Passwords They seem to have been with us forever

Passwords: They seem to have been with us forever.

As we continue to suggest things you can do to protect the integrity of your company and customer data, here is a blog that covers an old level of security that we still rely on everyday. That protection is the password, so let’s talk about bedding up your employee’s handling of passwords.

Password hygiene – Passwords remain the most common everyday tool to ensure only authorized personnel have access to secure material. The issue is that passwords need maintenance and attention to be effective. Here are some common problems to avoid. And again, this requires a routine employee training program.

  1. Passwords that are too simple
    Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. And yes, some people are still using Myname123.
  2. One universal password
    Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.
  3. Unauthorized password sharing
    Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.
  4. Writing down passwords
    Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.
  5. Forgetting to change passwords to change passwords or revoke access.
    This is an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not sufficient. Having the right kind of password and following good password hygiene is.

Multi-factor Authentication (MFA) – When a password isn’t enough, the next step to improve security is MFA. MFA layers a second authenticator (e.g. another code, picture) etc.) on top of the password requirement. The idea is that if a password is being used by someone not authorized to do so, they won’t be able to provide the second piece of information. Consumers almost always encounter it when accessing financial services sites, but MFA is becoming more common across the board. If you use a credit card at a gas station, that request for your zip code after you insert your credit card is an example of MFA.

Prying eyes: Keeping your data safe

Prying eyes: Keeping your data safe

Even the simplest business possesses data that is proprietary and confidential. Customer and prospects lists, sales data, and personal data about customers such as their credit cards, names, addresses, birth dates. Maybe even medical information or social security numbers. If any of this data is compromised, you could face legal and reputational consequences. It is important you stay vigilant in making sure this data is as safe as it can be from cybercriminals.

If you have extremely confidential data, it may be important to use methods to address physical access. Should your server rooms be key-coded or require biometric access? Access codes for physical entry to a room are relatively simple to install. However, passcodes are pretty easy to steal or they can be shared by employees. In addition to limiting access they can also identify when and who accessed a secure location. One step beyond passcode entry is biometric authentication. Examples of biometric tools are fingerprint, iris or facial recognition. The advantages to these are clear. They cannot be easily stolen and for the user, there is no passcode to remember or a keycard to lose. An MSP can provide guidance about how to go about installing a biometric authentication system to secure specific locations.

On the other end of the spectrum, there is one excellent tool out there that can protect against one of the most common tricks criminals use to get into your data banks. That tool is employee training about phishing emails and fake websites. Phishing emails, the emails that trick you into opening a link that has been corrupted, remain a tried and true method for cybercriminals. What is the best defense? Employee training on how to avoid falling into the trap. The simplest maxim to remember? If in ANY doubt, don’t open a link. If there is any reason for suspicion, delete the email and forget about it. Also, look at the email address of the sender. Is it legitimate or is it misspelled or have a few extra characters or numbers that aren’t familiar.

What about the usage of passwords? Passwords can be hacked and stolen. there is another tool available to make passwords safer. You can make passwords more secure using multi factor authentication(MFA). MFA is pretty simple. It requires a second level of verification to prove that the password is being used by the individual authorized to use it. Examples of MFA are ATM machines that require a card AND a password. MFA very commonly requires the user to submit a code that is sent to another platform. (You’ve probably encountered this one if you use online banking)
Also, update your software. Immediately. Whenever you get an alert to update anything. Do it then. Don’t put it off until tomorrow because this update may have been released to address a recently discovered threat. This is a very simple thing to do and will offer significant protection. Additionally, your Managed Service provider may offer clients a subscription to day zero alerts. These are texts or emails that are sent out whenever a new virus or vulnerability has been discovered.

Among those firms who take risk management seriously, there is a growing awareness of the need to consider some manner of insurance to protect against the costs of cybercrime. When all else fails, and your data has been breached, how can you protect your business financially? Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. In a growing number of commercial policies, they are specifically excluded. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party. However, there are some pretty deep weeds to get into when looking for a cyber insurance policy. Just for one example, some policies may create requirements and security standards you must meet before an event will be considered a covered loss. A Managed Service Provider can offer guidance into whether this is an avenue to explore.

In conclusion, there are several tools that you can use to protect your data from cybercriminals. They range from the very simple to the highly sophisticated. Your MSP can be of help in adopting any or all of these tools. From providing employee training all the way to biometric solutions.

Four Basics to follow for Everyday Data Security

Four Basics to follow for Everyday Data Security

One of the biggest questions we get from clients and prospects is “What can we do to protect ourselves from cyber attacks?” It is a sensible concern. A cyber attack that freezes operations or seizes data can ultimately shut a company down for good. There are some basic, simple things you can do to protect your company and there are more sophisticated tools available. In this blog, we look over a spectrum of 4 things you can do to improve your data security, from the simple to the high tech.

  1. Employee training – It may seem so simple, but training your employees on an ongoing basis about their role in cyber security may be the best thing you can do. Why? Because well-meaning people do things when they get near a computer that can be very risky.

Simple things like forbidding the use of external storage devices being brought to the workplace. One of the more notorious data breaches occurred because a subcontractor employee–who had access to a large corporation’s IT infrastructure–found a thumb drive in the parking lot and plugged it in to see what was on it. Beyond that, simple phishing scams are still very effective at tricking people into opening nefarious websites. Ask your MSP for guidance on creating ongoing training programs that explain phishing scams and similar tricks and instruct everyone how to avoid them. Do it on a regular basis. It is easy to forget and let your guard down.

  1. Software updates – This one is also basic, but it carries a lot of value. Each time you receive a notice about a software update, stop and do it then. Don’t put it off until tomorrow. These updates not only provide new, improved features. They often provide fixes to vulnerabilities in the software or address threats and viruses that have developed.

  1. Zero day alerts – Zero Day alerts are kind of like a neighborhood crime alert. You are busy running your own company and your time is not spent tracking the latest threats developing out there in the cyber world. Your MSP may offer text or email alerts about new threats and how to protect yourself from them.
  2. Finally, there is a more complex, after the fact, security precaution you can take. Cyber insurance. Cyber insurance may be able to cover some or most of the losses incurred as a result of a security breach. It won’t defend your data proactively, but, should the worst happen, it may provide protection against loss revenue and damages. Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. In a growing number of commercial policies, they are specifically excluded. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party. However, there are some pretty deep weeds to get into when looking for a cyber insurance policy. Just for one example, some policies may create requirements and security standards you must meet before an event will be considered a covered loss. A Managed Service Provider can offer guidance into whether this is an avenue to explore.

    So there you have it. You have to protect your organization from the threats and consequences of data losses due to a security breach.

5 ways to make passwords more effective

5 ways to make passwords more effective

You should be using an array of security tools to protect your business data. Some can be highly sophisticated, but there is one tool that we all still rely on heavily to secure access to our business systems and data. The password. But they can be hacked and shared. As long as we still rely on them, are there things we can do to make them more effective?
Yes. There are two main areas where you can improve the security of passwords. One is improving the security of the password itself, the second is multi-factor authentication.

First, there is the password itself. This is often known as password hygiene. Good password hygiene includes

Passwords that are too simple

Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. easy to And yes, some people are still using password123.

One universal password

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

Unauthorized password sharing

Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

a

Writing down passwords

Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

Forgetting to change passwords or revoke access

This is especially an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not the solution. Having the right kind of password and following good password hygiene is.

Benefits of Using VoIP Technology

Benefits of Using VoIP Technology

More and more businesses are implementing Voice over Internet Protocol or VoIP technology because of its versatility, flexibility and cost-effectiveness. With new developments in this technology, the scope of its applications is widening. It is becoming more than just voice communications technology. That is why businesses of all sizes are migrating at an increasing rate. Here is a short list of some of the benefits.

