What you need to know about the “WannaCry” Attack

On Friday, we learned that hackers had exploited malicious software stolen from the National Security Agency (NSA) and held many organizations’ data ransom. As of this morning, it is estimated that this cyberattack was felt by approximately 200,000 organizations in 150 countries including Britain’s hospital network, Germany’s national railway, “computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others… Russia’s Interior Ministry and companies including Spain’s Telefonica and FedEx Corp. in the U.S.”1

While the exact scope of the damage is not fully known, it does appear to be the largest cyberattack on record. These cybercriminals demanded $300 in the beginning and later increased it to $600 before destroying the files hours after that.1 While the ransom amount won’t necessarily bankrupt a company, it is also no guarantee that a company will have its data returned or unlocked, which can have more dire consequences.

There are several steps you can take to avoid becoming the next victim:

  • Immediately update both desktop and Windows systems with the Microsoft patch MS17-010.
  • Do not open links sent from unknown sources. If you need to open a link, scan it for malware first.
  • Backup your files. It is always a wise decision to regularly backup your files to ensure your business can continue to function.
  • Keep your systems up-to-date. It is vital to check for updates on your machines to catch any vulnerabilities and perform patch updates.
  • Educate your users. They are the first line of defense against an attack so it is imperative that they are able to identify potential phishing scams and fraudulent emails.

These are but a few of the “Best Practices” that can be employed to safeguard your data and business. If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

  1. Associated Press. “Monday morning blues as ‘WannaCry’ hits at workweek’s start.” May 2017.
  2. New York Times “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool.” May 2017.

What Can we Learn from the Netflix Leak?

Netflix was in the news recently for a mishap with its production company. A cybercriminal that goes by the name “thedarkoverlord” was able to breach postproduction company Larson Studios, and has claimed to have “stolen unreleased content from ABC, Fox, National Geographic and IFC.”1 After Netflix refused to pay the ransom, the cybercriminals released the first 10 episodes of Season 5 of “Orange Is The New Black” on Friday, April 28th via Twitter. When they did not receive the desired response (payment), the released the remaining nine episodes of the season the following day.1

This is the latest high-profile breach in the past year (LinkedIn, Twitter, IRS just to name a few). According to a report published by Verizon, ransomware attacks have “increased in the past five years and were up 50 percent in 2016 compared with 2015…”1

This breach is a reminder to stay vigilant and maintain your safeguards. Here are some tips on how to avoid finding yourself in this type of predicament:

  1. Create a Firewall. While most operating systems come with their own firewalls, they are typically only designed to protect one machine. To protect yourself from attacks and malware, it is best to invest in a network firewall.
  2. Encrypt Your Data. A firewall is considered the first line of defense, encrypting your data provides that extra layer of security. You do not want them to be able to through the firewall and have easy access to your proprietary information.
  3. Have Policies in Place. You can have all the devices and systems in place, but if your employees are not well-versed in their roles of protecting the data, all your effort will be for not. Instead, make sure employees know how to treat the data and the steps they need to take to avoid any potential issues. One of the core policies that should be implemented is a password policy. Employees should be prompted to change their password a minimum of every 90 days (less depending upon your industry). Passwords should be complex and include numbers, letters, and symbols.
  4. Have a regular review of your infrastructure. You go to the doctor for regular checkups, you should do the same for your company’s infrastructure. It can often be difficult to do on your own as you may not have all the knowledge and expertise or the bandwidth to conduct a proper evaluation. Do not be afraid to ask an MSP, such as Bryley, to conduct a network assessment and evaluate your infrastructure. They have expertise and breadth of knowledge that will prove valuable and can highlight what you are doing well and areas where you can improve.

If you would like to improve your cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

 

1 Perlroth, Nicole and Matthew Haag. Hacker Leaks Episodes From Netflix Show and Threatens Other Networks. 29 April 2017.
http://www.cbsnews.com/news/irs-identity-theft-online-hackers-social-security-number-get-transcript/
http://www.cnbc.com/2017/03/15/turkey-twitter-accounts-hacked-germany-netherlands-nazis-forbes.html
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

Beware!! Google Docs Phishing Scam

If you recently received an email asking you to open a Google Docs, and you don’t know the sender, don’t open it! Chances are, this is a phishing email designed to have you click on a link and gain access to your information.

The email looks similar to a true Google invitation, but there are key differences.

The bogus email does not provide the name of the shared document and lacks the Google Docs icon.

The real email includes the name of the document, with the Google Docs icon .

Google is aware of this issue and issued a statement Wednesday saying, “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup

5 Steps to Avoid Ransomware

Coffee in hand, you’re preparing to read through your new emails as you start your day. You anticipate a productive day today. Yesterday you stayed 3 hours late to complete your big presentation, 2 days ahead of schedule, and you’re basking in the glow of the satisfaction of a difficult job well done and being ready early. How often does that happen?

