Posts

Password Security

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe — using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the strings of characters and numbers could easily be compromised by hackers using common algorithms.

What’s more, the NIST also recommended that people change their passwords regularly, but did not specify how and when to change them. Since many people thought their passwords were already secure because they’ve included special characters in them, most only added or changed one character.

The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that this can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication in login policies.

This requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.

You should also enforce the following security solutions within your company:

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

In the past couple of months, just about everyone has been forced to shift priorities. If you’re like many business owners, you are intently focused on pivoting your business to accommodate today’s “new normal.” In fact, you are probably investing so much of your time in trying to retain your customers and generate new cash flow that you barely have time to even think about cyber security.

The problem is that cybercriminals and hackers know there’s no better time to strike than during a global crisis. In fact, they’re probably working overtime to craft new malware while the rest of us are trying to manage how our lives have been turned upside down. While you are so focused on your business, these cyber thugs are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

Cybercrime is already on the rise and is expected to cause $6 trillion in damages by 2021! But, if history repeats itself, you can bet hackers are already out in full force right now. We’ve already seen how headlines are changing from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement during these crazy times to help protect your business data, money and productivity:

  • Be more suspicious of incoming e-mails.

Because people have been scared, confused and not really focused for a while now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. You probably have received a bunch of COVID-19-focused emails. Always carefully inspect the e-mail and make sure you know the sender. There has already been a CDC-gov e-mail address out there that’s not legitimate and has spammed inboxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

  • Ensure your work-from-home computers are secure.

Another reason to expect a rise in cyber-attacks during these times is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, make sure your employees and contractors are not using their home computers or devices when working. Second, ensure your work-at home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a virtual private network (VPN). If you need help in arranging or improving your new work-from-home environment, we would be happy to get your entire team set up. Our goal is always to help your business to thrive with greater cyber security and superior technology that improves efficiency.

  • Improve your password strategy.

During crises like this one, your passwords could mean the difference between spending your time working to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security.

You, your team and your family have enough to concern yourselves with at the moment. There’s no need to invite in more problems by letting your computer and network security slide during these times.

While this coronavirus scare has negatively affected countless businesses, we are proud to say we are open and continuously servicing our customers. If you need additional security advice or would like to have a consultation to discuss how to keep your data safe or how we can help you work more effectively, simply connect with us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE