do not open the
attachment or click on a link until
you know you can trust it. is also
applies to texts and tweets. Contact
that person you know – directly, and
not as a "reply" – and get validation.
• USB sticks – Get your own from a
trusted supplier.
• Social interaction – Know who you
are talking to and ask for credentials
and verification.
• Security updates and patches – Do
not ignore them.
Keep Training
For those who have employees, con-
stant training and testing of your peo-
ple is a must. Even when employees
are told that a test fake email is coming
their way, many will open it anyway.
At the recent PSA TEC, two inte-
grators – Low Voltage Contractors
(Minneapolis) and Integrated Security
Technologies (Hawaii) – told me they
use such cyber awareness tests. Kudos!
For more information, check
out the type of services offered by
KnowBe4 (www.knowbe4.com)
where customized email programs,
USB security, password tests and
more are available. ■
»
Ray Coulombe is Founder and
Managing Director of SecuritySpecifiers.
com and RepsForSecurity.com. Reach
him at ray@SecuritySpecifiers.com, or
follow him on Twitter, @RayCoulombe.