LOCK YOUR DOOR.
LOCK YOUR COMPUTER.
LOCK YOUR ACCOUNTS WITH SECURE PASSWORDS.
Locking the door to our homes when we leave is something most do on autopilot. If you drive to work, you automatically lock your vehicle after arriving to your destination (I listen for the beep, and sometimes have to walk back to the car at my wife's disgust to hit that lock button one last time). Checking the physical locks in our life is easy, we don’t even think twice. But what about the digital locks, did you lock them too? Does it matter? Most definitely.
Trust me, you are not alone in the never ending frustration of trying to remember your latest passwords. Even those of us who spend our careers in the IT industry can get a bit tired of it. Which is why many people (even though they know better) often use weak passwords. We have all been guilty at one time or another. But, here is the thing: the small inconvenience of selecting secure passwords and updating them frequently is much easier to handle than a data breach. In a sobering reality check, the 2017 Verizon Data Breach Investigations Report found that 81 percent of data breaches were caused by a password hack.
Think of your passwords like a flood wall made up of sandbags. In one section the sandbags are eight feet tall and four feet deep. Yet, in another section, the wall is only five feet tall and two feet deep. Now, picture flood waters pushing with millions of pounds of pressure on the wall. Maybe the taller and thicker section holds, but then the waters find a weakness in the shorter and more narrow section. Within minutes, the sandbags are pushed aside by the raging waters and the whole neighborhood is buried in damaging flood waters. Like the weaker section of the flood wall, in your organization if even one member of your staff uses a weak password, it exposes the entire business to the risk of a data breach.
This month is National Cybersecurity Awareness Month (NCSAM), at IT Protectorate we encourage you to use this month as an opportunity to remind your team of the importance of selecting strong passwords and updating them frequently. #SecureIT and keep your company’s data safe.
TIPS FOR CREATING A STRONG PASSWORD
At IT Protectorate, our clients’ security comes first. Security researchers have now successfully weaponized BlueKeep (CVE-2019-0708), a name for a vulnerability Microsoft Remote Desktop. We expect hackers to start launching attacks on this vulnerability soon, if they haven’t already.
Do I need more Security Measures in place?
Yes and no. Most businesses (even home users) think they are too small to be noticed. However, hackers do not discriminate. On one hand, they may target a large business with the goal of a large payout in mind. On the other, they may target thousands, even millions of PCs across the internet in an effort to use them as part of their attack vector.
So, what are some recommendations?
First and foremost, IT Protectorate recommends protecting your connection to the internet with a Next-Generation firewall. A firewall will scan and block malicious traffic before it gets to your network (or leaves it!). These are not the firewalls that you can buy at Target or Walmart, mind you.
Second, protect your servers and workstations with Antivirus. We make sure our clients under Maintenance Programs are covered with managed AV, which we monitor for alerts and keep updated.
Third, consider cyber-security awareness training. IT Protectorate offers programs purposefully designed to trick your users into giving their credentials away to would-be hackers. Once identified, training programs are provided to give end users knowledge of key indicators which help them identify malicious emails, as well as general recommended practices to avoid data breaches, loss of funds due to falsified emails requesting payments and/or banking transfers.
Finally, know your data.
Do you offer more advanced security systems?
Security software and services is a huge focus after the last several years have seen the hacking of millions of cyber-citizens’ personal and business data breached and sold on the dark web. Contact us today and we’ll assess your network and provide recommendations according to your budget. A technology road-map is helpful as it allows you to plan and budget for your technology as well as recognize the value it provides your business and its’ customers.
Shameless plug: Here are some ideas and topics you may have come across that we offer or can simply answer questions about.
We’re keeping it simple today. We’d like to offer a checklist that covers simple tasks or things to keep in mind that will prevent fraud at work and your home.
Have you or a colleague become the victim of a scam email? This tactic commonly employs fishing (in IT-speak, phishing) where the end user is enticed by some reward such as the “you have an e-card from a friend,” or someone posing as your boss or CEO, even a user from another company. Often, we think that will never happen to us—but what if you are the source?
In the same manner that hackers pose as someone you know, they can also pretend to be you. Sometimes they’re able to hack into someone’s email account and wait for the right moment, such as when a transaction is about to take place. Next, they will “spoof” your email address and change the payment method. Before you know it, another user fell for a fake email from someone pretending to be you, and instead of you receiving payment—the user was directed to pay via some other method and the money ended up in the hacker’s pocket.
There are two scenarios which require multiple solutions:
You are a scam/phishing victim.
Someone is pretending to be you.
We first recommend awareness training, whereby IT Protectorate is able to simulate such emails and send them to your users. This identifies those who need training, and sometimes we are able to identify what types of tricks your users are falling for. It may be as simple as recognizing a change in the way someone speaks/types; instead of making that questionable payment, they call you or their superior first to confirm—thereby identifying the attempted attack and hopefully avoiding a loss to the business.
We are also able to check and add configuration to your email environment that reduce hacker’s ability to pretend to be you or one of your users. This prevents embarrassment and a ding to your reputation.
Finally, we want to make sure your email service provides good spam protection. Not only does this reduce the risk of your business from being a victim of phishing scams, most spam filters also prevent viruses and other malware from entering your system. Another benefit that is often are the reduced junk emails that users receive and open; with a quality spam filter, these emails never make it to the inbox, never get read, and keep you from wasting time opening or deleting it—increasing user productivity.
Elroy is the man behind the scenes; writing posts, checking status of servers, managing networks and endpoints, and enjoying coffee in his favorite spots in Lakeland and Winter Haven, FL.