Tag Archives: password

Cloud Computing: Good, Bad & Ugly

18 Jan 17
lverbik
, , , , , , , , , , , , , , ,
No Comments

When a network of IT gadgets like routers, DVR machines and closed-circuit TVs can take down hardened, well-provisioned Internet giants like Twitter, Spotify and Amazon – as happened last October – you’ve got to think twice before moving your data to the cloud.

Yes, a move to the cloud can yield big payoffs in terms of cost savings, increased efficiency, greater flexibility, collaboration for your workforce and more. Yet there is a dark side. It would be naive to think otherwise. Your choices about whether and how to use cloud technology in your network merits serious consideration.

So, just what is “the cloud”?

Instead of constantly buying new equipment and software, cloud computing allows you to pay for just what you need. Just as with a utility company, you get software and storage on a monthly basis, with no long-term contracts. Chances are, most of the software you now use is cloud-based. You simply access it on a pay-as-you-go basis.

Similarly, you can store data in the cloud, where it can be easily accessed when you need it. This reduces the need to buy and manage your own backup gear and software, thus reducing overhead. Yet, as with any major decision, it’s critical to be aware of both the benefits and pitfalls of putting your company’s data in the cloud.

The Pros

There are three major advantages offered by cloud computing:

  1. Scaling up or down can be done without major investment or leaving excess capacity idle. It also enables your entire workforce to get more done, where and when they need to.
  1. With data and software in a shared cloud environment, staff can collaborate from anywhere. Everything from HR to accounting, and from operations to sales and customer relations, can be managed from diverse and mobile environments, giving your team greater power to collaborate effectively.
  1. Disaster Recovery. Typically, data stored in the cloud can be easily retrieved in the event of a disaster. It also augments local backup and recovery systems, adding protective redundancy.

The Cons

While the cloud offers obvious benefits, it also increases your company’s potential “attack surface” for cybercriminals. By spreading your communications and access to data beyond a safe “firewall,” your network is far more exposed to a whole bevy of security concerns. Many of them can be addressed with these three best practices:

  1. Social Engineering Awareness. Whether you go cloud or local, the weakest link in your network is not in your equipment or software; it’s in the people who use them. Cybercriminals are aware of this fact. And you can count on them to come up with an endless variety of ways to exploit it. One day it’s a phone call ostensibly from your IT department requesting sensitive data, the next it’s an e-mail that looks official but contains malicious links. Make sure your employees are aware of and trained to deal with these vulnerabilities.
  1. Password Security and Activity Monitoring. Maintaining login security is absolutely critical any time you’re in a cloud environment. Train your staff in how to create secure passwords and implement two-factor authentication whenever possible. Take advantage of monitoring tools that can alert you to suspicious logins, unauthorized file transfers and other potentially damaging activity.
  1. Anti-Malware/Antivirus Solutions. Malicious software allows criminals to obtain user data, security credentials and sensitive information without the knowledge of the user. Not only that, some purported anti-malware software on the market is actually malware in disguise. Keep verifiable anti-malware software in place throughout your network at all times, and train your employees in how to work with it.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.

Why and How to Get Password-Smart NOW!

18 Aug 15
lverbik
, , , , , , , , , , , , ,
No Comments

It seems the more we advance technologically and the more we rely on the security of our online accounts, the harder it gets to keep them secure. As fast as new protection is created, hackers find ways to crack the code. How to keep your passwords secure as your front line of defense? We need to be smart about it. Here are some ways:

