An average individual comes into daily contact with a variety of personal apps, websites, remote connections and enterprise applications. And this concoction of connections brings with it a variety of access and authentication requirements. Successfully navigating the gauntlet of our digital world, especially when going public, private, or hybrid cloud, without exposing yourself to significant security risks can be a challenge. In practice, the vulnerabilities are pronounced. A quick look at the most common passwords of 2018 is concerning: 123456, password, 123456789, 12345, 111111, 1234567, sunshine, qwerty, iloveyou.
Access management has become the norm
The challenges of managing one’s passwords are complicated by the differing requirements of different platforms—password conventions, expiration cycles and authentication methods make the task of organizing one’s suite of credentials daunting. One cans see how these challenges lead people to simplify their passwords, sacrificing security for simplicity.
iloveyou2
Password proliferation has become the norm. With every new app, website and device that we commandeer, there’s new access information created. Moreover, many of these systems require a periodic reset. Keeping track of all of these passcodes can be likened to taking a mnemonic census of an anthill.
Archimedes once said that if only he had a solid rock on which to stand, he would move the earth.
If you assume that your passwords are a firm footing, prepare to have your assumptions rocked. It is believed that up to 80% of common hacking activities are due to compromised credentials, mostly in the form of stolen usernames and passwords. Worse still, IT Managers report 73% of all passwords used are duplicated in multiple applications. When people use the same password for multiple systems, having one password exposed may compromise the whole network of applications. Luckily, password management doesn’t mean you have to buy a walk-in safe to store your password diaries. To keep it simple, here are a few tips to memorize as a starting point for improved password management:
Never use the same password twice
Never write down your passwords
Never share your passwords with anyone else
Never use real words or known information about yourself in your passwords
Avoid commonly used passwords
The last bullet is especially salient—50% of all attacks involve the top 25 most used passwords, proving there are risks involved in “getting qwerty” with your password management procedures.
Need a more sophisticated password management plan?
Let’s talk password management solutions and multi-factor authentication, two great ways to prevent getting hacked.
Password Manager: A password manager solution, such as SolarWinds’s PassPortal, allows you to store all of your passwords in one place. This makes managing and remembering all of them much easier. Make sure your password manager solution is itself password protected, preferably with multi-factor authentication.
Multi-factor authentication: Multi-factor authentication is the use of additional forms of authentication in conjunction with a traditional password. This most often takes the form of a shared key, sent to a separate device, or calculated through a common authentication application. This makes it difficult for a compromised password to compromise the application. Enable multi-factor authentication wherever possible, but make sure your secondary authentication source is equally secured with a strong password—failure to do so is like having a biplane write your shared key in the sky.
qwertyiloveyou2!
Random password generators can also help create passwords, but the results are often long random jumbles of characters and quite difficult to remember. Unless you can recite the longest word in the world from memory, you might want to use these password management tools in conjunction with a password management solution. If you’re a business owner trusting dozens or hundreds or thousands of employees with sensitive information, then a managed IT solution that includes password management will definitely be the safest way to interact with the millions of letters, numbers and characters that are involved in the multitude of passwords that access the data of your systems.
The word “outsourced” makes some business owners curious and others nervous when it comes to IT services. “MSP” is another term floating around, and you might also come across “IT-in-a-Box” when you go looking for help with your systems. Managed IT (our favorite code phrase) can mean a lot of things. If you’re a manufacturing or distribution company, then IT services might mean, among other things, industry-specific Cloud or Hosting platforms.
When Nobody Sees the IT Stop Signs
When it comes to your ERP and IT systems, you need effective stop signs that work both internally and externally. Your cybersecurity infrastructure can keep your team safe and productive while also keeping the bad guys out. Cybercrime is a 1 + 1 relationship. If you didn’t have a team to be hacked, then you wouldn’t ever need to worry about adding a hacker to your network.
Stop Sign 1: Your company’s IT services need to ensure that your employees are traveling through safe pathways and that they know when to stop before falling into the webs of ransomware or other destructive malware.
Stop Sign 2: Your team’s mobile devices, laptops and desktops all make friends on a daily basis. This is essential for business growth. Because of this, IT services ideally provide a clear STOP sign for potential trespassers—a bold indication that cyber tricksters will not be tolerated, even on the fringes, and will not be unknowingly welcomed in by your team.
A Wanted Man or a Wanted Spam?
But how do you know if your system has a “Most Wanted” sign that’s attracting criminals rather than telling them you already know they’re the lawbreakers? When it comes to business, you’re continually building relationships, and hopefully these become lifelong friendships. You trust your most valuable data to your IT talent. When it comes to managed IT services, business owners and other decision-makers might squint at the cyber lineup and not know whom or when to choose. Here are 4 signs your staff would benefit from a partnership with a managed IT and cybersecurity firm:
High-value IT projects, best done internally, are distracting your key players or forcing them to work long hours.
IT operations are unpredictable or unreliable, causing project or system failures, yet you don’t want to grow or change your employee pool.
IT costs are variable or steep, and you’d like a more predictable budget.
Security and compliance issues are overwhelming your team.
Every second of the day you rely on experts to protect you. The meteorologists warn you of bad weather. The firefighters alert you when it’s a fire risk to roast a s’more. The doctors warn you of heart attack predisposition. In regard to IT, the challenges you face include ransomware that could destroy the business you’ve worked so hard to build. This holds true whether you’re a DoD manufacturer, a medical clinic, an accounting firm, a lollipop distributor, a small-town bank… the list goes on. Because the hackers are always available to friend you, you’re always risking adding them to your inner circle, making your 1 + 1 relationship one of IT enemies, rather than friends. A 1 (your team) + 1 (EstesGroup Managed IT services team) relationship will keep your IT math simple, your budget profitable, and your company safe.
Are you looking to add a friendly IT expert to your network? Is your IT department working overtime to keep up with security, compliance, updates, backups or other system projects on your company table? Chat with us today!
Cell Phone Theft Prevention: Digital Assets vs. Liabilities
With more people working outside of the office, companies need to prepare their employees for the possibility that company and personal mobile devices could be lost to theft or misplacement. Remotely securing users can be a challenge for small companies and large companies alike. Fortunately, there are easy ways that companies and employees can prepare and prevent the loss or theft of devices before it happens. Whether you have a mobile device or a hardwired PC, these device prevention tips can ensure that your phones and laptops are assets, rather than liabilities.
Step 1:Make sure your device is locked and so are the apps!
In this day and age, most laptops and other portable devices can be locked (both physically and by using a passcode). Yet, anyone hanging out at a coffee shop will notice many people going to the restroom, paying for food or going outside to take a call with their devices left unattended and unlocked. Don’t be that person and become the victim of theft or loss (or even a drive-by malware install). The likelihood of theft in such public and transient locations tends to be high, and relying on the video camera of the theft doesn’t guarantee the return of the device. Take your devices in a bag with you if you leave the location any reason and also when you don’t have a direct line of sight on you and your company’s belongings.
When walking in crowded locations make sure to close all of your bag openings (lock them if you can) and be aware of how easily a device could be taken without your knowledge. Visible and unsecured devices are targets of thieves and could fall out of whatever you are holding them inside. Having a cell phone with critical information in the back pocket of your jeans is an invitation for accidents or worse to happen. Cell phone theft prevention needs to be proactive. Know where your device is at all times and know how to prevent both physical and digital theft.
Step 2: Know where your devices are located.
Most phones have the capability to track where you might have left it or where someone has taken it. These features are great but you can also step it up a notch with 3rd-party tools made for this purpose. A simple search will yield a number of location security applications built for business consumers.
In addition to 3rd-party applications that can help you find devices, if you want to add another layer of security there are a few physical GPS devices available. These small devices are not prohibitively expensive and can be slipped into a phone/tablet case, a briefcase or a backpack for an extra layer to identify where a device is located.
Step 3: Consider having the device engraved or having return information placed on the device
Another tip that is overlooked but important is to have devices engraved so you can add return (and reward) information in the event that a device is misplaced. If engraving is not possible, a sticker with your contact details is also another useful option. Not everyone is out to steal your device. Mobile device theft prevention savvy also protects you from your data ending up in a lost & found box. Sometimes we simply misplace our laptops or phones, so leaving contact details in the event of a loss will facilitate the return of your device.
Step 4: Encrypt or remove sensitive information
Luckily there are plenty of options to encrypt information on your devices. Not only do many operating systems provide you with encryption options, but there are also many 3rd-party applications to help you. VeraCrypt is a free/open-source disk encryption software that’s worth considering if you are looking for free options.
Beyond encrypting sensitive data, developing a mindset of being rigorous about the removal of sensitive data (that includes photos of sensitive information) will help you avoid unwanted access to your devices that might hold sensitive information.
Cyber Thieves vs. Cyber Peace
While loss prevention isn’t always avoidable, these tips will help to reduce the probability of loss or theft and ensure we are doing everything to prevent our devices and the sensitive data (like information protected by HIPAA) from being accessed by unwanted individuals, hackers, or dark web cybercriminals. If you do become a victim of device theft, or if you lose your device, then EstesCloud BDR, or a similar disaster recovery solution, can help return cyber peace to your world of data. Cell phone theft prevention is becoming a more critical issue for businesses because remote workers often install work apps on their iPhones, Samsung Galaxies, or other competing brands.
Brad and Daryl talk about IT strategies for remote teams
Brad and Daryl sit down this week for a Q&A style chat to unravel a few of the complex IT issues in today’s work from home (WFH) environment. At a high level, Daryl emphasizes how we should not make the mistake of trying to plug pieces of cloud software together expecting them to work properly. That is almost impossible to do effectively without the appropriate policy to guide the technology. You will need to understand how you will provide guidance to your end users faced with a variety of remote work environments (working for a cafe, home office, etc) and the new tools you will use to manage staff.
They move on to talking about some of the end-user WFH problems from asking the question “what does work from home mean?” to discussing what technology can be used to help get users up and running while also creating business efficiencies.
Throughout the discussion, Daryl covers a variety of other topics such as data security, public vs. home wifi, two-factor authentication, remote access vs. remote control utilities, data access, machine vulnerabilities and many other topics.
Brad and Daryl do an excellent job of taking some big, complex issues around WFH and explain the issues that every business owner needs to be aware of as they navigate moving their staff into the cloud and potentially hiring a company like EstesGroup to help them with their remote IT management.
Of course, you can always reach out to our managed IT services team. We’ll help you throughout the entire process of moving your company into the cloud and help you avoid the costly mistakes that can put your entire business at risk.
Are you having issues with or have questions about your current IT management? Contact us today.
As you might have heard, or possibly experienced, ransomware is a particularly nasty form of malware that holds your files hostage. In fact, DC webcams were hacked by ransomware before the inauguration! In the past, the ransom was usually just under $2,000 and, if you paid it, you probably got your files back. Those days are passing quickly.
Lately, one of the biggest dangers of ransomware is that they’ve figured if you’ve paid once, you’ll probably pay again, so paying actually sets you up to get hit again! “Fool me once, shame on you, fool me twice…” In fact, we recommend against paying the ransom at all!. If infected, you can contact the FBI and while they won’t get your files back, they will open a case. I suggest you have a strategy for ransomware prevention implemented BEFORE you get hit.
To add injury to insult, when you do come up with the Bitcoin to pay (no, they don’t take American Express), there’s a possibility that you WON’T get your files back! The unlock key simply doesn’t work, and the bad guys no longer are interested in you at all. They got what they wanted,they might even ask for MORE money! Another danger of ransomware is that newer variants will also start randomly deleting files until you pay up! Ouch!
Paying $600-$1,800 might not seem like a lot, but I am preparing for the day when the hackers don’t just demand money to return your files, they’ll start demanding MORE money to stop deleting your files, or worse yet, sell your files to your competitors! Can you afford a $20,000 ransom or risk your confidential data appearing in your competitors inbox?
Do you have a rock-solid backup policy? Have you been hit with ransomware and don’t want to fall prey again? Contact us today and let’s talk about ransomware prevention. Our EstesCloud cybersecurity suite has the vaccine for ransomware!
________________________________________ Click here to schedule a meeting to let us help you make your technology a no-brainer! Fill out the form below to get a fact sheet that will help you decide if you need managed IT services for your business.
