The steady drumbeat of recent data breaches has called significant attention to the security vulnerabilities of even the world’s biggest corporate brands and defense organizations.  These incidents have spotlighted the need for improved breach prevention measures, from basic tools like encryption to loftier cyber goals such as identity ecosystems, which would utilize new technologies, policies and standards to help protect and authenticate consumer transactions.

But sometimes lost amidst the heady discussion is the importance of the simple yet essential first line of security defense: passwords.  Too many people are complacent about this critical cyber-safety key, creating passwords that are weak and predictable, and then using those same or similar passwords for all of their online accounts.  Flimsy passwords are like an open invitation for hackers – no different than keeping the back door to your home wide open, especially in a time when the technology to crack passwords is becoming ever cheaper and more powerful.

The President himself was cyber-attacked when a hacker uncovered his Twitter account password as Bo, the name of his dog.  And since one study revealed that 75 percent of people use identical passwords for their social media and email accounts, it isn’t a stretch to cause major damage once a hacker gains a foothold into your online identity.  This is especially true when it comes to your email password; hackers can select the “I forgot my password” button to have new passwords sent to your email address and then steal from all of your accounts.

Even companies that require their employees and customers to adhere to strict password requirements can’t protect themselves and their consumers when individuals fall back on predictable password patterns.  Indeed, most people just re-use their standard passwords and, when necessary, modify them slightly with capital first letters and a number or special character at the end.

“Qwerty,” “12345,” and “password” are among the top 20 most common (and therefore worst) passwords, but the truth is that any word that can be found in the dictionary is a bad one for password use.  That’s because hackers specialize in sending out “bots” to harvest emails and possible password entry into the most common websites, and actual words and logical patterns are the lowest hanging password fruit.  Names, places, book, movie and song titles; dates in any format; words disguised with letter substitutions; keyboard sequences; and any real word at all – all of these are password don’ts.

At the most recent annual ShmooCon hacker conference, expert panelists weighed in on some key password pointers:

• It’s best to create passwords unusual enough that you have to write down subtle cues to remember them, then keep the paper in your wallet.  You’re less likely to lose your wallet than get hacked.
• Don’t re-use your passwords, or pretend you’re not re-using them by making small modifications.
• Use longer passwords – they’re more difficult to hack.
• People are lazy; getting employees to choose strong passwords might require regular password audits and institutional pressure.

Other tips:

• Third-party password programs can help you securely store passwords, although beware that even these companies aren’t immune to security threats.
• Only access secure “https” sites when using public WiFi connections.
• After using a public computer, log out of your program, clean the cookies and cache, change your password and monitor your accounts closely.
• Create your own security backup question, if possible “What is my back-up password?”  If you can’t create your own question, then lie about the standard question – for example, make up a string of random letters to the question, “What is your mother’s maiden name?”
• One password idea: create a sentence, then take the first letter from each word to assemble a unique and hacker-unfriendly password.

Our guest blogger this week is Tom Bowers, Managing Director, Security Constructs LLC – a security architecture, data leakage prevention and global enterprise information consulting firm.

Back in the days of Prohibition, organized crime burst into the national consciousness with the “ka-pow” of a Tommy gun, capturing a sometimes romantic fascination that continues to this day.  The public face of organized crime may have morphed somewhat over the years, from Al Capone and Bugsy Siegal to Vito Corleone and Tony Soprano, but the mugshots have been generally similar and the contours of “the life” familiar.

With the advent of technology, however, organized crime has flocked to new outlaw opportunities that depart wildly from the old stomping grounds.  Today, cyber crime is the hot modern racket, with offenses ranging from the seemingly mundane (non-delivery of payment or merchandise top the list at 14.4% of all online crime), to the daring (scams impersonating the FBI, which come in second place at 13.2%), to the now well-known standbys (identity theft, rounding out third place at 9.8%).  At the center of the cyber crime explosion is organized crime, often formed into global gangs (frequently based in Eastern Europe), ever more sophisticated, and comprising a new kind of operation that doesn’t look anything like the movies.

Indeed, cyber criminals have been so successful in recent years that they have seemed unstoppable, leaving federal law enforcement struggling with the fast pace of attacks and ever-changing tactics.  The FBI gained headway – and large-scale arrests in the U.S. – with the hiring of more agents with computer science, business and operational analysis backgrounds, but cyber criminals responded by outsourcing their operations to countries with weak computer crime laws and law enforcement capabilities.  Investigations across borders were bogged down by legal proceedings, arrests and convictions were slow to materialize, and negative public outcry placed pressure on governments around the world.

But now the tide has changed.  The three-year-old International Multilateral Partnership Against Cyber Threats (IMPACT) is the world’s first not-for-profit comprehensive global public-private partnership against cyber threats, bringing together academia, industry experts and governments from more than 120 partner countries.  The Budapest Convention on Cybercrime, an effort to synchronize national cyber security laws, has been joined by more than 30 different countries.  The European Union, U.S and NATO are working together to tackle cyber crime and have announced the formation of a new cybercrime center, to be operational by 2013.

As international agreements begin to take shape, global law enforcement benefits from common frameworks for cooperation.  Accordingly, countries are beginning to share enforcement officers, time and talent…and cyber crime arrests are on the rise.  Clearly, a mobilized, globalized and flexible law enforcement response to cyber criminal activity – combined with best practices for data breach prevention – are the best ways to keep today’s mob offline and on the run.