Skip to main content
National Cyber Security Awareness Month

Information Security Blog

Information Security Blog

Adobe Flash continues to be plagued by vulnerabilities

Password Day 2015

World Password Day 2015 | 05.07

World Password Day 2015

Are you as clever as you think?

Data breaches make the news almost daily. If your passwords are easily crackable, your accounts may already be compromised. If you do not regularly change your passwords or use the same password for multiple accounts, you are at even greater risk. You (or others) can check if your credentials have appeared on password dump sites with minimal effort. Upgrading your password now is easy and can save you a lot of trouble later.
  • Make long and strong passwords.
  • Use unique passwords for every account.
  • Don't share your passwords.
  • Use a password manager.
  • Change your passwords regularly.
  • Lock your mobile with a PIN or password.
  • Stop using one word passwords.

Guidance on security of printers, scanners and copiers

Replication Device Security

PrinterThe National Institute of Standards and Technology has published the internal report, Risk Management for Replication Devices. It provides guidance on protecting information processed, stored, or transmitted on replication devices (i.e. printers, scanners, copiers, multifunction devices).
The report addresses threats and vulnerabilities including:
  • Default passwords and configurations
  • Unencrypted data transmission or storage
  • Access control - waste of resources, denial of service, unathorized storage
  • Open ports/protocols
  • Outdated and/or unpatched operating systems and firmware
  • Compromise (e.g. use in botnet or as relay point)
  • Sanitization
  • Physical security
The report also describes security considerations throughout the system development life cycle including:
  • Initiation - how the device will be used
  • Development/acquisition - the necessary capabilities
  • Implementation - configuration of security controls
  • Operation/Mainenance - performing updates/upgrades and identifying compromise