The Worst Passwords


Hackers use large databases of common passwords to hack into accounts and steal information.  Some of these databases can consist of several million words and permutations of those words.  Mark Burnett, a security consultant, author, and blogger compiled the top 10,000 common passwords. Here are the top 25 to avoid:


1. password
2. 123456
3. 12345678
4. 1234
5. qwerty
6. 12345
7. dragon
8. pussy
9. baseball
10. football
11. letmein
12. monkey
13. 696969
14. abc123
15. mustang

16. michael
17. shadow
18. master
19. jennifer
20. 111111
21. 2000
22. jordan
23. superman
24. harley
25. 1234567

Here are some interesting facts gleaned from his data:

  • 4.7% of users have the password password;
  • 8.5% have the passwords password or 123456;
  • 9.8% have the passwords password, 123456 or 12345678;
  • 14% have a password from the top 10 passwords
  • 40% have a password from the top 100 passwords
  • 79% have a password from the top 500 passwords
  • 91% have a password from the top 1000 passwords

Consider changing your password today.

Simplify with Outlook Rules

If you get several emails daily from the same sender, your inbox can quickly get out of hand. To help keep your inbox clean and organized, create a rule to move emails to a folder when they are received.

Right-click on the email message you want to move automatically into another folder and select create rule.


Once that’s done, it will open up the Create Rule screen so we can choose the conditions for the email. After you’ve chosen what conditions you want to apply then we need to click “Move the item to folder”.


Browse to the folder location you want the email to be sent to or create a new one.


Click OK in the Create Rule window then OK on the following confirmation dialog box. You can also select to have it run the rule on messages that are already in your mailbox.


That’s it! This one basic rule can be very handy for keeping your Inbox under control.

BYOD and Consumeration of IT

IT for some organizations has been a purgatory, where the law of the land is "Just say No". Between virtualization and the cloud lies BYOD (Bring Your Own Device). It inherently requires a "Just say Yes" IT Policy, allowing users to bring in smart phones, tablets and laptops adding great flexibility to a workforce that increasing uses advanced technology in their day-to-day home lives. However, this added flexibility translates into the very real potential for reduced security, data availability and overall reliability. 

Imagine two scenarios; A, where necessary users are given company issued 8 year old BlackBerrys, and B, where users are free to bring in the smart phone of their choice. The IT staff in scenario A have much easier control over access to company resources and can easily control a user's phone as needed, but overall usefulness of that phone is relegated to email, minimal web usage and an occasional app (if you're lucky). The IT staff in scenario have much lighter ties to the devices, making supporting them potentially difficult, but users have access to the full mobile web, including all the cutting edge apps and platforms they wish to use for pleasure or for improving their work processes, but at the risk of easy data loss, security vulnerabilities and worse.

There is a middle ground that must be pursued, and as a few of our customers have found out, it's very dependant on the specific use cases and amount of involvement the staff (IT and non-IT) is willing to put into it. That middle ground can be broken down into a few pieces:

  • Access Policies: The policy side is the best starting point; do users get to access email and any other resource whenever they wish? Are hourly employees included in that policy? Do users need to be pre-approved or can anyone easily add access themselves?
  • Inclusive or Exclusive Device Support: Is IT mandated to support all devices? (Keep in mind that includes incredibly old, broken down, manufacturer-unsupported hardware) Are they to support only a few select manufacturers or OS levels?
  • Device Management: What tools can IT use for remote wiping a lost or stolen phone, keeping personal items separate from business, and preventing data leakage?
  • User Expectations: This is perhaps the most daunting, since users once being told to "Bring your own device" will take that to mean their old Palm Pre, iPod or BlackBerry, perhaps even necessitatingadditional services to be installed and maintained in the infrastructure to support those. IT will also have to learn each and every device and be subject to fixing carrier-side issues or helping them regain access to a lost Facebook account.

Overall, the promise of BYOD can be great, but in reaching for that worthwhile goal, a business must make sure it doesn't exceed its grasp on data, workflow and business at hand.

If you'd like additional information regarding BYOD, Cloud Computing, Virtualization or any other technology, please contact Catalyst Technology Group at (541)284-2656 or email us at

New and dangerous malware


The last few years has shown us some very interesting new security holes in the software we all know and love. Gone are the notions that just having a machine off of a network would completely remove all security worry or that having a Mac was a shortcut to peace of mind. Recently, Microsoft released a particularly critical patch (MS12-020) for a common tool most businesses utilize in some capacity: Remote Desktop.

For those who haven’t heard of it, Remote Desktop is a method of connecting to another computer and being able to use it as if you were right in front of the screen yourself. It’s been security best practice to make sure this service isn’t available from the outside of a company network, but that isn’t always possible from a usability standpoint. This issue underscores a few, common methods to keep your computers free from those unwanted bugs.

  • Run a security suite (and keep it updated!). While this shouldn’t be your only line of defense, it will nab the most common malware. Having a Mac isn’t an excuse any longer as well. Examples include AVG, Symantec, and Trend Micro.
  • Stay updated! The vast majority of successful exploits rely on unpatched computers; that means Microsoft Windows, Microsoft Office, and our favorite problem children Adobe Acrobat Reader, Adobe Flash, and Oracle Java.
  • Turn the firewall on. All modern operating systems come with a firewall that’s enabled by default. This has some usability consequences but will enable you to hop on those free wifi networks at your local coffee shop and not have to worry so much about a nefarious cohort in caffeine prying into your files.
  • Don’t plug in unknown flash drives. Found a flash drive in the parking lot and want to see what’s on it? Chances aren’t bad that there are some latent baddies lingering on that free hardware, and the likelihood that there’s something interesting on there is much, much lower.
  • Practice safe browsing. Just browsing is an easy way to get infected, usually called ‘drive-by downloads’ even popular sites aren’t safe from third party advertisers loading virus-ridden files directly to your computer, oftentimes bypassing the antivirus as though it wasn’t even there. From using Firefox and Chrome browsers in lieu of the much maligned Internet Explorer that comes preinstalled on Windows to utilizing OpenDNS (which trims most of those bad sites of known bad stuff) there are a number of ways to protect yourself.
  • Avoid attachments from unknown or unexpected places. Anti-spam filters have gotten a lot better, but there are still emails that occasionally ask you to run a program attached to the email to view shipping details for a package you never ordered. Most communication doesn’t require an attachment of any kind, so it’s better safe than sorry.
  • If you’re suspicious, stop! If you think something’s fishy, contact whoever sent you the email or close the page. If you think you’re infected, don’t ignore it, you may lose private data to unscrupulous people around the world. A professional opinion is a safe bet.

Catalyst Technology Group’s Managed Service provides automated and enforceable security policies on your company’s servers and workstations to make unexpected downtime a thing of the past. Contact us for more information.