LOCK YOUR DOOR.
LOCK YOUR COMPUTER.
LOCK YOUR ACCOUNTS WITH SECURE PASSWORDS.
Locking the door to our homes when we leave is something most do on autopilot. If you drive to work, you automatically lock your vehicle after arriving to your destination (I listen for the beep, and sometimes have to walk back to the car at my wife's disgust to hit that lock button one last time). Checking the physical locks in our life is easy, we don’t even think twice. But what about the digital locks, did you lock them too? Does it matter? Most definitely.
Trust me, you are not alone in the never ending frustration of trying to remember your latest passwords. Even those of us who spend our careers in the IT industry can get a bit tired of it. Which is why many people (even though they know better) often use weak passwords. We have all been guilty at one time or another. But, here is the thing: the small inconvenience of selecting secure passwords and updating them frequently is much easier to handle than a data breach. In a sobering reality check, the 2017 Verizon Data Breach Investigations Report found that 81 percent of data breaches were caused by a password hack.
Think of your passwords like a flood wall made up of sandbags. In one section the sandbags are eight feet tall and four feet deep. Yet, in another section, the wall is only five feet tall and two feet deep. Now, picture flood waters pushing with millions of pounds of pressure on the wall. Maybe the taller and thicker section holds, but then the waters find a weakness in the shorter and more narrow section. Within minutes, the sandbags are pushed aside by the raging waters and the whole neighborhood is buried in damaging flood waters. Like the weaker section of the flood wall, in your organization if even one member of your staff uses a weak password, it exposes the entire business to the risk of a data breach.
This month is National Cybersecurity Awareness Month (NCSAM), at IT Protectorate we encourage you to use this month as an opportunity to remind your team of the importance of selecting strong passwords and updating them frequently. #SecureIT and keep your company’s data safe.
TIPS FOR CREATING A STRONG PASSWORD
In today's competitive, always-on landscape, businesses need to be one step ahead of their competitors to thrive and retain their customers. Your business functions on technology and it should be reliable and efficient.
In light of October being National Security Awareness Month, your first objective should be to ensure that your network and interconnected devices are secure against the proliferation of ransomware and malware knocking at your firewall's front door.
Features like these and more are commonplace with what are being called Next Generation Firewalls.
Speaking of Next Generation, the same applies to Antivirus. Several new security software companies have brought new software to market which takes a new approach to Antivirus software. Gone are the days of downloading updates and definitions; now heuristics and intrusion detection and prevention are here.
We're testing these Next Generation products and have found that some are capable of stopping malware in it's tracks and restoring any data and settings that were modified back to their original state—usually in the blink of an eye.
Contact us today to learn more! We'd be happy to have a conversation over the phone, email, or coffee!
At IT Protectorate, our clients’ security comes first. Security researchers have now successfully weaponized BlueKeep (CVE-2019-0708), a name for a vulnerability Microsoft Remote Desktop. We expect hackers to start launching attacks on this vulnerability soon, if they haven’t already.
Do I need more Security Measures in place?
Yes and no. Most businesses (even home users) think they are too small to be noticed. However, hackers do not discriminate. On one hand, they may target a large business with the goal of a large payout in mind. On the other, they may target thousands, even millions of PCs across the internet in an effort to use them as part of their attack vector.
So, what are some recommendations?
First and foremost, IT Protectorate recommends protecting your connection to the internet with a Next-Generation firewall. A firewall will scan and block malicious traffic before it gets to your network (or leaves it!). These are not the firewalls that you can buy at Target or Walmart, mind you.
Second, protect your servers and workstations with Antivirus. We make sure our clients under Maintenance Programs are covered with managed AV, which we monitor for alerts and keep updated.
Third, consider cyber-security awareness training. IT Protectorate offers programs purposefully designed to trick your users into giving their credentials away to would-be hackers. Once identified, training programs are provided to give end users knowledge of key indicators which help them identify malicious emails, as well as general recommended practices to avoid data breaches, loss of funds due to falsified emails requesting payments and/or banking transfers.
Finally, know your data.
Do you offer more advanced security systems?
Security software and services is a huge focus after the last several years have seen the hacking of millions of cyber-citizens’ personal and business data breached and sold on the dark web. Contact us today and we’ll assess your network and provide recommendations according to your budget. A technology road-map is helpful as it allows you to plan and budget for your technology as well as recognize the value it provides your business and its’ customers.
Shameless plug: Here are some ideas and topics you may have come across that we offer or can simply answer questions about.
Does your business email system have minimum protections in place? There are some simple mail flow rules that can be added to prevent email spoofing, and more advanced techniques to reduce spam. For outgoing email, it’s important to have the correct records in place such as SPF, DMARC, and DKIM to ensure your email doesn’t end up in someone else’s junk box (or blocked entirely).
The Office 365 Security Road map can be found here. These tasks can be overwhelming and sometimes complicated so we recommend against beginners or non-technical users changing any Microsoft Exchange settings, however.
IT Protectorate can review your environment, find areas for improvement, and implement configuration changes to mitigate risk of users being tricked into clicking email. One of the classic cases is someone in accounting receiving an email from the CEO asking to transfer large sums of money into an account. The untrained user may be afraid to question it and just transfer the money as requested…to that prince in a foreign land posing as an executive.
While protecting against everything can reduce productivity, we recommend training end users by presenting them with scenarios such as these and tracking when they fall for the email. IT Protectorate can setup fake email campaigns that track who your problem users are, then we can schedule specific training to reduce the chances of them giving away passwords or transferring money in the real world.
Things like this tend not to be obvious but it is important to have proper checks and balances in place in the digital world. Our focus is on a balance of security and productivity, we’ll be glad to assist in protecting your business data!
We’re keeping it simple today. We’d like to offer a checklist that covers simple tasks or things to keep in mind that will prevent fraud at work and your home.
Have you or a colleague become the victim of a scam email? This tactic commonly employs fishing (in IT-speak, phishing) where the end user is enticed by some reward such as the “you have an e-card from a friend,” or someone posing as your boss or CEO, even a user from another company. Often, we think that will never happen to us—but what if you are the source?
In the same manner that hackers pose as someone you know, they can also pretend to be you. Sometimes they’re able to hack into someone’s email account and wait for the right moment, such as when a transaction is about to take place. Next, they will “spoof” your email address and change the payment method. Before you know it, another user fell for a fake email from someone pretending to be you, and instead of you receiving payment—the user was directed to pay via some other method and the money ended up in the hacker’s pocket.
There are two scenarios which require multiple solutions:
You are a scam/phishing victim.
Someone is pretending to be you.
We first recommend awareness training, whereby IT Protectorate is able to simulate such emails and send them to your users. This identifies those who need training, and sometimes we are able to identify what types of tricks your users are falling for. It may be as simple as recognizing a change in the way someone speaks/types; instead of making that questionable payment, they call you or their superior first to confirm—thereby identifying the attempted attack and hopefully avoiding a loss to the business.
We are also able to check and add configuration to your email environment that reduce hacker’s ability to pretend to be you or one of your users. This prevents embarrassment and a ding to your reputation.
Finally, we want to make sure your email service provides good spam protection. Not only does this reduce the risk of your business from being a victim of phishing scams, most spam filters also prevent viruses and other malware from entering your system. Another benefit that is often are the reduced junk emails that users receive and open; with a quality spam filter, these emails never make it to the inbox, never get read, and keep you from wasting time opening or deleting it—increasing user productivity.
Elroy is the man behind the scenes; writing posts, checking status of servers, managing networks and endpoints, and enjoying coffee in his favorite spots in Lakeland and Winter Haven, FL.