Posts

Passwords: boring but they matter

,

Passwords are something that you and every employee can use to protect your data and maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Watch out for re-use and multiple use.

Rotating passwords isn’t a good idea. You may notice some sites that you use may not even permit you to use the passwords you have used previously. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites.

Avoid writing down passwords

This one can be a little outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet or handbag isn’t an especially good idea.

Don’t share password

One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.

Phishing tricks

Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this is other e-guides but it bears repeating because it seems to work against even the most savvy digital users.

Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL [email protected] will take you to mysite.net and not to the actual Bank of America website.

In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time

/by

Four easy ways to thwart cyber criminals

,

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)

/by

Why MSP relationships fail

A lot of SMBs opt for managed service providers who can help handle their IT requirements, and for the most part, it works well. Almost everyone knows the benefits of having a MSP manage your IT. Increased cost savings, ability to focus on your business without worrying about IT, better IT support and expertise, and so on. But, there are times when the managed IT services model fails, leaving business owners to wonder what went wrong. This blog discusses some key reasons why MSP relationships fail.

You didn’t do a reference check
Did you just pick the first MSP you found on the Google search? Did you just go by the presentations they gave you, or the information on their website? Always remember to ask your MSP for references. Talk to someone they work with and get feedback.

They don’t have enough staff
If your MSP is short of staff, they won’t be able to give you the attention you need. One of the biggest advantages of bringing an MSP onboard is having someone who proactively manages and monitors your IT requirements– something you cannot do without a full fledged IT department. So, it is important that your MSP is well-staffed.

They are not experienced enough
Before you bring an MSP on board, make sure you pay attention to how long they have been in business. This is important because the whole idea behind hiring an MSP is to leverage their knowledge and expertise. Secondly, someone who has been in the business for quite some time is more likely to be able to scale with you as you grow.

They said they will be there, but…
You want your MSP to be available 24/7, because with IT, you never know when the problem will arise. Not only should your MSP be proactively monitoring your IT infrastructure to ensure everything runs smoothly, they should also be able to resolve IT problems when they happen–time and day notwithstanding, so that your business is back up and running as soon as possible.

They are not able to provide you with all that you need
Sometimes, as you grow, your IT needs change. You may need much more support and new technologies that you didn’t think you’d need earlier. In such cases, if your MSP is not able to grow and scale with you, then the relationship won’t work.

When choosing an MSP, think of the whole process as a partnership, and not a one-time deal. When you look at the relationship as a long-term one, you are more likely to consider all the factors that go into making your relationship with the MSP work in the long run.

/by

Do your homework: 3 things to do when looking for an MSP

,

Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one.

Figure out what you have already

The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea.

Figure out what you need

This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you want to add on or remove from your existing IT infrastructure? Are your servers too slow? Do you want to switch to the Cloud instead of traditional services? Do you want a Unified Communications set up instead of your current PBX phone line? Do you want to shift to a work-from-home model and need the infrastructure to support that?

Do your research

Now that you are clear about what you have and what you need, start doing your research. If you have an in-house IT team, you can ask them to evaluate the various options that can help you reach your goal. If not, then there are plenty of resources available online for SMBs that help with tech questions. https://www.sba.gov/learning-center is one great resource and a Google search will get you more.

As a part of this research, you should also make a list of credible MSPs in your area and learn more about them. A Google search can help you with that, but it would be even better if you reach out to a couple of your peers requesting them to refer you to their MSPs, if they have one.

Hiring an MSP means trusting them with your IT infrastructure, so it is very important that you have a clear understanding of what you really want and need, so you can share your expectations with your new MSP. This transparency and clarity goes a long way in determining the success or failure of your relationship with the MSP.

/by