multifactor authentication

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are. The problem The issue isn’t that the NIST advised people to create easy-to-crack […]

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

10 Sep, 2021 / by Complete Technology Resources / in 2021september10security_b, account monitoring, multifactor authentication, passphrases, password, password security, Security, security best practice, single sign-on category

It’s time to rethink your password strategy

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers' attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

Single sign-on – allows users to securely access multiple accounts with one set of credentials
Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

Published with permission from TechAdvisory.org. Source.

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

Because Microsoft understands the value of business data and the costs associated with data loss and theft, the technology company offers powerful security tools for Microsoft 365 subscribers. However, for these tools to be truly effective, users must implement the following practices to further protect their data. Take advantage of policy alerts Establish policy notifications […]

The post Safeguard your Microsoft 365 data with these tips appeared first on Complete Technology Resources, Inc..

30 Jun, 2021 / by Complete Technology Resources / in 2021june30office_b, access management, calendar sharing, compliance, data security, encryption, microsoft 365, mobile device management, multifactor authentication, Office, policy alerts, session timeouts category

Safeguard your Microsoft 365 data with these tips

Because Microsoft understands the value of business data and the costs associated with data loss and theft, the technology company offers powerful security tools for Microsoft 365 subscribers. However, for these tools to be truly effective, users must implement the following practices to further protect their data.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since employees often use personal smartphones or computers to access their work email, calendar, contacts, and documents — especially if they’re working remotely — securing employee-owned devices should be a critical part of protecting your organization’s data. Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multifactor authentication

Relying on a single password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Instead, enable multifactor authentication (MFA). MFA requires users to supply additional credentials on top of a password before they can access their accounts. This makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity, preventing hackers from taking over users’ devices and accessing private information.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Give us a call today — our team of experts are here to help.

Published with permission from TechAdvisory.org. Source.

The post Safeguard your Microsoft 365 data with these tips appeared first on Complete Technology Resources, Inc..

Most, if not all, cybersecurity experts believe that anything connected to the internet can be hacked. So with the increasing popularity of the Internet of Things (IoT) and IoT devices in the healthcare industry, it’s only wise that organizations understand and address the risks associated with the ubiquity of IoT. Computing devices that contain a […]

The post Tips to reduce IoT-related risk in the healthcare industry appeared first on Complete Technology Resources, Inc..

18 Jun, 2021 / by Complete Technology Resources / in 2021june18healthcare_b, electronic healthcare records, encryption, healthcare, internet of things, intrusion prevention systems, iot, mfa, multifactor authentication, Security category

Tips to reduce IoT-related risk in the healthcare industry

Most, if not all, cybersecurity experts believe that anything connected to the internet can be hacked. So with the increasing popularity of the Internet of Things (IoT) and IoT devices in the healthcare industry, it’s only wise that organizations understand and address the risks associated with the ubiquity of IoT.

Computing devices that contain a treasure trove of patient data are attractive targets for cybercriminals. Healthcare apps, for instance, hold plenty of sensitive information, such as Social Security numbers, prescriptions, and medical histories. Should hackers ever get a hold of this information, they could resell it on the dark web or use it to steal their victim's identity. They could even use this information to gain direct control over other IoT equipment, which would lead to even bigger consequences.

Similarly, hackers could exploit vulnerable medical devices to infiltrate even the most secure networks. They could use compromised IoT devices to sneak ransomware and other types of malware into a network, causing service disruptions and preventing practitioners from providing responsive treatment.

To effectively defend against IoT-related risks in your healthcare practice, consider the following:

Use multifactor authentication (MFA)

MFA requires users to provide more information than just their username and password to prove their identity, such as a password or PIN, an SMS code, or a fingerprint or retina scan. By enabling MFA on your networks and devices, hackers will have a harder time accessing your accounts and sensitive data.

Encrypt your data

Another way to protect your business and your patients from a massive data breach is through encryption. Encrypting electronic health records while they’re being transmitted or kept in storage prevents hackers from intercepting and reading confidential information.

If possible, everything that is transmitted across your network should be encrypted automatically to secure communications between IoT devices.

Install intrusion prevention systems

Since most IoT attacks are delivered via the internet, intrusion prevention systems are crucial to identifying and blocking unauthorized connections to your network. When you install intrusion prevention systems, hackers who try to remotely access or shut down your IoT equipment will be stopped before they damage your systems.

Security updates

Last but not least, IoT manufacturers regularly release security patches for their gadgets. Get in the habit of downloading these updates as soon they’re rolled out, or program your devices to automatically download and update themselves to ensure their safety from the latest threats.