Versatility/Flexibility: There are many VoIP service companies that have been working feverishly to enhance the use of this technology. They are bundling up other communication applications into a single unified communication platform to increase the efficiency for businesses. This means all modes of communication such as voice, fax, video, web conferencing and emails can be utilized, using a single software application. The ability of this application to convert voice into an email or fax into an email can bring a tremendous amount of efficiency to business operations. You don’t need to sign up for a separate service for a telephone or video conference. An incoming phone call can be received on a mobile phone and regular phone simultaneously. That means there are fewer missed important phone calls, and less wasted time on ‘phone-tag.’ An employee can receive an important fax on a laptop while sitting in an Internet café or within range of a Wi-Fi hot spot, and can redirect it to an associate within minutes with a few keystrokes. The list of benefits goes on.

Reduced cost: There are many ways VoIP can lower communications cost thus significantly enhancing the revenue. Here are some of the financial benefits of implementing VoIP.

  1. Cost per phone call: Making long distance or international phone calls using landlines or mobile phones can be very expensive. Charges incurred at per-minute rate can add up quickly. When you conduct business from multiple locations VoIP applications allow you to make calls from PC to PC that are free if they are within the same network. That could be significant to eliminate long distance charges if two locations are hundreds of miles apart. You can also pay a low monthly flat fee and make an unlimited number of calls, including international calls. This means much less usage of your mobile phone-minutes.
  2. Operational costs: You don’t need separate networks for data and voice communications. Everything can be done using the data network. Specially designed phones with VoIP technology can be managed right from your desktops. There are a few things at work here. First of all, you have the potential to be eliminating traditional “phone” lines, usually a significant monthly fixed cost, in addition to the per minute usage costs. Paying per minute remains a major issue if you do any international calling, or have offices located in other countries, where per minute rates may not have dropped like those in the US. Another operational cost that goes away are the labor costs involved in moving employees from office to office. Reconfiguring numbers and phones can still require physical changes. Even if they are only software changes, there is a cost to pay the technician who handles these reconfigurations.
  3. Infrastructure cost: With this technology your infrastructure cost is greatly reduced. For example, you have to pay more for the telephone extensions using traditional PBX and key systems. Using VoIP allows you to run those extensions right from your computers. Dual-mode phones can be used with this technology after making minor configuration changes. That allows the user to switch the use of a dual phone from cellular to a local Wi-Fi environment, reducing the need to carry a regular phone and a cell phone. That means fewer devices to manage.

Summary: After our discussion, the significance of implementation of VoIP can’t be overstated. Every business strives for better revenue. This new technology offers many ways to cut costs and bring efficiency by unifying all modes of communication onto a single platform. Efficiency and lower costs are always synonymous with greater revenue. Get in touch with a Managed Service Provider and ask them how they can bring you on board with this great technology called VoIP.

BYOD: Why is This Concept So Attractive to Employees?

BYOD: Why is This Concept So Attractive to Employees?

Bring Your Own Device, or BYOD, to work was an idea a few years ago that is becoming a reality very fast. To use your personal smartphone, tablet or laptop for work seems increasingly natural. Employees are embracing this concept without any serious reservations. As more and more business activity becomes technology driven, to have electronic gadgets right by your side all the time make sense. According to a survey conducted by Logicalis about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets bring their own devices to work.

Let’s examine all the factors causing people to want to use their own devices at work.

  • Familiarity: This may be the most relevant reason for someone to bring their own tablet or laptop to work. It may be the operating system, web browser, or other apps on their devices that they know so well and feel comfortable using.
  • Convenience: Companies have been providing their employees mobile phones for business use for a few decades. Now those employees have to carry two phones, since everyone also has a personal phone. This duality is a nuisance. It is hard enough to care for one mobile phone and now they have to worry about two of them. The reality is that companies expect employees to be in contact 24/7, so company devices can’t just be used at work. They have to be carried home, out to the store, etc. If the employees have a choice they would much rather carry just one phone, their own, enabling them to be reachable by family and friends anytime. Also, it could be cheaper if their company offers to share the cost of using their device for business.
  • Productivity: Convenience can also result in better productivity. Having fewer devices means fewer distractions. Fewer distractions equals less wasted time. Saving time is always good for productivity.
  • Personal contentment: It makes employees feel good to be able to use their own devices at work. Higher employee morale is very important for any organization. Happier employees are more likely to work hard. A positive environment is also a factor in lower turnover. So, if an employer gives its employees the liberty to bring their own devices to work it may have more satisfied workers.
  • Conclusion: People in the workplace are using their own devices so they can accomplish more in less time. It makes them happy to have their personal devices at work, and it makes them feel good about their job if they are allowed to use the devices that they are familiar with.

VoIP: A New Dimension in Communication for SMBs

VoIP: A New Dimension in Communication for SMBs

Voice over Internet Protocol or VoIP is about a decade old technology that is gaining popularity among individual subscribers and businesses. In conventional systems, phone calls are made using telephones or handsets that are connected by phone cables. These calls are routed using the Public Switched Telephone Network (PSTN) carrying a signal from one telephone to the other. But instead of connecting telephones to the phone cables through phone jacks in the walls, VoIP uses the internet where phones can be connected to broadband devices, adapters or PCs using broadband. With this system, voice is converted into a digital signal and carried over the Internet. Let’s take a look at all the options that are available to make calls using VoIP.

Make Calls from a PC: Using this platform a call can be placed from your PC. Your computer is connected to the Internet via broadband. A specially designed software app allows you to place and receive phone calls right from your PC. When deployed, this software displays a dial pad. You can dial a number using a mouse or keyboard. You will need a headphone or speaker to hear and a microphone to speak. When your PC is connected to a phone or another PC on the other end, you can talk like you would on a regular phone. The software with video capabilities will let you see each other (you and the recipient of your call) if it is a PC to PC call and both computers are equipped with cameras. In this case you don’t even need a telephone handset.

Make Calls using a regular phone: You can make phone calls with a regular phone using VoIP technology, but for this you will have to have a service, such as Vonage, that provides VoIP access. You can subscribe to their service for a monthly flat fee or a per-minute rate. Your regular phone can be plugged into an adapter which is then connected to a broadband device. Some services will allow you to make calls within their service network only. But there are other services that will let you make calls anywhere. That means you can call local, long distance, international and through mobile devices.

VoIP telephones: There are VoIP service providers that provide special phones. To use these phones you don’t need an adapter. Their telephones are designed to work with your broadband device. You can connect this phone directly into your broadband modem using an Ethernet cable and use the phone like any regular phone.

Companies providing VoIP services are focusing on providing unified communication platforms that will include phone, emails, faxes, videos and voice mail capabilities. Their goal is to deliver these capabilities that can be used by all means of communication including handheld devices.

The Role of MSPs: Managed Service Providers or MSPs can help businesses with the installation of hardware and software, enabling VoIP technology. This will also organize their communication networks by integrating those networks into their IT infrastructure. Now SMBs can eliminate another worry (management of their communication systems) by outsourcing their IT services.

SMBs: It is Hackers v. You – Don’t Let Them Score

SMBs: It is Hackers v. You – Don’t Let Them Score

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  • Your website: Hackers have become very sophisticated in cyberattacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cybercriminals to connect to your website database. They are able to find the loopholes and hack into systems. They can then access your customer’s personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client’s info on the Internet.
  • Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don’t know how secure their mobile phones, iPads, laptops or tablets are. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with preloaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.

Summary: After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can’t let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.

So how do you fight this war in which you have to make certain that there is only one winner? Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

Business Disaster: What Threatens Small Businesses the Most?

Business Disaster: What Threatens Small Businesses the Most?

There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.

All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.

For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing critical data on the bus. These aren’t nefarious acts, but they can still have serious consequences. Have you looked at how you might wipe clean a lost phone? What about the person who forgot to do a backup the day before a server failed?

Another area where human error can occur is a technical oversight. Perhaps an overworked tech who did not recognize the existence of a single point of failure in your IT infrastructure. To learn how outsourcing some tasks such as proactive management and security audits can solve these problems, see “Outsourcing Isn’t a Dirty Word: Meet Managed Services, Your IT Team’s New Best Friend – Managed Services”

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work

BYOD refers to a firm’s policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?

Here are some of the issues raised by BYOD

  1. A lost device – If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee’s personal devices, do you still have that ability. If not, your data is at risk.
  2. Software updates – Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?
  3. Back ups – with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.

In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide “Now you see it, There IT…Stays”.