password

Many businesses use email to send and receive sensitive information, making it an attractive target for cyberattacks. To reduce your exposure to cyberthreats, implement the following email security measures. Use separate email accounts Most people use a single email account for all their online tasks. As a result, all information from websites, newsletters, shopping deals, […]

The post How to keep your email account safe appeared first on Complete Technology Resources, Inc..

04 Oct, 2021 / by Complete Technology Resources / in 2021october4security_b, email account, email security, password, phishing, Security category

Many businesses use email to send and receive sensitive information, making it an attractive target for cyberattacks. To reduce your exposure to cyberthreats, implement the following email security measures.

Use separate email accounts

Most people use a single email account for all their online tasks. As a result, all information from websites, newsletters, shopping deals, and messages from work gets sent to one inbox. But what happens when someone breaks into that email account? Hackers could gain access to all the stored information and connected online accounts and use these in fraudulent dealings.

To prevent this from happening, create separate email accounts: a personal account to communicate with your friends and family, and a professional email account solely for work-related tasks.

Set strong passwords

Some email users often overlook the importance of having strong email account passwords. You might be surprised to learn how many people use weak passwords like “123456,” “qwerty,” and “password” and reuse passwords across multiple accounts. To keep all password-protected accounts safe, use strong passphrases that are unique to every account.

You should also consider enabling multifactor authentication. This creates an extra layer of security by requesting another method to verify your identity, like a fingerprint scan or an answer to a security question.

Beware of email attachments and embedded links

When you see a link in an email, don’t click on it unless you’ve verified its authenticity. You never know where those links might lead you. Sometimes they are safe, but other times they can infect your computer with malware or send you to a compromised website.

Be wary of downloading and opening email attachments as well. If the attachment is coming from strange email account names such as “@yahoo6753.com,” then it's likely unsafe.

Watch out for phishing scams

In phishing scams, cybercriminals pretend to be someone else — commonly high-profile companies like Amazon, Facebook, or Bank of America — to trick you into performing actions that enable them to breach your accounts. They typically write emails intended to elicit panic, such as claiming that there’s an issue with your account and that you should send them information or click on a link to “confirm” your personal details. This link will either install malware on your device or lead you to a fraudulent site.

It’s important to remember that legitimate companies would never ask such requests over email. If you get those types of messages, contact the company directly through a verified website or phone number — not the contact details in the email.

Monitor account activity

Periodically watch over your account activity. Check for any suspicious activities in your logs, such as unusual devices and IP addresses that have accessed your account. These indicate that hackers may have successfully broken into your account. If this is the case, sign out of all web sessions and change your password as soon as possible.

Encrypt emails

Email encryption ensures that any message you send can’t be understood by unauthorized users, even if they manage to intercept it.

Keep all email security software up to date

Install the latest updates for your anti-malware, firewalls, and email security software. This will filter potential email scams and fix any vulnerabilities that hackers could exploit.

Implementing multiple email security measures can be daunting, but with our help, you can rest easy knowing that your email accounts will be protected from various cyberthreats. Talk to us today for all your cybersecurity needs.

Published with permission from TechAdvisory.org. Source.

The post How to keep your email account safe appeared first on Complete Technology Resources, Inc..

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are. The problem The issue isn’t that the NIST advised people to create easy-to-crack […]

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

10 Sep, 2021 / by Complete Technology Resources / in 2021september10security_b, account monitoring, multifactor authentication, passphrases, password, password security, Security, security best practice, single sign-on category

It’s time to rethink your password strategy

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers' attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

Single sign-on – allows users to securely access multiple accounts with one set of credentials
Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

Published with permission from TechAdvisory.org. Source.

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

Lax bring your own device (BYOD) policies are a growing concern for businesses. If you're not managing your organization's BYOD policy properly, it can pose a host of security risks to your company. Below are some of the inherent security risks of BYOD. Loss or theft of devices – Employees often bring their personal devices […]

The post BYOD tips to improve security appeared first on Complete Technology Resources, Inc..

30 Jul, 2021 / by Complete Technology Resources / in 2021july30security_b, access restriction, bring your own device, byod, data backup, device security, it management, password, Security, security training category

Lax bring your own device (BYOD) policies are a growing concern for businesses. If you're not managing your organization's BYOD policy properly, it can pose a host of security risks to your company. Below are some of the inherent security risks of BYOD.

Loss or theft of devices – Employees often bring their personal devices wherever they go. This means there’s a higher chance of devices, as well as the data stored in them, being lost or stolen.
Man-in-the-middle (MITM) attacks – Cybercriminals can intercept information transmitted from employees’ devices if these are connected to poorly secured public Wi-Fi networks.
Jailbroken devices – Jailbreaking is the process of removing the restrictions imposed by the manufacturer of a device, typically to allow the installation of unauthorized third-party software. This increases the risk of an employee inadvertently installing malicious software on a personal device.
Security vulnerabilities – If employees have outdated operating systems and software on their devices, cybercriminals can exploit unpatched vulnerabilities to gain unfettered access to company systems
Malware – A personal device that has been infected with malware can spread that malware to other devices that are connected to the company network and cause data loss and downtime.

