Security - Part 13

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe — using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you. The problem The issue isn’t […]

The post Think your password is secure? Think again appeared first on Complete Technology Resources, Inc..

07 Aug, 2020 / by Complete Technology Resources / in 2020august07security_b, account monitoring, multi-factor authentication, passphrases, password, password security, Security, security best practice, single sign-on category

Think your password is secure? Think again

The National Institute of Standards and Technology (NIST) created many of the password best practices you probably loathe — using a combination of letters, numbers, and special characters. The NIST now says those guidelines were ill-advised and has changed its stance. Find out why and what this means for you.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the strings of characters and numbers could easily be compromised by hackers using common algorithms.

What’s more, the NIST also recommended that people change their passwords regularly, but did not specify how and when to change them. Since many people thought their passwords were already secure because they’ve included special characters in them, most only added or changed one character.

The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that this can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication in login policies.

This requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.

You should also enforce the following security solutions within your company:

Single sign-on – allows users to securely access multiple accounts with one set of credentials
Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

Published with permission from TechAdvisory.org. Source.

The post Think your password is secure? Think again appeared first on Complete Technology Resources, Inc..

Businesses these days need different kinds of software to streamline and improve their operations. However, a lot of small businesses can’t readily afford these software. But there is a way to harness the power of such software without draining your resources. Learn more about Software-as-a-Service (SaaS), and how your business can benefit from it. What […]

The post Why your business should get SaaS-y appeared first on Complete Technology Resources, Inc..

27 Jul, 2020 / by Complete Technology Resources / in 2020july27web & cloud_b, cloud, data, saas, Security, software as a service, Web & Cloud category

Businesses these days need different kinds of software to streamline and improve their operations. However, a lot of small businesses can’t readily afford these software. But there is a way to harness the power of such software without draining your resources. Learn more about Software-as-a-Service (SaaS), and how your business can benefit from it.

What is SaaS and what makes it appealing?

SaaS is a software delivery model that allows you, the user, to access software from any device through the internet. This gives you more flexibility since you don’t have to go to the office to use the software. You can work from anywhere as long as you can go online.

As opposed to a traditional on-premises setup where software is stored locally, SaaS is hosted in the cloud. By transferring software hosting to a third party, you’re outsourcing all the responsibilities that come with maintenance, such as upgrades and troubleshooting. In a way, getting SaaS is like renting a car: somebody else owns and spends for upkeep of the vehicle, but you get to drive it.

Shifting software ownership away from your business also changes how much you spend on it. With on-premises software, you purchase a license and pay yearly support fees, which can amount to 22% of the price of license fees (ouch!). With SaaS, you pay a monthly or annual subscription fee that covers licenses, support, and other fees. This is better since it allows you to spread out costs on a monthly basis, instead of purchasing expensive licenses outright and ending up with a huge maintenance bill every year.

Will my data be safe?

Some companies hesitate to switch to SaaS because of data security concerns. Who will own my data? Will my data be safe? What if the vendor goes out of business?

Here’s something for your peace of mind and safety: when you’re outsourcing your software to a SaaS vendor, you have to sign a service level agreement (SLA). This should specify that you own the data and that the vendor is obliged to provide access to your data even if the vendor suffers from extreme circumstances like economic difficulty or disasters.

Data hosted by a SaaS vendor will be more secure than that stored on the average SMB's network. That’s because SaaS vendors regularly undergo strict security audits, forcing them to invest more in security, backup technology, and maintenance than a typical SMB.

Should I switch to SaaS or stick to on-premises?

SaaS is an ideal solution for small- and mid-sized businesses that want to reduce upfront costs. Large businesses or those with complex processes will benefit more from a traditional on-premises solution since it offers more functionality and allows for full customization.

Still unsure about whether SaaS is the right answer for your organization? Want to know more about SaaS before making the transition? Call us today! Our experts are ready to answer any questions you may have about SaaS.

Published with permission from TechAdvisory.org. Source.

The post Why your business should get SaaS-y appeared first on Complete Technology Resources, Inc..

Over the past few years, the security industry has witnessed a rapid evolution in attack techniques, including fileless malware. Now, cybercriminals use legitimate tools and services such as existing software, applications, and authorized protocols to carry out malicious activities like unauthorized data retrieval or data damage. Left unchecked, these types of malware can adversely affect […]

The post Fileless malware: Are you at risk? appeared first on Complete Technology Resources, Inc..

20 Jul, 2020 / by Complete Technology Resources / in 2020july20security_b, cybersecurity, fileless malware, malware, Security category

Over the past few years, the security industry has witnessed a rapid evolution in attack techniques, including fileless malware. Now, cybercriminals use legitimate tools and services such as existing software, applications, and authorized protocols to carry out malicious activities like unauthorized data retrieval or data damage. Left unchecked, these types of malware can adversely affect your business processes and the infrastructures that run them.

What is fileless malware?

Fileless malware is malicious software that doesn't rely on executable files to infect your infrastructure. Rather, it hides in your computer's random access memory (RAM) and uses trusted, legitimate processes such as Microsoft Office macros, PowerShell, and Windows Management Instrumentation (WMI).

Fileless malware isn’t as visible as traditional malware. They use a variety of techniques to stay persistent, and can adversely affect the integrity of a business’s processes and the infrastructures that run them. Because there are no files to trace, fileless malware escapes detection from most anti-malware programs, especially those that use the databases of precedent threats. Most automated sensors cannot recognize illicit scripts, and cybersecurity analysts who are trained to identify them usually have a hard time establishing where to look.

Fileless malware by the numbers

In November 2016, attacks using fileless malware saw a 13% uptick, according to a report by Trend Micro. Also, in the third quarter of 2016, attacks were 33% higher than in the first quarter. During the first quarter of 2017, more PowerShell-related attacks were reported on over 12,000 unique machines.

Kaspersky Lab uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked toward obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyberattackers to withdraw undisclosed sums of cash from ATMs.

In 2018, Trend Micro also detected a rising trend of fileless threats throughout the first half of the year.

Is your business at risk?

It is unlikely that your business has been targeted in the earliest stages of this strain of malware, but it’s better to be safe than sorry. Businesses should practice defense in depth, where multilayered safeguards are implemented to reduce exposure and mitigate damage. But apart from cultivating a security-aware workforce, what actionable countermeasures can organizations carry out?

While your business might not be in immediate danger, you should employ solutions that analyze behavioral trends. It is also wise to invest in a managed services provider that offers 24/7 network monitoring, proper patches, and software updates. Call us today to get started.

Published with permission from TechAdvisory.org. Source.

The post Fileless malware: Are you at risk? appeared first on Complete Technology Resources, Inc..

As you surf the web, it’s nearly impossible to keep your internet activity completely private. Certain websites collect personal information for marketing purposes and your browser keeps track of all the websites you visit. That browsing information can also fall into the wrong hands, which is why you should consider using private browsing if you […]

The post What private browsing can and can’t do appeared first on Complete Technology Resources, Inc..

06 Jul, 2020 / by Complete Technology Resources / in 2020july6web & cloud_b, chrome, edge, firefox, online privacy, opera, private browsing, safari, Security, vpn, Web & Cloud, web browsers category

As you surf the web, it’s nearly impossible to keep your internet activity completely private. Certain websites collect personal information for marketing purposes and your browser keeps track of all the websites you visit. That browsing information can also fall into the wrong hands, which is why you should consider using private browsing if you want to keep your online activities to yourself.

What is private browsing?

Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — remembers the URLs of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private (and embarrassing) internet activities are exposed for anyone to see.

With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed in the private browsing session are immediately discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts you accessed after closing the window.

Your cookies also won’t be tracked. In a normal browsing session, sites like Facebook will display highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity can’t be tracked by marketing companies.

Another benefit of private browsing is that you can use it to log in to several accounts on the same site, which is useful if you need to log in to two different online accounts at the same time.

What are the limitations of private browsing?

Although private browsing does prevent your web browser from storing your data, it doesn’t stop anyone from snooping on your online activities in real time. If your computer is connected to the company network, system administrators can still track what you’re browsing, even if you’re in Incognito Mode.

Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online. Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Instead, you should use a virtual private network (VPN) when you go online. These encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to use a strong anti-malware program to scan your computer and keep spyware and other malicious web monitoring software at bay.

If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing.

Published with permission from TechAdvisory.org. Source.

The post What private browsing can and can’t do appeared first on Complete Technology Resources, Inc..

The problem

The solution

What is SaaS and what makes it appealing?

Will my data be safe?

Should I switch to SaaS or stick to on-premises?

What is fileless malware?

Fileless malware by the numbers

Is your business at risk?

What is private browsing?

What are the limitations of private browsing?

About CTR

Latest Post

Arizona:

Connecticut:

Massachusetts:

Contact Information: