7 Tips on Better Password Protection

Over the past year, there have been numerous compromises that have made the headlines.  Everything from Carefirst Health to the United States Office of Personal Management have all been cyber breaches as a result of password hacks.  Be sure to follow a few simple password tips on ways you can help mitigate the risk of hackers gaining access to your data and websites.

passord protection

1. Use Complex Characters
Use a combination of upper case, lower case, symbols and numbers.  Most cyber experts suggest a minimum of eight character passwords, but using nine characters or more is better.  Use random nonsensical like words and turn them into something like bR!TR0$e using upper case, lower case, numbers and characters.  

2. Different Passwords Across Different Sites
Don't use the same password across all the sites you access.  It would be very troubling to have your Facebook account compromised, but foolish to give those same thugs access to your bank, email, and credit cards, too. 

3. Use a Password Manager
Plenty of people still write down their passwords and hide them under a mouse pad, keyboard or worse still, post them on a monitor. Don't write them on a piece of paper! Use a program to keep track of all you passwords. AgileBits offers an application called 1Password that provides full access to all your password data between your laptops, iPads, smartphones and other systems.  It is a quick and easy way to securely store all your passwords while at the office, at home or on the road.  LastPass is another service that can help you to manage all your passwords.

4. Frequent Password Changes
Just like you hear about you about testing your smoke alarms at regular intervals, take the time to schedule and change your passwords.  Most security groups encourage that you change your passwords at least once every 90 days.

5. Local Lockdown
Require login access on all your computers and mobile devices.  There are plenty of stored passwords that are automatically held in your Internet browsers.  Eliminate those compromises by enabling the auto-locking features that protect those devices after several minutes of inactivity. While these steps don’t prevent hackers from gaining access to companies holding your information, it does help protect a variety of security points that you control.

6. Multi-Factor Authentication
Standard authentication, or logging in, relies on a username and password. If an attacker obtains the password associated with a username, they can easily compromise the related account. As its name suggests, multi-factor authentication (MFA) instead relies on multiple pieces of information, providing an added layer of protection.

Typically, MFA requires two pieces of information: something you know and something you have. An example of MFA in everyday life would be authentication for ATM access. In order to access your bank account through an ATM, you need something you know (your PIN) and something you have (your card). Similarly, accessing an MFA-enabled account requires not only a password, but also interaction with something you have, such as a mobile phone or digital key fob.

When available, MFA is one of the best available options for protecting an account. Banks and larger IT service providers, like Google and Microsoft, usually offer MFA, but most services do not.

7. Stay Informed
Cyber security has become more than a technical problem in making the news headlines. A data breach can have major consequences for your business – including loss of customers, reduced brand reputation, significant financial impact and more. Attend one of our free Lunch and Learn webinars Keeping Your Business Secure Online to find how you can do more to keep yourself and business more secure.

Comments (0)

8 Ideas for Preparing Your 2016 IT Budget

Taking the time to plan ahead for your 2016 IT budget can be quite useful. Besides helping you manage costs, a budget can highlight areas where you might need to invest more resources. It can also keep you on track in meeting your financial goals.

Here are eight tips that can help you prepare an effective IT budget for 2016:

1. Take the Time to Set Your Goals

2016 IT Budgeting

An IT budget is not something you can throw together in a day. It takes time and thought to create one that will help your company grow. It also requires input from your management team, as your IT systems are likely being used in many different areas of your business.

Further, an IT budget is something the begins with your business goals for the new year.  Are you looking for more revenue growth?  Are you looking to costs?  Are needing to update new laptops or servers?  Keep these priorities in mind before you start.

2. Look to the Present and Past to Predict the Future

A good way to begin your 2016 IT budget is to create a baseline budget that shows your IT expenses and income for the current year. You can then adjust it to account for anticipated changes in 2016. Examining your IT budgets from previous years can give you an idea of how variable revenue and costs have fluctuated from month to month, quarter to quarter, and year to year.  Three to four years can help provide data on capital expenditure cycles.

3. Do Not Try to Budget Down to the Last Cent

IT budgets are designed to only estimate where money will be coming in and going out. They are not accounting ledgers, so you do not need to account for every last cent.

Because you are just estimating your IT expenses and revenue, do not be surprised if your projections are wrong. You can adjust them as needed when you review your budget each month.

4. Align Your IT Budget with Your Company's Strategic Goals

IT systems can help or hinder a company's efforts to meet its strategic goals. For example, meeting the goal of improving customer retention is more easily achievable with a fast, reliable web ordering system than a slow, quirky one. Budgeting IT improvements in areas that support your company's strategic goals will help turn IT into a profit center rather than a cost center.

5. Budget for Hardware and Software Updates and Replacements

Many companies have outdated hardware and software because they do not keep track of when these resources should be updated or replaced. As a result, employees often use them until they fail. These failures can lead to many other problems, including lost productivity, security risks, and even system downtime.

A better approach is to use an asset management system to track when hardware and software need updates or are approaching the end of their life. That way, you can budget for upgrades and replacements. This will help you avoid the additional costs and hassles of dealing with failed hardware and software.

6. Invest in Measures That Will Improve Security

Cybercrime is on the rise, as studies by Symantec and ThreatMetrix show. However, many companies do not adequately invest in IT security.

A Spiceworks study found that 59 percent of IT professionals feel their organizations do not adequately invest in IT security. This is corroborated by the finding that those organizations plan to spend only 9 percent of their software budget, or 6 percent of their total budget, on security measures in 2016. Given the prevalence of cybercrime, spending more on security measures is a wise investment.

7. Do Some Calculations before Treating Cloud Costs as Operational Expenses

A Computer Economics study found that 56 percent of organizations plan to increase spending on cloud applications. In budgets, companies often list cloud costs as operational expenses so that they can increase or decrease them as needed. This gives companies more flexibility to meet financial goals. However, if you plan to use a cloud application for many years, it might be cheaper in the long run to treat the cloud costs as a fixed amortization expense.

Learn about how new innovations with the cloud can reduce capital costs, increase your security and let you work from anywhere here.

8. Get help

There are always new innovative ways to reduce costs and increase productivity with technology.  Seek help from IT experts to uncover ways you can fit these new solutions into your plans.  Contact us today and see how Ease Technologies can share new ways to keep your business more secure, improve your productivity and reduce your IT costs. 

Comments (0)

How Does Identity Theft Occur?

identity theft

In the 2015 report from the Bureau of Justice Statistics, an estimated 17.6 million persons, or 7% of all U.S. residents aged 16 or older, were victims of one or more incidents of identity theft over the last year.  ID thieves take your information and use it to steal your tax refunds, make credit card purchases, pay their bills, get medical care and hide from the law by using your identity.

So how does this happen?

Thieves, ranging from close to home or around the world, use hundreds of different methods to obtain your personal information.   Most thefts are centered on obtaining information such as credit cards, bank accounts and social security information.  To take advantage of these accounts, thieves will also use associated information to gain access like email addresses, passwords, home addresses and personal information.

Below are some of the more popular ways individuals are deceived into sharing their information or how it is just stolen.

Theft –One of the common methods of obtaining your personal information is by theft.  If you were to have your purse or wallet taken, thieves are not expecting to hit the jackpot on the your money.  Who carries much cash with them anymore? Statistically, more concerning is the high number of personal identity thefts originating from someone that you employ, you know or even a family member.  You probably should not be so trusting with leaving things such as credit cards, social security cards and wallets in any open areas.

Phone Calls – The use of phone calls for ID thieves is on the increase.  Scammers seem to be preying on the elderly more recently as an easier way to obtain the personal information they seek. Making calls using false names, fake badge numbers, scammers even spoof caller ID to make it appear as though they’re with the IRS or another agency.  They use easy to find online resources to get names, addresses and other details about an individual and make it seem like they are legitimate.  The most common tactic with these tricks seems to be fear, IRS officials have shared. Scammers try to scare people into reacting immediately and providing them with the information they want through intimidation.  Organizations are not going to be calling you up trying to be obtaining information from you.  If you are not sure, ask to call them back and look up their office number.

Email Phishing – There are thousands of different email phishing scams out there that are trying to entice you into divulging your personal information via email.  Included in this are tactics used to inject viruses and malware into your computer to then gain access to your personal data, allowing the scammer to steal this data right off your computer.  Not clicking on trusted email sources and questionable websites are your best forms of protection.   

Dumpster Dives – An old fashion approach to getting someone’s information is simply going through his or her trash.  Way overlooked is the amount of personal information that is dropped into a trashcan.  This can be a home or at work.  Taking the time to consider what is being tossed away and shredding sensitive information are both critical.

Data Breach – Over the past couple of years, the number of high profile data breaches is getting to be quite shocking.  Large retailers like Home Depot and Target have been compromised at Point of Sale systems, with tens of millions of customers’ credit card data stolen. Health care providers like CareFirst and Anthem have had similar hacks with personal identity information taken.  Even the US Office of Personal Management suffered probably the most dangerous heist of personal information and fingerprint data consisting of 21 million people in that database. 

One of these scams I have experience myself is by getting a phone call from the Windows Company offering me an important free update for my computer.  I just needed to login to a specific website so I could provide the company with proper information about myself and then let them access my computer to add the updates.  Very generous, but no thanks.

These threats come from many different directions and combinations of approaches. The thieves are cunning and patient.  Unlike the con men of the 20th century, these thieves can be 5,000 miles away sitting by a pool with a laptop drinking a latte, while stealing thousands of dollars. Don’t make it easy for them.

Another way business can keep themselves protected is taking advantage of cloud services. Check out our video on how the Ease Cloud Workspace can make a difference for you.

Comments (0)

How to Spot Phishing Attacks

One of the main tools in a hacker's toolbox is the phishing attack. Hackers use these large-scale attacks to steal personal information from as many people as possible.

Hackers using phishing are digital con artists. With hidden malware and a convincing pretense, they con people into handing over their personal information. They then use this information for a variety of cybercrimes.

Examples of Phishing Attacks
You do not have to look hard to find examples of phishing attacks. In March 2015, a major phishing attack targeting Bank of America customers came to light. As part of the attack, hackers directed unsuspecting users to a fake Bank of America website. The website told them that they had to reactivate their accounts. It then directed them to a web page containing a reactivation form. This form asked them to hand over many personal details, including their names, birthdates, email addresses, online account IDs, passwords, and Social Security numbers.

A more high-profile case occurred in February 2015. After U.S. health insurer Anthem Inc. revealed it had a data breach, the company announced it would be contacting customers to offer them free credit monitoring. Hackers took this opportunity to launch a phishing campaign by sending out an email message that claimed to be from Anthem. The message invited the recipients to sign up for free credit monitoring by clicking a link. This link was part of a plan to steal their personal information.

Researchers note that there are significantly more phishing incidents during the winter holiday season, as more customers turn to online shopping. Hackers typically disguise their fraudulent email messages as ones from major retailers. For example, the email service provider AppRiver noted that in November 2014 it quarantined hundreds of thousands of malicious email messages that claimed to be from Amazon.

How to Spot Phishing Attacks
Phishing attacks have several key characteristics. First and foremost, they use email or text messages that appear to be from large, well-known organizations. Hackers will often make their messages look like an email from a bank or financial institution. Emails that look like they are from universities or major online organizations such as PayPal or eBay are also common. Hackers will send these fraudulent messages to thousands of people.

These messages usually have malware-ridden attachments. When people download them, the malware infects their computers. Another tactic is to include a link to a website controlled by the hacker. The hacker then uses the website to spread malware or steal information. Hackers use stolen information to steal identities or break into their victims' online accounts.

Fake email messages often have spelling and grammatical errors. They also frequently include an indirect threat. For instance, a message might state that if you do not reactivate your account, it will be terminated. By using scare tactics, hackers can more effectively con people into clicking a link or downloading a file.

How to Defend against Phishing Attacks
Educating your staff about phishing is a critical way to counter these attacks. In particular, employees should learn how to recognize a fraudulent email message. Besides watching for spelling and grammatical errors, employees should pay close attention to the sender's email address.

Hackers frequently use email addresses that look like the addresses of legitimate organizations. As an example, a hacker might send out an email message using the address instead of the real address. Deceptive email addresses increase the chance of someone falling for the scam.

Your employees should also check the authenticity of links in their email messages. If employees are in doubt about a link, they can hover their mouse cursor over it to see the address of the website that it will actually go to. If the website address seems suspicious, the link is likely part of a phishing campaign. Employees can perform an online search to see if the website is associated with any cybercriminals.

Another red flag that employees need to watch for is requests for personal or financial information. Banks and other legitimate organizations will never ask their customers for this type of information in an email. As a result, any email message that asks for it should be considered malicious. Furthermore, organizations will not threaten their customers in a heavy-handed way. If an email message is written in a tone of extreme urgency and includes threats like immediate account deactivation, it is probably a phishing attempt.

Keep Your Data Safe
Thwarting phishing attacks is important if you want to keep your company's data safe. But there are many other types of online attacks, so you need to develop a strong cybersecurity strategy. Experienced experts can help you come up with the best way for you to keep your data safe from digital threats.  Contact Ease Technologies today and learn how you can improve your businesses security. 

Comments (0)

Cloud Computing Made Easy With the Ease Cloud Workspace

The Ease Cloud Workspace™ is your virtual office wherever you go. The customized work environment allows you to use of your business applications and data with secure access from anywhere, from any device, via any internet or private connection.  You can run and scale your business quickly and securely from anywhere. 

Work From Anywhere
The Ease Cloud Workspace gives users secure, high-performance access to applications and data from any internet-connected device. Enhance productivity by allowing employees to work from home or on the road. A simple logon from your computer, laptop or tablet device gives you quick and easy access your desktop. 

Reduce IT Costs
Significantly reduce operational costs and cut capital expenditures by eliminating on-site servers, software, and maintenance.  The Ease Cloud Workspace can also extend the life of your current workstation investments and removes server costs. 

Eliminate Complex Security Challenges
Information security is imperative. The Ease Cloud Workspace platform addresses complex data privacy and other security requirements so you can focus on building your business.  Your virtual desktop is a secure encrypted session that protects all your sensitive data.

To find out if your business is a good candidate for the cloud take this independent test from Clarity Channel Advisors.

Comments (0)
Our Newsletter

Upcoming Events
Calendar Icon

Upcoming Events

Wounded Warrior iPad Training
12/17/2015 12:00 PM - 1:00 PM

Keeping Your Business Secure Online [Webinar]
1/14/2016 12:00 PM - 1:00 PM

Blog Archive

Archive by Years