LOCK YOUR DOOR.
LOCK YOUR COMPUTER.
LOCK YOUR ACCOUNTS WITH SECURE PASSWORDS.
Locking the door to our homes when we leave is something most do on autopilot. If you drive to work, you automatically lock your vehicle after arriving to your destination (I listen for the beep, and sometimes have to walk back to the car at my wife's disgust to hit that lock button one last time). Checking the physical locks in our life is easy, we don’t even think twice. But what about the digital locks, did you lock them too? Does it matter? Most definitely.
Trust me, you are not alone in the never ending frustration of trying to remember your latest passwords. Even those of us who spend our careers in the IT industry can get a bit tired of it. Which is why many people (even though they know better) often use weak passwords. We have all been guilty at one time or another. But, here is the thing: the small inconvenience of selecting secure passwords and updating them frequently is much easier to handle than a data breach. In a sobering reality check, the 2017 Verizon Data Breach Investigations Report found that 81 percent of data breaches were caused by a password hack.
Think of your passwords like a flood wall made up of sandbags. In one section the sandbags are eight feet tall and four feet deep. Yet, in another section, the wall is only five feet tall and two feet deep. Now, picture flood waters pushing with millions of pounds of pressure on the wall. Maybe the taller and thicker section holds, but then the waters find a weakness in the shorter and more narrow section. Within minutes, the sandbags are pushed aside by the raging waters and the whole neighborhood is buried in damaging flood waters. Like the weaker section of the flood wall, in your organization if even one member of your staff uses a weak password, it exposes the entire business to the risk of a data breach.
This month is National Cybersecurity Awareness Month (NCSAM), at IT Protectorate we encourage you to use this month as an opportunity to remind your team of the importance of selecting strong passwords and updating them frequently. #SecureIT and keep your company’s data safe.
TIPS FOR CREATING A STRONG PASSWORD
Please be cautious of Dorian. With Hurricane Irma, we experienced winds that were primarily from one direction. While it looks like we've dodged a bullet, shifts in the direction of the winds as the eye crosses over can pack a punch due to the saturated ground.
Please be safe and alert, especially as the hurricane gets closer. Being prepared is key as the storm approaches, ensuring that we don't wake up to find out Dorian didn't turn North.
The Hurricane DR Checklist for Businesses
Does your business email system have minimum protections in place? There are some simple mail flow rules that can be added to prevent email spoofing, and more advanced techniques to reduce spam. For outgoing email, it’s important to have the correct records in place such as SPF, DMARC, and DKIM to ensure your email doesn’t end up in someone else’s junk box (or blocked entirely).
The Office 365 Security Road map can be found here. These tasks can be overwhelming and sometimes complicated so we recommend against beginners or non-technical users changing any Microsoft Exchange settings, however.
IT Protectorate can review your environment, find areas for improvement, and implement configuration changes to mitigate risk of users being tricked into clicking email. One of the classic cases is someone in accounting receiving an email from the CEO asking to transfer large sums of money into an account. The untrained user may be afraid to question it and just transfer the money as requested…to that prince in a foreign land posing as an executive.
While protecting against everything can reduce productivity, we recommend training end users by presenting them with scenarios such as these and tracking when they fall for the email. IT Protectorate can setup fake email campaigns that track who your problem users are, then we can schedule specific training to reduce the chances of them giving away passwords or transferring money in the real world.
Things like this tend not to be obvious but it is important to have proper checks and balances in place in the digital world. Our focus is on a balance of security and productivity, we’ll be glad to assist in protecting your business data!
We’re keeping it simple today. We’d like to offer a checklist that covers simple tasks or things to keep in mind that will prevent fraud at work and your home.
Have you or a colleague become the victim of a scam email? This tactic commonly employs fishing (in IT-speak, phishing) where the end user is enticed by some reward such as the “you have an e-card from a friend,” or someone posing as your boss or CEO, even a user from another company. Often, we think that will never happen to us—but what if you are the source?
In the same manner that hackers pose as someone you know, they can also pretend to be you. Sometimes they’re able to hack into someone’s email account and wait for the right moment, such as when a transaction is about to take place. Next, they will “spoof” your email address and change the payment method. Before you know it, another user fell for a fake email from someone pretending to be you, and instead of you receiving payment—the user was directed to pay via some other method and the money ended up in the hacker’s pocket.
There are two scenarios which require multiple solutions:
You are a scam/phishing victim.
Someone is pretending to be you.
We first recommend awareness training, whereby IT Protectorate is able to simulate such emails and send them to your users. This identifies those who need training, and sometimes we are able to identify what types of tricks your users are falling for. It may be as simple as recognizing a change in the way someone speaks/types; instead of making that questionable payment, they call you or their superior first to confirm—thereby identifying the attempted attack and hopefully avoiding a loss to the business.
We are also able to check and add configuration to your email environment that reduce hacker’s ability to pretend to be you or one of your users. This prevents embarrassment and a ding to your reputation.
Finally, we want to make sure your email service provides good spam protection. Not only does this reduce the risk of your business from being a victim of phishing scams, most spam filters also prevent viruses and other malware from entering your system. Another benefit that is often are the reduced junk emails that users receive and open; with a quality spam filter, these emails never make it to the inbox, never get read, and keep you from wasting time opening or deleting it—increasing user productivity.
Elroy is the man behind the scenes; writing posts, checking status of servers, managing networks and endpoints, and enjoying coffee in his favorite spots in Lakeland and Winter Haven, FL.