To mitigate these risks, you must devise a BYOD security policy that works for the needs of your business as well as the needs of your employees. Here’s what you need to do:

1. Set passwords on all BYOD devices

Prevent unauthorized access to company data by enforcing the use of passwords on all employee devices and accounts. Passwords should be unique; contain letters, numbers, and symbols; and are at least 12 characters long. It’s also a good idea to implement multifactor authentication to add another method of identity verification such as fingerprint scans or temporary passcodes sent via email.

2. Blacklist unsanctioned applications

Blacklisting involves prohibiting the installation of certain applications on BYOD devices that are used for work purposes. This includes applications like games, social networking apps, and third-party file sharing platforms. The simplest way to blacklist applications is through a mobile device management platform that enables IT administrators to secure and enforce policies on enrolled devices.

3. Restrict data access

Adopt the principle of least privilege on both BYOD and company devices. This means that a user is able to access only the data and software required to do their job. This can reduce the effects of certain types of malware and limit the fallout in the event of a data breach.

4. Invest in anti-malware software

Anti-malware software identifies and removes malware before they cause irreparable harm to a device. The best anti-malware programs are often backed by the latest threat intelligence databases and use behavior-based detection techniques to pick up any traces of malware.

5. Backing up device data

A well-thought-out BYOD policy can go a long way toward minimizing the risk of a security breach, but if something manages to slip past your defenses, you need to have backups prepared. Back up your data in off-site servers and in the cloud to ensure that any data stored locally on a device can be quickly recovered.

6. Educate your staff about security

The vast majority of BYOD-related security risks involve human error. This is why you should educate your employees about proper mobile safety. Train them on spotting apps that could contain malware, sharing security threat updates, and securing their devices beyond enabling default security settings.

You should also approach us if you need assistance with protecting your BYOD environment. As a professional managed IT services provider, we keep tabs on the latest trends and innovations related to BYOD and will recommend solutions that work for your company. Contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

The post BYOD tips to improve security appeared first on Complete Technology Resources, Inc..

Losing or compromising data can be disastrous for your business. It can lead to reputational damage, costly lawsuits, and termination of contracts, among others. And because threats to data security are always present online, it's important to implement tough security measures that will keep your business data safe 24/7. Here are some tried-and-tested methods to […]

The post Tips to keep your business data safe appeared first on Complete Technology Resources, Inc..

14 Jul, 2021 / by Complete Technology Resources / in 2021july14security_b, backup, data breach, encryption, hacker, password, securing data, Security, update category

Losing or compromising data can be disastrous for your business. It can lead to reputational damage, costly lawsuits, and termination of contracts, among others. And because threats to data security are always present online, it's important to implement tough security measures that will keep your business data safe 24/7. Here are some tried-and-tested methods to safeguard your corporate data.

Use two-factor authentication

Using a complicated password to secure your system is not an effective way to level up your cybersecurity. That's because having to memorize a difficult password often pushes users to set that same complex password for multiple accounts. And if a hacker gets a hold of a recycled password, there’s a high probability that they could access all your accounts that use that same password.

Two-factor authentication (2FA) adds an extra layer of security to your systems and accounts. 2FA comes in many forms: it can be a biometric verification in the devices that you own or a time-sensitive auto-generated code sent to your mobile phone. This security feature works similarly to how websites would require you to confirm your email address to ensure that you are not a bot.

Encrypt all data

Encryption is an effective obstruction to hackers, since it scrambles and descrambles data every time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via a company’s own network systems. While applying encryption can be expensive, it is certainly well worth the money because it protects your data in case it falls into the wrong hands.

Keep systems up to date

Hackers are always upgrading their tools to take advantage of outdated security systems, so companies should keep up to protect their valuable technology resources. Many companies don’t install software updates immediately, and that’s a huge problem. Updates often close existing security loopholes, which is why delayed installation can mean exposing your systems to external attacks. Keep your data safe by installing software updates as soon as they are released.

Back up frequently

Implementing several layers to your security doesn’t ensure that hackers won’t find their way into your systems. This is why you need to back up data frequently, whether it’s on-site, off-site, or by way of cloud backups. In the worst-case scenario where your systems do get infiltrated, you can restore lost data from your backups.

Monitor connectivity

Many businesses have no idea how many of their devices are connected online at a given time, so it’s very hard for them to keep track of which of these should actually be online. Sometimes, a company’s computers and servers are online when they don’t need to be, making these tempting and easy targets for attackers. It’s advisable to configure business servers properly to guarantee that only necessary machines are online and that they’re well-protected at all times.

It’s much more expensive to recover from a data breach than to prevent one. If you’re looking to protect your business IT systems from potential threats, contact us today so we can help.

Published with permission from TechAdvisory.org. Source.

The post Tips to keep your business data safe appeared first on Complete Technology Resources, Inc..

Use separate email accounts

Set strong passwords

Beware of email attachments and embedded links

Watch out for phishing scams

Monitor account activity

Encrypt emails

Keep all email security software up to date

The problem

The solution

1. Set passwords on all BYOD devices

2. Blacklist unsanctioned applications

3. Restrict data access

4. Invest in anti-malware software

5. Backing up device data

6. Educate your staff about security

Use two-factor authentication

Encrypt all data

Keep systems up to date

Back up frequently

Monitor connectivity

About CTR

Latest Post

Arizona:

Connecticut:

Massachusetts:

Contact Information: