Posts

Some of the most well-known companies in the world, including Sony Pictures, Home Depot, Adobe, and eBay, have been victims of cyberattacks. While major corporations like these are high-profile targets for hackers, small- and medium-sized businesses are not exempt from data breaches. And because it may be difficult or impossible to undo any damage caused by cybercriminals, it’s imperative for any business — regardless of their size — to take steps to fortify their systems. The following security tips can help guard company data.

Use two-factor authentication

Using a complicated password to secure your system is not an effective way to level up your cybersecurity. That’s because having to memorize a difficult password often pushes users to set that same complex password for multiple accounts. And if a hacker gets a hold of a recycled password, there’s a high probability that they could access all your accounts that use that same password.

Two-factor authentication (2FA) adds an extra layer of security to your systems and accounts. 2FA comes in many forms: it can be a biometric verification in the devices that you own or a time-sensitive auto-generated code sent to your mobile phone. This security feature works similarly to how websites would require you to confirm your email address to ensure that you are not a bot.

Encrypt all data

Encryption is an effective obstruction to hackers, since it scrambles and descrambles data every time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via a company’s own network systems. While applying encryption can be expensive, it is certainly well worth the money because it protects your data in case it falls into the wrong hands.

Keep systems up to date

Hackers are always upgrading their tools to take advantage of outdated security systems, so companies should keep up to protect their valuable technology resources. Many companies don’t install software updates immediately, and that’s a huge problem. Updates often close existing security loopholes, which is why delayed installation can mean exposing your systems to external attacks. Keep your data safe by installing software updates as soon as they are released.

Back up frequently

Implementing several layers to your security doesn’t ensure that hackers won’t find their way into your systems. This is why you need to back up data frequently, whether it’s on-site, off-site, or by way of cloud backups. In the worst-case scenario where your systems do get infiltrated, you can restore lost data from your backups.

Monitor connectivity

Many businesses have no idea how many of their devices are connected online at a given time, so it’s very hard for them to keep track of which of these should actually be online. Sometimes, a company’s computers and servers are online when they don’t need to be, making these tempting and easy targets for attackers. It’s advisable to configure business servers properly to guarantee that only necessary machines are online and that they’re well-protected at all times.

It’s much more expensive to recover from a data breach than to prevent one. If you’re looking to protect your business IT systems from potential threats, contact us today so we can help.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

authentication

A secure login process is an excellent way to protect your business from cybercriminals.
When it comes to verifying user identity, you can choose between two-step authentication and two-factor authentication. Learn the difference between the two so you can have a better appreciation of your cybersecurity options.
If you want to improve your business’s cybersecurity, you should take a closer look at your authentication process. Two-step and two-factor authentication are two of the most commonly used authentication methods. Many businesses use the terms two-step and two-factor authentication interchangeably, but there are subtle differences between the two.

Two-step authentication

A two-step authentication process requires a single-factor login (such as a password or biometric reading) as well as another similar type of login credential that a user must provide. This process typically requires entering a password for the first step and entering another security code for the second step, which may be accomplished by providing a one-time code generated by an authenticator app such as Google Authenticator.

Two-step authentication adds an extra step in the verification process, making it more secure than single-step authentication (i.e., providing only a password). However, if a person or business is hacked, it won’t be enough to stop hackers from getting a hold of whatever they are looking for.

Two-factor authentication

Two-factor authentication, a subset of multifactor authentication, is significantly more secure than two-step authentication. This type of authentication requires two different types of information to authenticate a user’s identity. For example, it could be a combination of a fingerprint or retinal scan as well as a password or passcode. Because of the additional authentication information required, hackers would have great difficulty breaking into a network using a two-factor authentication system.

Which one is better?

Relying on a single-factor authentication process is no longer sufficient in ensuring the safety of your network. Securing the authentication process and making it difficult for cybercriminals to access your network should be on top of your priorities. Deciding whether to use two-step or two-factor authentication largely depends on your business’s specific security requirements. To take the stress out of securing and protecting your network, call us today for expert cybersecurity advice.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org  SOURCE

Password Security

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe — using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the strings of characters and numbers could easily be compromised by hackers using common algorithms.

What’s more, the NIST also recommended that people change their passwords regularly, but did not specify how and when to change them. Since many people thought their passwords were already secure because they’ve included special characters in them, most only added or changed one character.

The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that this can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication in login policies.

This requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.

You should also enforce the following security solutions within your company:

  • Single sign-on – allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

In the past couple of months, just about everyone has been forced to shift priorities. If you’re like many business owners, you are intently focused on pivoting your business to accommodate today’s “new normal.” In fact, you are probably investing so much of your time in trying to retain your customers and generate new cash flow that you barely have time to even think about cyber security.

The problem is that cybercriminals and hackers know there’s no better time to strike than during a global crisis. In fact, they’re probably working overtime to craft new malware while the rest of us are trying to manage how our lives have been turned upside down. While you are so focused on your business, these cyber thugs are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

Cybercrime is already on the rise and is expected to cause $6 trillion in damages by 2021! But, if history repeats itself, you can bet hackers are already out in full force right now. We’ve already seen how headlines are changing from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement during these crazy times to help protect your business data, money and productivity:

  • Be more suspicious of incoming e-mails.

Because people have been scared, confused and not really focused for a while now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. You probably have received a bunch of COVID-19-focused emails. Always carefully inspect the e-mail and make sure you know the sender. There has already been a CDC-gov e-mail address out there that’s not legitimate and has spammed inboxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

  • Ensure your work-from-home computers are secure.

Another reason to expect a rise in cyber-attacks during these times is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, make sure your employees and contractors are not using their home computers or devices when working. Second, ensure your work-at home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a virtual private network (VPN). If you need help in arranging or improving your new work-from-home environment, we would be happy to get your entire team set up. Our goal is always to help your business to thrive with greater cyber security and superior technology that improves efficiency.

  • Improve your password strategy.

During crises like this one, your passwords could mean the difference between spending your time working to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security.

You, your team and your family have enough to concern yourselves with at the moment. There’s no need to invite in more problems by letting your computer and network security slide during these times.

While this coronavirus scare has negatively affected countless businesses, we are proud to say we are open and continuously servicing our customers. If you need additional security advice or would like to have a consultation to discuss how to keep your data safe or how we can help you work more effectively, simply connect with us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE