Demystifying Ransomware Understanding its Impact on Businesses

In today’s interconnected digital landscape, cyber threats continue to evolve and pose significant risks to businesses of all sizes. Ransomware, in particular, has emerged as one of the most notorious and destructive forms of cyberattacks. In this blog post, we will delve into the world of ransomware, exploring what it is, how it works, and the profound impact it can have on businesses.

What is Ransomware?

Ransomware is a malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid. It infiltrates systems through various means, such as malicious email attachments, infected websites, or vulnerabilities in software. Once executed, ransomware quickly spreads throughout the network, encrypting files and displaying ransom notes that demand payment in exchange for the decryption key.

The Impact on Businesses:

  1. Financial Losses: Ransomware attacks can inflict significant financial damage on businesses. The ransom demands can range from a few hundred to millions of dollars, and even if the ransom is paid, there is no guarantee that the attackers will honor their end of the deal. Moreover, businesses often face additional costs, including incident response, system restoration, legal fees, and potential regulatory fines.
  2. Operational Disruption: Ransomware attacks can bring business operations to a grinding halt. When critical systems and data are encrypted, employees are unable to access vital information or perform their duties, leading to productivity losses and disruption of customer services. The downtime can have a cascading effect on revenue, customer satisfaction, and business reputation.
  3. Data Loss and Breach: In some cases, ransomware attacks involve exfiltrating sensitive data before encrypting it. Attackers may threaten to publish or sell the stolen data if the ransom is not paid, exposing businesses to the risk of data breaches. Data breaches can result in severe legal and reputational consequences, including lawsuits, regulatory penalties, and loss of customer trust.
  4. Reputational Damage: The impact of a ransomware attack extends beyond financial and operational consequences. News of a successful attack can tarnish a company’s reputation, erode customer confidence, and deter potential business partners. Rebuilding trust and restoring the company’s image can be a long and arduous process.
  5. Legal and Regulatory Ramifications: Depending on the industry and geographical location, businesses affected by ransomware attacks may face legal and regulatory implications. Data protection laws, such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), mandate organizations to protect personal data adequately. Failure to comply with these regulations can result in substantial fines and legal repercussions.

Mitigating the Impact:

While the threat of ransomware is persistent, businesses can take proactive steps to mitigate its impact:

  1. Regular Data Backups: Maintain secure and up-to-date backups of critical data. Ensure backups are stored separately from the main network and regularly test restoration processes to verify their effectiveness.
  2. Robust Cybersecurity Measures: Implement a multi-layered approach to cybersecurity, including firewalls, intrusion detection systems, antivirus software, and regular patch management. Utilize email filters, spam detection, and employee education to minimize the risk of infection.
  3. Employee Awareness and Training: Educate employees about the dangers of phishing emails, suspicious attachments, and malicious links. Promote cybersecurity best practices, such as strong password hygiene, two-factor authentication, and reporting any potential security threats promptly.
  4. Incident Response Planning: Develop an incident response plan that outlines the steps to be taken in the event of a ransomware attack. Define roles and responsibilities, establish communication channels, and conduct regular drills to ensure readiness.
  5. Regular Security Audits: Conduct comprehensive security audits and penetration
/by

What an MSP can do that you can’t to protect yourself from Ransomware

Managed Service Providers are experts in protecting against cybercrime, just as you are an expert in producing and selling a product or service. Focus your energies where they are put to the best use. Your MSP will work to protect your business from ransomware attacks. Here are several ways they will work to keep your business safe.

Proactive Monitoring and Threat Detection

MSPs employ advanced monitoring tools and technologies to actively monitor your systems and networks for any signs of ransomware activity. Many MSPs offer 24-7 remote monitoring that includes checking for real-time threats. This proactive approach enables early detection of potential ransomware attacks, allowing fast action to be taken to mitigate the risk before the “datanapping” occurs.

Endpoint Security

Your MSP can implement endpoint protection solutions, a fancy term for tools that include firewalls, antivirus software, and intrusion detection applications. These tools are crucial in preventing ransomware from infiltrating your network in the first place. MSPs also work to be sure that these security measures are up to date and properly configured. (Remember: data security isn’t a one-time project. Criminals are always changing their methods, so what protected you last week, may not work today. An MSP has the resources to keep your security up to date.

Backup and Disaster Recovery

One of the most effective defenses against ransomware is a comprehensive backup and disaster recovery plan. MSPs can design and coordinate backup procedures that ensure regular, automated backups of your critical data. These backups are stored securely and can be easily restored in the event of a ransomware attack. MSPs can also coordinate testing the backup restoration process to minimize downtime.

Security evaluations: How safe is your data?

One key way to protect yourself against any crime is to evaluate where you are most vulnerable. Where is the door with the broken lock? MSPs conduct thorough security assessments to identify weaknesses in your infrastructure. They perform regular vulnerability scans to identify potential entry points for ransomware attacks. By identifying and patching vulnerabilities promptly, MSPs significantly reduce the risk of a successful ransomware attack.

Disaster Recovery: Keeping things going

In the event of a successful ransomware attack, MSPs play a critical role in incident response and remediation. They have dedicated teams of cybersecurity experts who are skilled in handling such incidents. MSPs are able to respond swiftly to contain the attack, isolate infected systems, and get you operational as quickly as possible. Their expertise ensures a coordinated and effective response, minimizing the impact of the attack and expediting the restoration of normal operations.

Employee Training

MSPs recognize the importance of every employee in preventing ransomware attacks. As mentioned above, the crude but simple phishing email remains a very effective way to infiltrate an organization’s technology. MSP’s offer training to employees, enabling them to identify and respond to potential threats. By promoting a culture of cybersecurity awareness, MSPs help businesses create a human firewall that can actively prevent ransomware attacks. MSPs have the time to focus on creating and maintaining these training programs so that you don’t have to.

24/7 Monitoring and Support

MSPs offer round-the-clock monitoring and support to ensure constant watch against ransomware attacks. They provide timely response to alerts, address security incidents promptly, and offer ongoing support and guidance to businesses. This continuous monitoring and support significantly enhances the overall security level of your organization.

Managed Service Providers (MSPs) play a pivotal role in safeguarding businesses against the growing threat of ransomware. Through proactive monitoring, endpoint protection, backup and disaster recovery planning, security evaluations, incident response, user education, and 24/7 support, MSPs provide comprehensive defense strategies. Engaging the services of an MSP allows businesses to focus on their core operations with the confidence that their data and systems are protected from ransomware attacks

Ransomware attacks pose a significant threat to businesses with the potential for severe financial and brand damage. By understanding the nature of ransomware, adopting preventive measures, and partnering with a managed service provider, you have the greatest possible chance to avoid falling victim to a ransomware attack.

/by

Protecting Your Business: Safeguarding Against Ransomware Attacks

,

In today’s digital age, businesses face an ever-increasing threat from cybercriminals, and one of the most prevalent and damaging forms of cyberattack is ransomware. Ransomware attacks can cripple an organization, leading to data breaches, financial losses, and reputational damage. However, by implementing robust cybersecurity measures and adopting best practices, businesses can significantly reduce the risk of falling victim to ransomware attacks. In this blog post, we will explore effective strategies to safeguard your business against ransomware and ensure business continuity.

    • Employee Education and Awareness:
  • A well-informed and security-conscious workforce is the first line of defense against ransomware attacks. Regularly educate your employees about cybersecurity best practices, such as recognizing phishing emails, avoiding suspicious downloads, and practicing strong password hygiene. Conduct training sessions, share informative resources, and encourage employees to report any potential security threats promptly.
    • Implement a Multi-Layered Security Approach:
  • Having a comprehensive cybersecurity strategy is crucial to protect your business against ransomware. Adopt a multi-layered security approach that includes the following elements:
    1. Endpoint Protection: Install reliable and up-to-date antivirus and anti-malware software on all devices within your network. Enable real-time scanning and automatic updates to detect and block potential threats.
    2. Firewall and Intrusion Detection Systems: Deploy robust firewalls and intrusion detection systems (IDS) to monitor network traffic and prevent unauthorized access. Regularly update and patch these systems to address any vulnerabilities.
    3. Secure Backup and Disaster Recovery: Regularly back up your critical data and ensure backups are stored securely, preferably offline or in a separate, isolated network. Test data restoration processes periodically to ensure backups are viable.
    4. Network Segmentation: Divide your network into smaller segments to limit the spread of ransomware. Implement strict access controls and ensure sensitive data is only accessible to authorized individuals.
    • Keep Software and Systems Updated:
  • Outdated software and operating systems are common entry points for ransomware attacks. Regularly update all software applications, including web browsers, email clients, and operating systems. Enable automatic updates whenever possible to ensure prompt installation of security patches and bug fixes.
    • Email Security Measures:
  • Email remains one of the primary vectors for ransomware distribution. Implement robust email security measures, including:
    1. Spam Filters: Utilize advanced spam filters to block suspicious emails and prevent phishing attempts from reaching employee inboxes.
    2. Email Authentication: Implement email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to prevent email spoofing.
    3. User Awareness: Educate employees about email security best practices, including verifying sender addresses, avoiding clicking on suspicious links or downloading attachments from unknown sources, and reporting any suspicious emails promptly.
    • Regular Data Backups and Testing:
  • Frequent data backups are essential to mitigate the impact of a ransomware attack. Implement a robust backup strategy that includes automated backups and periodic testing of data restoration processes. Ensure backups are stored securely and kept separate from the main network to prevent ransomware from infecting them.
    • Incident Response and Business Continuity Plan:
  • Develop a comprehensive incident response plan that outlines the steps to be taken in the event of a ransomware attack. The plan should include procedures for isolating affected systems, notifying stakeholders, engaging law enforcement, and restoring operations. Regularly review and update the plan to reflect changes in technology and emerging threats.
    • Regular Security Audits and Penetration Testing:
  • Periodically conduct security audits and penetration testing to identify vulnerabilities in your network infrastructure and applications. Engage with ethical hackers to simulate real-world attack scenarios and identify potential weaknesses.
/by

Leave virus protection to your MSP Doctor

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is ilkely nothing to do to retrieve your data until you have given in to the demands of the criminals.

As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special attention. Some of the routine tools to protect data may still be vulnerable to ransomware. This e-guide will talk about seven specific ways that an MSP is best positioned to help protect you from a ransomware attack.

Before talking about how an MSP can help. Let’s define ransomware. Ransomware is an especially nasty software whose MO is as old as crime: Kidnapping ( in this case, datanapping) Ransomware does this by infiltrating your computer systems and encrypting all of your files, making them unreadable to you. Then like any kidnapper, they post a ransom and hold your data hostage until they get paid. They encrypt your files, rendering them inaccessible to you. The attackers then demand a ransom payment. Ransomware attacks are typically carried out through phishing emails, compromised websites, or exploiting vulnerabilities in software. ( please check out some of our other e-guides on training your employees to avoid phishing emails, and avoiding other easy tricks that criminals use to infiltrate your IT systems.)

What happens once they have encrypted your data? You are probably stuck either paying the ransom or losing the data. In the case of ransomware, sometimes routine backups may be infiltrated. This is why an MSP can be of such value in securing your data against this particular form of cyber crime.

The impact of this crime is pretty obvious. Your data–and your customer’s data–is inaccessible. You have almost no choice but to pay the ransom. The loss of data can disrupt daily business activity and damage customer trust. A successful ransomware attack can lead to brand damage, regulatory penalties for data breaches, and potential legal consequences. The overall consequences can be devastating, making it especially important for you to take proactive measures to prevent such attacks.

The basic preventative measures. Are they enough?

In general, there are some basic textbook best practices you can follow

  • Educate employees about cybersecurity best practices, including identifying phishing emails and suspicious links.
  • Regularly back up data and ensure offline or offsite storage to prevent data loss in case of an attack.
  • Keep software and systems up to date with the latest security patches.
  • Implement robust endpoint protection solutions, including firewalls, antivirus software, and intrusion detection systems.
  • Segment networks to limit the spread of ransomware and restrict access to critical systems.
  • Develop and test a disaster recovery plan to ensure an effective response to an attack.

However, straightforward as these appear, these aren’t as simple to implement as they sound and you may not have the time and labor to devote to designing, implementing, and maintaining these procedures. As an MSB, your focus is necessarily focused on operations, revenues, and sales. A Managed Service Provider has the resources and the expertise to handle your virus protection and ransomware avoidance planning so you focus on revenues.

/by

Passwords: boring but they matter

,

Passwords are something that you and every employee can use to protect your data and maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Watch out for re-use and multiple use.

Rotating passwords isn’t a good idea. You may notice some sites that you use may not even permit you to use the passwords you have used previously. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites.

Avoid writing down passwords

This one can be a little outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet or handbag isn’t an especially good idea.

Don’t share password

One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.

Phishing tricks

Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this is other e-guides but it bears repeating because it seems to work against even the most savvy digital users.

Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL [email protected] will take you to mysite.net and not to the actual Bank of America website.

In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time

/by

Four easy ways to thwart cyber criminals

,

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)

/by

Password Hygiene Best Practices

,

According to a report by Verizon, 80% of data breaches are caused by weak or stolen passwords. In addition, the report found that 60% of users reuse the same password across multiple accounts, making it easier for hackers to access multiple accounts with a single stolen password.

Maintaining good password hygiene is essential to protect against these threats and keep your accounts secure.

Weak or compromised passwords can be easily cracked, allowing cybercriminals to gain access to our data and steal our information. Here are a few password hygiene best practices to consider,

Use Strong Passwords

Using strong passwords is one of the most crucial steps in maintaining good password hygiene. A strong password is one that is long and complex, using a combination of letters, numbers, and symbols. Avoid using easily guessable passwords, such as “password” or “123456,” and avoid using personal information, such as birth dates or names.

Update passwords or revoke access when employees leave the organization

Changing passwords regularly is another essential step in maintaining good password hygiene. It is recommended to change passwords every 90 days or sooner, depending on the level of security required. Passwords need to be updated regularly and access to data has to be revoked when employees are no longer authorized to access it. However, this important step is often overlooked. This is especially an issue in SMBs where the staff is pretty busy and turnover is high. They are too busy to remember to change the passwords once a staff member quits, leaving their data vulnerable. So, next time the new intern finishes their stint with you, make sure you change the password and revoke their access.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your accounts. It requires you to provide a second form of identification, such as a code sent to your phone, in addition to your password. Two-factor authentication makes it harder for hackers to gain access to your accounts, even if they have your password.

Don’t Reuse Passwords

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. Using the same password for multiple accounts is a common mistake that can compromise the security of all your accounts. If one account is compromised, all accounts using the same password are also at risk. Using a unique password for each account decreases the amount of damage that can be inflicted in the event that one password is compromised.

Avoid Writing Down Passwords

Writing down passwords is a risky practice. It is easy to misplace or lose the paper where you wrote down your passwords. Avoid writing down passwords, and if you must write them down, keep them in a secure place, such as a locked cabinet. This applies primarily to an office environment, where desks, files and notepads are in open view and available to all.

Don’t share your passwords

Never share your password. If you need to give data access to multiple people, make sure each one of them has their own access credentials. This creates an audit trail and helps trace the data breach back to its origin if it occurs.

Be Wary of Phishing Scams

Phishing scams are a common way for hackers to gain access to passwords. Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine

/by

Password Management Tools: An overview

Effective password management is an essential aspect of cybersecurity. With the increasing number of online accounts and services, remembering all those passwords can be a daunting task. Password management tools provide an effective solution to this problem. This blog discusses the benefits of using password management tools and some password management best practices to be followed.

Some of the key benefits of deploying password management tools are:

Enhanced Security

The primary benefit of password management tools is enhanced security. Password managers store passwords in an encrypted format, making them less susceptible to hacking and phishing attacks. These tools also allow businesses to generate and store complex passwords for their employees. As a result, businesses can ensure that their employees use strong and unique passwords for every account, reducing the risk of a breach.

Easy Password Access and Management

Password management tools offer an easy way to access and manage passwords. Rather than manually entering passwords every time an employee logs into an account, password managers automatically fill in the necessary information. This feature not only saves time but also eliminates the risk of human error.

However, there are a few things to consider before you invest in a password management tool.

One of the things to consider is a security breach. Password managers are third party platforms. If your password management experiences a security breach, it can put all of the stored passwords at risk. Additionally, if the tool goes down, you may not be able to access your accounts.

Secondly, while password management tools reduce the risk of human error, they are not foolproof. Employees may still make mistakes, such as sharing their passwords or writing them down, which can compromise security. Additionally, if an employee forgets the password to their password manager account, it can cause problems. Hence it is important to ensure that you have good password hygiene in place.

Password hygiene refers to the practice of creating and maintaining strong passwords and protecting them from being compromised. It involves using unique and complex passwords for each account, changing passwords regularly, and storing the passwords securely so it isn’t accessible to unauthorized entities.

/by

Three common sense data safety reminders

When it comes to smaller and medium sized businesses, anything that distracts from the day to day concerns about bringing in revenue tends to fall by the wayside. With that in mind, we have put together a list of seven things that a small business needs to prioritize if you want to keep your business up and running. Remember, a cyber attack on your data security could be the biggest threat to your revenues that you face, even more serious than a recession or a pandemic

Software

Everything you have uses software programs, all of which can be vulnerable to hacking. Make sure all of your software programs are up-to-date. Software companies release program updates, security patches and critical updates for their applications. In addition to providing new features or fixing bugs in the program, these updates and patches prevent cybercriminals from exploiting the vulnerabilities that exist in the program to gain access to your network and data. So, you need to take the time to make sure that all of your software applications, including operating systems, and browsers are up-to-date. And do not forget your smartphone. It is important not to leave out your smartphone applications and mobile devices as well, because cybercriminals can find a way to invade your network and data from your smartphone For example, you have your work email configured on your phone. Hacking into your phone can give them access to your work email and consequently to work data.

Backups

There are things we all know we should do that are good for us, but that doesn’t mean we do them. Eat your vegetables, exercise every day… and back up your data. So here is a reminder of what you should do. Make sure you have clean and up-to-date backups. Backups come in extremely handy, especially in the case of ransomware attacks. Ransomware attacks are where cybercriminals gain control of your network or data and lock you out of your own system preventing you from accessing crucial business data. Sometimes your data is encrypted, which means it won’t be “legible.” They then demand a ransom to unlock or decrypt your data. Unless you pay up, you won’t have access to your data or your data won’t make any sense to you as it is encrypted. Having up-to-date, quality backups ensures you don’t have to worry about losing access to your data or paying the ransom, as you would have a most recent copy of your business data readily accessible. You can make backups on external hard disks, servers located at a place different from your place of business or even on the cloud (think Google Drive or One Drive or cloud servers). That said, contact an MSP to design workable backup procedures that don’t include copies of the ransomware. Just routine backups may not be enough to protect you.

Train everyone in your organization

Never forget the human factor in how cybercriminals get through your defenses. Training your employees to identify and respond correctly to cyberthreats plays a big role in any organization’s cybersecurity initiative. Regular cybersecurity training sessions along with mandated assessments should be conducted for all employees. Based on the assessment results, you may conduct follow-up training or refresher sessions for those who need it. You should also create an IT security policy document or handbook and share it with everyone in your company. This handbook or policy document must be updated on a routine basis to keep up with the latest in cybersecurity protocols.

Cybersecurity might seem like a lot of work, especially when you have a business to run and clients to focus on. However, it is certainly not an element that you can afford to ignore. The price you may have to pay if your business becomes a target of a cybercriminal is too high to take cybersecurity lightly. Consider bringing an experienced Managed Services Provider (MSP) on board to help manage the cybersecurity aspect of your business, while you can focus on your clients.

Questions? Contact Direct One for suggestions on improving your data security. Your business depends on it.

/by

7 Cybersecurity basics to never forget

,

No matter how much people hear “data safety,” they still can get sloppy about their cybersecurity. One of the reasons is that there are so many constant reminders that the warnings just become that much more background noise. Today, let’s do a quick review of the one you hear most about ( and most likely to forget about) Passwords.

Passwords

As annoying as they are (and who doesn’t doest curse them sometimes) passwords are a basic and necessary evil to protect access to your data. One of the root innovations that helps sidestep the tedium of entering ( and remembering ) passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren’t readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices (also known as “ good password hygiene’’)?

Maintaining password best practices

Simple passwords, with nothing but regular vocabulary words (even in other languages) are easily cracked. Most sites generally require mixed case, alphanumeric and a symbol or two for it to be an approved password. Here are a few things to remember.

    • Avoid using the same password across multiple sites or devices.
    • Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be
    • Don’t send passwords ( or any critical personal data, for that matter) via text or email.
    • Don’t save them on a device in an unencrypted file
    • Remember to change them periodically
    • Be sure that access to files is removed immediately when an employee leaves an organization or no longer has need to access particular programs, data or machines

Multi-factor authentication

Related to the password method of maintaining data security, multi-factor authentication is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. Your ATM is an example of MFA. Just a password isn’t enough at the ATM–you have to have your ATM card also. Most of us know MFA through the request to enter a one time code that is sent to us, on a different platform, after we enter our usual password. Again the idea here is that even if a password is stolen, a second form of identification is required to ensure the correct person is gaining access. NOTE: A common form of MFA is to send a text message to your phone. Be aware that if you leave the country and don’t buy a text package for your phone, you may not be able to access some sites that use this form of MFA.

In short, we hear most about password safety, but because it can be such a pain to change them, we open ourselves and our business to data vulnerability. Contact Direct One for ideas to improve your data security.

/by