When it comes to security, healthcare institutions have their work cut out for them. But whether you’re dealing with hardware security, data privacy, or regulatory compliance, it’s a good idea to partner with a managed IT services provider that specializes in helping the medical industry.

Call us today to discover how we can better protect you and your patients.

Published with permission from TechAdvisory.org. Source.

The post Tips to reduce IoT-related risk in the healthcare industry appeared first on Complete Technology Resources, Inc..

Never let your guard down when you’re on social media! Malicious hackers are becoming better at stealing your personal information, so keep these reminders and tips in mind to remain safe while you’re on platforms like Facebook and Twitter. Lock screens exist for a reason Always lock all your devices as soon as you stop […]

The post Use these tips to stay safe on Facebook and Twitter appeared first on Complete Technology Resources, Inc..

23 Apr, 2021 / by Complete Technology Resources / in 2021april23security_b, android, apps, Facebook, ios, login, multifactor authentication, privacy, Security, settings, twitter category

Use these tips to stay safe on Facebook and Twitter

Never let your guard down when you’re on social media! Malicious hackers are becoming better at stealing your personal information, so keep these reminders and tips in mind to remain safe while you’re on platforms like Facebook and Twitter.

Lock screens exist for a reason

Always lock all your devices as soon as you stop using them. This way, you are safe from the simplest hack of all: someone opening a social media site on your browser while you’re still signed in.

In case you didn’t know, here’s how to lock your computer:

On Macs:

Press Ctrl+Command+Q.
Click the Apple logo on the top left corner of the screen, and click Lock screen.

On Windows devices:

Press Windows key+L.
If there are multiple users using the device, click the Start button on the bottom left corner of the screen, then select User > Lock.

Strong passwords aren't out of fashion — yet

A six-digit passcode may be enough to secure your phone, but you’ll need something much more complicated for your social media account passwords. Create a password that you don’t use for any other account because with the regular occurrence of data breaches, hackers probably already have a long list of your favorite passwords from other websites and platforms.

It is best to use a password manager like 1Password, LastPass, or Dashlane. These allow you to generate, save, and retrieve complex passwords.

You can also enable multifactor authentication, which requires users to fulfill at least one more identity verification step after entering their username and password. The extra step or steps can be getting your fingerprint scanned or entering a one-time passcode on an authentication app. Even if hackers have your password, they won’t be able to log in without the additional authentication requirements.

Make use of social media features

Facebook can help you monitor who’s accessing your account and from where. On a Mac or Windows computer, click on the down arrow located at the upper right corner of your Newsfeed and select Settings and Privacy. Then click Settings > Security and Login to get more information.

Under the section Where You're Logged In, you’ll see a list of the places and devices you’re logged into. If you don’t recognize a particular location or device, that means someone else has logged in as you and is likely doing things you do not approve of. You need to log them out forcibly (by clicking the ellipsis on the row indicating the malicious login and click Not you?) and then report the incident immediately.

Then, under Setting Up Extra Security, turn on Get alerts about unrecognized logins. Unfortunately, as of this writing, Twitter doesn’t have the same option. This makes implementing multifactor authentication even more necessary.

Hackers can also take over your Facebook and Twitter accounts through third-party services to which you’ve given access to your profiles, so make sure to double-check what you have approved. Here’s what you need to do:

Facebook: Go to Settings > Apps and Websites to view and manage third-party services that use Facebook to log you into the accounts you have with them.
Twitter: Go to Settings and Privacy > Apps to check and edit the list.

Lastly, check the permissions Facebook and Twitter have on your smartphone or tablet.

Android: Go to Settings > Apps > App permissions.
iOS: Go to Settings > Privacy to manage which service can access which parts of your phone (such as the camera and speaker).

Less personal info, fewer problems

These steps are just the beginning of what you should be doing. You should also limit the personal data you share on your social media accounts. Avoid oversharing.

By following these tips, you can significantly prevent Facebook and Twitter hacking.

Cybersecurity is a sprawling issue — and social media privacy is but one of the many things you need to stay on top of. For 24/7 support, call our team of experts today.

Published with permission from TechAdvisory.org. Source.

The post Use these tips to stay safe on Facebook and Twitter appeared first on Complete Technology Resources, Inc..

The problem

The solution

Use multifactor authentication (MFA)

Encrypt your data

Install intrusion prevention systems

Security updates

About CTR

Latest Post

Arizona:

Connecticut:

Massachusetts:

Contact Information: