multifactor authentication – GC Infotech LLC Work Smarter!

6 Proven strategies to keep your work devices secure

The rise of remote work and virtual communication has made it more important than ever to secure our devices against cyberthreats. Hackers are constantly finding new ways to exploit our digital vulnerabilities, from webcam spying to unauthorized screen viewing. But don’t worry! There are steps you can take to protect yourself.

Install anti-malware software

No matter what type of device you are using, it is important to install security software that includes an anti-malware component. Malware, short for malicious software, can infect your device and cause a range of problems, from stealing your personal data to taking over your computer’s processing power for criminal activities. Anti-malware software can detect and remove malware from your device and prevent future infections. It is important to keep your anti-malware software up to date with the latest definitions and to run regular scans to ensure that your device is protected.

Watch your webcam

One of the scariest implications of a malware attack is the potential for webcam spying. Certain types of malware allow cybercriminals to gain access to your webcam and watch what you are doing in real time. That means criminals can spy on your personal life, surveil your business meetings, and even record compromising moments for blackmail.

The best way to protect yourself is by using a webcam cover or sticking black tape on your webcam when not in use. You should also check which applications have permission to use your webcam and make sure none have more access than necessary. For instance, if you are using Zoom, you might want to only allow the app to access your webcam when you are actively using it. Some laptops even come with a hardware switch that physically disconnects the webcam, so take advantage of this if your device offers it.

Use a privacy screen protector

When you’re using your device in a public area, people can easily look over your shoulder and read what’s on your screen. You can protect your information by using a privacy screen protector, which is essentially a filter that reduces the amount of light coming from your laptop or smartphone. This makes it impossible for people around you to see your information unless they are directly in front of the screen.

Lock and password-protect your devices

If you like to work in a café or other public space, it is important to enable auto-lock on your device. That way, even if you’re away from your device and someone picks it up, they will not be able to access it. It is also important to password-protect your device with a complex combination that only you remember, so that no one else can gain access to your data.

Leverage stronger authentication methods

Multifactor authentication (MFA) has become the norm for securing access to sensitive resources. With MFA, you need to enter an authentication code to gain access to your account. However, IT experts caution against using SMS authentication due to its vulnerability to cyberattacks. A better alternative is to use either a USB security token or biometric authentication such as fingerprints, retina, or facial scans. These additional methods of authentication are much more difficult to compromise because cybercriminals would need to physically possess the authentication device or replicate biometric information, which is nearly impossible.

Be extra cautious with public Wi-Fi

Public Wi-Fi networks are a common target for cybercriminals. In most cases, the network is not encrypted and hackers can easily eavesdrop on any data that is transmitted over the network. Additionally, malicious actors can set up fake networks that look legitimate but are actually designed to harvest your personal information.

To protect yourself when using public Wi-Fi, enable a virtual private network (VPN). VPNs encrypt your data traffic so that it is not visible to cybercriminals. However, in an ideal world, you should stay away from any public network as much as possible and only connect to private networks that you trust.

If you need professional solutions and expertise to keep your devices safe, we can help. Contact us today to learn more about our security services and get the peace of mind you deserve.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

March 6, 2023/by John Murray

Security

How to create stronger passwords

Passwords are a necessary evil in today’s world. We need them to protect our online identities, but they can be a pain to remember and type in. That’s why it’s important to ensure your passwords are up to date and compliant with the National Institute of Standards and Technology (NIST) guidelines. NIST released updated password guidelines that include new requirements for length and complexity. In this blog post, we will discuss the new NIST guidelines and how you can update your passwords to comply with them.

Outdated practices

The previous NIST guidelines on password creation followed a conventional approach to password security. The guidelines recommended regular password resets and the use of long, complex passwords (i.e., required minimum number of characters, use of special characters and numbers, etc.).

But these guidelines unintentionally led to people making weakening passwords using predictable capitalization, special characters, and numbers. And though users changed passwords on a regular basis, many assumed that they could simply add or change one or two characters in their password. These practices proved to be ineffective and resulted in the creation of passwords that hackers could easily crack via brute force.

Stronger password for better security

NIST eventually admitted that their initial recommendations only caused more difficulties than it resolved. In 2020, the organization updated its guidelines.

Among the most notable changes are:

Frequent password resets are no longer required. Resets are now only required in case a password is compromised or forgotten.
Password complexity requirements have been dropped in favor of construction flexibility — NIST recommends the use of long passphrases instead of long, overly complex passwords.
Mandatory screening of new passwords against lists of common or compromised passwords is highly recommended.
The use of nonstandard characters, such as emoticons, is now allowed.

The implementation of multifactor authentication (MFA) is encouraged. MFA has many advantages, which is why most cybersecurity experts advise businesses to adopt it in their login policies. By requiring multiple sources of authentication, MFA helps prevent unauthorized access to sensitive information and systems.

Microsoft 365 data security: 7 Ways to boost protection

Microsoft 365 has become an incredibly popular choice for enterprises of all sizes looking for a comprehensive set of tools for staying productive and secure. But as with using any software, it is important to take steps to protect your data. In this article, we will discuss seven ways to boost data protection in Microsoft 365. We will also provide tips on how businesses and employees can stay safe online.

Secure mobile devices

It’s common for employees nowadays to use personal smartphones or computers to access their work email, calendar, contacts, and documents, especially if they’re working remotely. This is why securing employee-owned devices should be a critical part of protecting your organization’s data.

Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Turn on policy alerts

Establish policy notifications in Microsoft’s Purview compliance portal to help you meet your company’s data security obligations. With policy alerts on, your employees will receive tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Use multifactor authentication

Using only a password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Enable multifactor authentication (MFA) so that users will be required to supply additional credentials on top of a password before they can access their accounts.

MFA makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information exposes you to security risks because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data.

By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity. This can prevent hackers from taking over users’ devices and accessing private information.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, thus minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Call us today and our IT experts will help find the right cybersecurity solutions for you.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

September 23, 2022/by John Murray

Security

It’s Time For A Refresh! 4 Cyber Security Trainings To Do With All Employees

Students are returning to the classroom now that back-to-school season is officially underway. During the first few weeks, teachers will be reteaching their students the topics they learned in the previous school year to help them regain knowledge they may have forgotten during summer break. But students aren’t the only ones in need of a refresher every year. Your employees also need to be refreshed on company policies, values and, most importantly, cyber security practices.

Did you know that human error accounts for 95% of all successful cyber-attacks? When a cybercriminal is planning an attack, they look for weak points within a company’s cyber security plan. The easiest spot for hackers to exploit is a company’s employees. New cyberthreats are created on a consistent basis, and it’s important that your employees know what to do when they encounter a potential threat. If your employees are not routinely participating in cyber security trainings, your business could be at risk, regardless of size.

Every single one of your employees should be familiar with your cyber security practices. When they’re hired on, they should go through an initial training that lays out all of your practices, and they should also participate in refresher trainings throughout the year to ensure that the entire team is on the same page with cyber security. At the very least, you should host at least one security training annually. If you’ve never put together a cyber security training, you may be wondering what topics you need to cover with your team. Below, you will find four of the most important topics to cover.

Responsibility For Company Data

This is your opportunity to explain to your employees why cyber security is so important. They need to understand why cybercriminals are interested in your company’s data and what they could potentially do with it. Everyone on your team has a legal and regulatory obligation to protect the privacy of your company’s information. When discussing this topic with your team, it’s imperative that they know the ramifications of falling victim to a cyber security threat.

Internet Usage

Does your company have restrictions on what websites your employees can use while at work? If not, that’s something you should look into. Every device that’s used by your employees should have safe browsing software downloaded onto it to prevent them from stumbling upon dangerous sites that could put your company’s data at risk. Your employees should know what sites are acceptable to use and that they should not be accessing their personal accounts while connected to your company’s network. They should never click on links that are sent from an anonymous source or are found on an unapproved website.

E-mail

If your employees utilize e-mail while at work, it’s important that they know which e-mails are safe to open. Employees should not respond to e-mails that are from people they aren’t familiar with, as that could be a cybercriminal attempting to gain access to your company’s data. Employees should only accept and open e-mails that they are expecting or that come from a familiar e-mail address.

Protecting Their Computers

If your employees have their own personal computers, they should be doing everything in their power to keep them protected. Whenever they walk away from their computer, they should make sure it’s locked; they should also never leave their computer in an unsecure location. Also, ensure that your employees are backing up their data routinely and have downloaded necessary antivirus software.

It’s of the utmost importance that your team has been fully trained in your cyber security practices. If they haven’t, they could open your business up to all sorts of cyber-attacks that will damage your company’s reputation from a customer perspective. Your business will also no longer be compliant, and insurance companies may not cover your claims if your team is not participating in regular training.

Ensuring that your team is aware of your cyber security practices and actively taking steps to strengthen your cyber security is the best way to stay compliant and prevent cyber-attacks. If your team is not regularly going through cyber security training, you need to start. It will offer more protection to your business, which will make your customers more comfortable doing business with your company.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

August 22, 2022/by John Murray

Business Operations, Mobile Workforce

Businesses are still risking plenty when it comes to remote working

Many businesses still haven’t figured out secure remote working

It’s been more than two years since the pandemic forced much of the world into lockdown, with many companies thrown into a remote working environment.

But new research has shown the majority still haven’t figured out how to keep their workforce secure as they work from their kitchens, local libraries, coffee shops, and airports.

A survey of 3,000 IT staff and other employees conducted by TechRadar Pro, in partnership with Perimeter 81, shows that more than three-quarters of businesses have at lease some remote employees.

Their responses to questions around intended spending for 2022-23, however, revealed that many still do not have the necessary protections in place; 10% will look to implement some form of access management, while 9% will prioritise VPN and zero-trust solutions, respectively.

Further, just half (50%) of firms have a cloud-based cybersecurity solution in place, with an additional 15% saying they are currently exploring their options.

VPNs and firewalls reign supreme

Ever since the pandemic, the number of cyber-incidents, data breaches, business email compromise attacks, and ransomware attacks has spiked, bringing with them billions of dollars in damages.

Cybersecurity researchers argue that many employees who were forced into a remote working environment weren’t prepared, and ended up compromising their corporate networks with malware-laden home devices running no antivirus solutions, password sharing, and falling victim to phishing and other social engineering attacks.

However, now more than two years since the transition, it should be expected that businesses hold up their end of the bargain too, putting in place the necessary services to protect against threats.

The data shows that companies are performing strongly when it comes to a web security (more than two-thirds have either web or malware filtering solutions set up). Cybersecurity solutions like VPNs and firewalls have also seen relatively high levels of adoption.

But the survey data also serves to highlight the number of businesses that remain at risk, when the inevitable occurs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

July 27, 2022/by John Murray

Data Protection, Mobile Workforce, Security

Working remotely? Follow these cybersecurity tips

Working from home is becoming an increasingly popular option for employees around the world. While this flexible work arrangement can be a great perk for employees, it also comes with its own set of security risks. Follow these cybersecurity tips so you can protect yourself, your personal information, and your company’s data while telecommuting.

Patch your software regularly

Although installing software updates can be a major nuisance, these updates generally address critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and roll out the most recent updates on a company-wide scale.

Fortify your accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all of your accounts, consider using password managers like LastPass, Dashlane, and Keeper.

To further strengthen your accounts, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes sent through SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily used to circumvent geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy and mitigating the risk of hackers stealing company information.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll want to implement antivirus software to detect and remove any malicious programs that manage to infiltrate your device. Just remember to constantly update the software so it can effectively detect the newest malware strains.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change the default router password immediately after setting it up because hackers can easily look up the password online once they know your router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have WPA2, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like a ransomware attack or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, you should never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with enabling MFA, setting up firewalls, and even avoiding scams, we can provide the IT support you need.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

June 7, 2022/by John Murray

Data Protection, Security

Think your password is secure? Think again

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe, including using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers’ attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

Single sign-on – allows users to securely access multiple accounts with one set of credentials
Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

September 21, 2021/by John Murray

Cloud Computing, Office 365

7 Ways to boost data protection in Microsoft 365

More than just offering apps and cloud services designed to boost productivity, Microsoft 365 also provides robust security tools for protecting data from loss and theft. Make the most out of these tools and ensure data security by following these tips.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.