  1. Change your flippin’ passwords! An online survey reported in a Dell Power More article found half of all passwords were more than 5 years old! A whopping 77% had not changed their password in at least one year. And even scarier, 21% use passwords they created more than 10 years ago! Come on, people.
  2. Don’t use duplicate passwords on multiple accounts. The same article states that 73% of you are doing this. You must realize that when a hacker cracks your password code, they then have access to ALL of the accounts you are “protecting” with that password.
  3. Use password management tools, like Last Pass, or those built into browsers like Chrome. Though this is not 100% safe from a hack attack (as we experienced a couple of months ago), it is still one of the best ways to add a strong layer of protection to your accounts and allow you to need only remember one master password.
  4. Be random. The more random the password, the more secure. People often create easy to use and remember passwords like Il0vemyd0g! but thieves know these patterns and can quickly generate these passwords to gain entry to your accounts. Using nonsensical passwords is a strong protection. Some password management tools like last pass will even generate them for you.
  5. Use two-step verification (aka two-factor authentication). They may be able to get past a password, but if you have two-step verification required, this means you must also provide a second bit of personal data to access your account. It might be an email or text sent to you with a code. This type of tool is good especially for sensitive accounts like banking and credit cards.
  6. Use password recovery. You’re going to need a lot of passwords if you’re the average user with 24 online accounts. And many companies will make you change your password frequently. You’re going to forget–let’s just agree to that. So use password recovery options to retrieve them. Some let you validate an account through a code sent to you via text message or a phone number you call to give personal information only you would know. Always think in terms of backup when it comes to securing your accounts.

We’ve got to be smart to outsmart our foes. It takes a little extra effort, but well worth the peace of mind knowing your precious personal data is safe. We hope these tips will give you new ways to combat the enemy.

What other tools or ideas do you have to protect your online accounts? We’d like to share those here. If you need help setting up a secure online defense, talk to us at TechnoAdvantage. We’re in the business of helping you do business smarter.

Protecting Your Data – Is your password strong enough?

18 Aug 14
lverbik
, , , , , , , , , ,
No Comments

Information security is an ongoing process, not something you do once and then forget about, right?

Right!  If you’re still keeping all your original passwords in a small dusty notebook on the corner of your desk…it’s time to rethink.

 

You’ll be relieved to know there are some really good online password management solutions you can use.  Passwordbox.com, Lastpass.com and Dash

The single best way to reduce the risk that hackers have zeroed in on your online credentials is to change passwords on a regular basis. As an extra precaution, you could create a distinct password for each website.  This lessens the chances that a crook could tap into all of a person’s web-based accounts, especially bank accounts.  Consumers could for example, preface an easy to remember password with the name of the store, such as “amazon_Zulu58!”lane.com can help computer users develop stronger passwords that are kept in a virtual vault, of sorts.  That way unencrypted data doesn’t stay in the user’s browser cache.  Some sites also have a repository for credit card numbers.

“Proceed with Caution”  is a good general rule of thumb to remember whenever you’re opening attachments, making purchases or logging in to a site.  Some local Indiana banks and businesses have been breached when the hacker sends an e-mail to an employee that contains a malicious attachment.  A single careless click installs key-logging software that harvests passwords.  Clever hackers may even go so far as figuring out a professional organization to which an employee belongs and creating custom e-mails to entice the reader to open and click.

While some online retail sites appear slick and compelling for consumers – often times they are traps for stealing consumer data.  Be cautious of sites that lack basics such as a phone number or office address on the site.  Also, look for whether it is a member of the Better Business Bureau or whether it has been reviewed or recognized by industry publications that might attest to the site’s authenticity.  When placing online orders, consumers also should watch that the URL on the browser indicates that the data is encrypted, such as displaying https: rather than http:.

Much of the earlier hacking focused on financial companies. But as those systems have been strengthened, hackers are turning to less robust systems operated by hospitals, small retailers and other industries.

Here are six keys to help keep your information secure:

1)      Use a different password for every website you visit.  We know it seems like password overload but it is a lot less work than dealing with getting hacked.

2)      Use a combination of upper case, lower case, numbers and symbols.  The more original you are the better.

3)      Change your passwords every three months.

4)      If it’s hard to remember all your passwords, try a password manager.  With most password managers, you have to put in a master password every time you want to use it, so it keeps hackers out.

5)      Make sure your computer has an anti-virus program.  Several companies such as Avast, McAfee, Webroot and Kaspersky offer suites of protection.

6)      Set-up two step log-ins.  Two step authentication asks you to sign in with your password, and then add a second sign-in – a numeric code sent by text, e-mail or a phone call.  Think of it as a double password.

 

Have questions?  Jay and his team at Techno Advantage want to help you ensure that you’re protected.  Click here to contact a Techno Pro!

**Don’t forget – Windows Server 2003 will officially be unsupported on July 14, 2015. **

Contact Techno Advantage for more information on migration solutions.  317.857.0150