Computer Tip Of The Day: Using Two-Factor Authentication

a person is typing on a computer keyboard

Two-factor authentication can provide your workplace with an extra foundation of security. It requires extra information beyond just a username and your password to access computer accounts.

Two-Factor Authentication for Emails

Two-step authentication will require a combination of a username and a password, in addition to an extra piece of information that includes a security code that will be sent to a mobile device. Adding an extra layer of security to an email account is one of the biggest improvements that can be made.

Workplace Social Media Accounts

We are aware of how popular social media accounts are in the business world, especially due to their ability to attract customers from across the world. It is important that the proper steps are taken to secure social media sites. Two-step authentication can also be used to secure social media accounts.

It is very important to always be cyber aware, even if you find it to be an inconvenience. The extra steps you take to secure your account can be the difference between having a successful business and a business that fails because it was not properly secured in the online world.

If there are various online accounts that need to be managed, it is greatly important that you take the proper steps to secure online accounts, customer data, and other vital business information.

Two-factor authentication will generally include one or more of the following:

  • One of your physical characteristics, such as your fingerprint.
  • A one-time security code that can be sent to your mobile device or email address that you will enter after you have entered your username and password. The login process will not be completed until the security code has been entered.
  • Another layer of security that can be used for identity verification is challenge questions. When choosing challenge questions, we encourage you to choose questions that may be difficult for others to answer. Avoid choosing simple challenge questions that hackers can find answers to by searching online, especially on social media.

Two-factor authentication is becoming a popular choice for many account holders in all industries. Contact us today for more information on two-factor authentication and how you can become more cyber aware.

Business Technology: Don’t Ignore These Password Tips

a man sitting at a desk using a laptop computer

One thing that has remained a constant in the battle against data breaches in business technology. The importance of adhering to a well-rounded password policy. This should be outlined by the company’s network administrator and supported by management. 

If a data breach should occur, poor passwords such as “1234” or “password” are no match against hackers.  Any organization that wants to avoid a data breach should create and strictly adhere to a comprehensive password plan.

Password Essentials

A good password plan requires some effort on both the part of the systems administrator and individual staff members.  An effective system administrator will make use of tools that lock someone out after a few failed login attempts, force the requirement to select new passwords every 30-90 days and require staff members to use new passwords rather than simply reusing old ones. 

They also may be able to control the content of passwords by requiring the inclusion of numbers, symbols, and both upper and lower case characters when passwords are created.

Staff members should be informed not to use personal information such as their date of birth, addresses, or SSNs for passwords.  In addition, staff members should be instructed to always log out of applications after use, or employ a password-protected screensaver when they leave their desks in order to discourage others from gaining access under their login.

Termination – Voluntary and Involuntary

Many organizations allow their employees to log in to corporate applications from home or from their own smart devices.  When employees leave a company, it is imperative that the former employee has zero ability to gain access to corporate systems.  Employers must keep a comprehensive, up-to-date list of every application an employee has access to. Additionally, all devices from which they access corporate systems.  If an employee is fired, all passwords must be changed. Also, access cards, hardware equipment, and keys to buildings must be accounted for.

In the case of voluntary terminations, some employers will ask their former employees to vacate the premises immediately.  In other cases, an employer will allow the employee to fulfill what is typically two weeks’ notice.  Regardless, employers need to have a system access policy already in place. This ensures a smooth transition of the employee over to a former staff member.

If you would like to know more about creating a comprehensive password policy for your business technology, please contact us.

Find Your Weak Link And Help Prevent Security Breaches – Computer Tip Of The Day

a woman sitting at a table with a laptop and cell phone

There have been many unfortunate incidents of hackers stealing customer and employee information. Including, social security numbers, credit card numbers, checking account numbers, and other highly-sensitive information. Basically, data security is not something that should be taken lightly. Thus, you should never assume that your business will not become the target of security breaches.

Hackers have become very sophisticated. Many of them will tend to find a weak link in a business’s security features. It can be extremely difficult to access a business network through various firewalls and other barriers. However, many businesses will still have their data breached because hackers will find access to the system through a weak link.

What can you do to prevent breaches from occurring in your business?

Use a Risk Assessment

What kind of sensitive information is being used in your business? Once you take the time to evaluate the different types of sensitive information, you will gain a better understanding of what information will likely be targeted by hackers. The information that you feel is most vulnerable should be at the top of the list of data to secure first.

Encrypt Your Data to Prevent Security Breaches

Do you have encryption software installed on all the computers in the office? Do you have encryption software installed on your workplace’s mobile devices and USB drives? Not only should you use data encryption, but you should also make sure all devices and important accounts are being secured with passwords.

Revisit Your Security Policy

When some data breaches occur, it is due to what is taking place on the inside. Only the employees you trust the most with sensitive data should have access to it. If it is unnecessary for an employee to have access to sensitive data, they should not be able to easily access it. We encourage you to have a data privacy policy that will lay down the rules for accessing sensitive data. Additionally, any paper documents you have in the office should be secured. Therefore, they cannot be easily accessed by unwanted hands and unwanted eyes.

Security is a constant struggle because there is always someone who is looking for any weak links and vulnerabilities. Do you want to reduce the chances of your business becoming a target of security breaches? Contact us today for more information.

Proactively Addressing Mobile Threats

a close up of a keyboard with a fingerprint on it

More and more employees are using their smartphones and other portable devices in order to work on off-site projects, at home, or simply on the go.  While this has greatly increased productivity in many respects, there are inherent dangers in essentially allowing access to corporate systems to go out the office door, with very little to safeguard this access.  Any organization that allows their staff members to either use their own mobile devices for work-related activities and/or who issues mobile devices to their staff for external use should ensure they have an all-inclusive policy to cover usage and security practices. This will help protect individuals and companies from mobile threats.

External Threats

So what are some of the issues that can arise from the use of mobile devices used for corporate activities?  Regardless of whether an employee is using their own device or a corporate one, it is very easy for any of the following to occur:

  • a device is lost or stolen,
  • downloading of questionable 3rd party apps,
  • sharing of devices with unauthorized people,
  • and/or using unprotected Wi-Fi sources.

If any of these situations occur, unless protective measures are already in place, corporate data can easily fall into the wrong hands.  In addition to the expenses incurred from cleaning up a data breach, are other costs such as loss of trust and potential litigation from clients, and loss of public reputation as a trustworthy source of products and/or services.

Policy Solutions

A good mobile device policy will cover two key areas, and both must be addressed proactively, rather than after the fact.  The first part of the policy is put into place by IT administrators.  Their responsibilities include:

  • remotely locking lost or stolen devices,
  • creating and enforcing proper password and encryption policies,
  • discovering and restricting tampered devices,
  • and ensuring corporate data is removed from personal devices upon employee termination.

The second part of the policy pertains to instructing employees on the proper use of their mobile devices.  Employees need to follow certain protocols including:

  • reporting lost or stolen devices immediately,
  • following their employer’s policy on downloading 3rd party apps,
  • following password and Wi-Fi policies,
  • and not sharing their devices with family members or other external parties.

By creating a proactive and comprehensive mobile device policy, employees will thoroughly understand what their employer expects of them and IT administrators will be able to quickly resolve issues if they arise.  Using this two-pronged approach maximizes the ability of any business to properly secure both corporate and client data.  Please contact us if you would like more information on how to properly institute a mobile device security policy to protect your organization’s essential data.

You vs. the Hackers – Small Business Security

a man sitting in front of a laptop computer

Small Business Security

Large business data breaches, such as last year’s Equifax hack, always make headlines. However, small and medium-sized businesses are also vulnerable to data hacks. That is unless they put thoughtful security measures in place.  Even smaller businesses typically hold private information about their employees such as SSN, date of birth, family members, and other private information that hackers love.  Other private data such as email addresses, credit card and banking information, and other information about clients is typically gathered and stored by smaller businesses, just like major corporations.

In some cases, hackers deliberately target smaller businesses in the hopes their security defenses are not as robust as some of the larger targets.  In this post, we will outline some potential weaknesses that smaller businesses need to address so they can prepare a hacker-proof plan that will help safeguard them against potential threats.

PoS Systems

If your organization uses a point-of-sale system, unless properly secured, a hacker can try to use it to make unauthorized credit card charges.  These types of systems come with preloaded software that is easily hacked into through an unsecured access point.

Unsecured Wi-Fi

Some smaller businesses like to offer public Wi-Fi access in the hopes of garnering more customers.  However, this type of access should never be used to conduct any real corporate activity.  If an organization wants to offer public Wi-Fi, that’s fine. However, employees need to understand they should never use it for work-related activities. Even if secure company systems are down temporarily.

Website

Hackers especially like to target websites that gather credit cards and other personal information.  They might also attempt to find loopholes allowing them to gain access to company databases.

Email

Hackers still attempt to confuse employees by creating seemingly legitimate emails. This is an attempt to convince them to click on links leading to malicious sites. Or to impart private company information to untrustworthy sources.

Other Hardware

If the only thing between corporate data and a hacker is a four-digit password on a mobile device, the potential for hacking is enormous.  Especially if businesses do not enforce password policies, access to company data may be as easy as entering “1234” in a screensaver.  Hackers also look for vulnerabilities in servers and PCs in order to steal admin passwords and/or inject malware.

Clearly, every business needs to ensure a thorough IT security solution is part of the bedrock that forms their company foundation.  For more information on a total security solution, please contact us.