You have Outlook open and are starting to review the newest emails when all of a sudden, a window pops up with bold text:

!!! IMPORTANT INFORMATION !!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.

Huh?!?! What does this mean?

It means your day has taken a turn for the worse… You have just been notified that the Locky Ransomware has just completed its work on your system by encrypting all of your files (rendering them useless) and is now demanding payment from you to get your files back. Depending on the sophistication of the Locky variant, it will ask you for anything between 1-15 Bitcoins (Bitcoins are trading for $1,205.00 at this time). This may depend on what it perceives the value of the stolen files to be. Server infections typically demand larger sums. Instructions are included on how to make payment with the guarantee that if payment is made, you will receive a key to unlock your precious files.

What can you do? Your mind is racing. How can this happen?!?! Your heart rate is increasing rapidly! Put down that coffee… take a few deep breaths. This represents anything from an irritating interruption to a disaster of epic proportions. What you have done up to this point will determine the impact of this event.

If you have good backups, this represents a minor inconvenience. If you don’t have backups at all … you will have to decide if you’re going to count your losses and move forward or consider paying the Ransom. After all, there is honor among thieves … or is there???

How can you avoid being in this situation?

There are several things that can be done before you are in this situation to “reduce your surface of vulnerability” and to recover without great loss.

    1. Backup your data.
      Good backups cure many woes. You may not use your backups for months or even years, but when the need arises, you want to be sure you can recover to a point where you can feel whole again.
    2. Purchase Advanced AntiVirus and AntiMalware and keep it up to date.
      Many of todays Advanced AntiVirus/AntiMalware programs will monitor your system for behavior that looks like ransomware at work and shut it down before it gets too far. Some will not.
    3. Do not open attachments or click on links in the email from unknown sources.
      If you need to open attachments, scan them for malware first. Many people are fooled by Human Engineered emails that “look” legitimate but have attachments or links that are masked in some clever way.
    4. Limit user access to data they need.
      Although this doesn’t help with avoidance, it will certainly help to minimize the impact if it happens. If everyone has access to everything, that means if one person becomes infected, they have the capability to cause encryption of ALL data they can see.
    5. Train your staff on proper Business Security Best Practices and to be aware and vigilant. If your data is important to your business, it needs to be handled as such.

 

 

 

There are other “Best Practices” that can be employed to safeguard your data and business. Take a proactive approach and avoid the reactive. In the long run, the reactive approach will cost much more in time, money, and grief. Give Bryley Systems a call (844.449.8770) to discuss what you can do to improve your overall security, efficiency, and cost … and enjoy that coffee!

Data Theft – What Happens When an Employee Leaves your Company?

Let’s start with the premise that company data belongs to the company, not to the employee.

When an employee leaves a company, whether voluntarily or involuntarily, it is quite common for sensitive and confidential data to disappear.

While most employees will leave their jobs voluntarily, there are always involuntary terminations such as a reduction in workforce, or, a termination based upon poor performance reviews. The problem from a security standpoint is that it is very common for these folks to take sensitive and confidential data with them, perhaps accidentally, but perhaps intentionally.

Just stop for a moment to consider all of the data that your employees have access to: various types of intellectual property, price lists, customer and key account information, financial data, sensitive HR material, marketing plans, sales data, competitive intelligence, product and manufacturing plans, databases, software programs. All of which belong to the employer.

As a business owner, you may be asking yourself why people would take data with them.

Accidental. In a world filled with so many devices, cloud storage, mobile apps, and cloud applications, a departing employee may leave with a lot of corporate data and not even remember or realize that they still have it in their possession. Since so many employees work from home, corporate data will often end up on a personal laptop, desktop, USB stick, phone, or in a shared file.

Entitlement. An employee who has worked on key client relationships or perhaps is leaving an organization that is struggling financially, won’t always feel like the data belongs to the organization. In fact, these people may think that they’re justified in taking the data with them, and that it really belongs to them. This issue is most common and kept common by the mere fact that corporate data protection policies aren’t always strictly enforced, especially in smaller organizations.

Malicious Intent. Some employees may be angry because of a layoff or other involuntary termination. Others may not have gained a promotion they felt they deserved. Some may have a personal dispute with upper management or with their supervisor. Then there are those who feel they will have a lot to gain by bringing this information to their next employer. While this may be less common, it will likely prove to be the most destructive scenario.

What are the consequences of an employee leaving with proprietary information? Whether it’s by mistake, or maliciously, the worst case scenario is that it has the potential to put an organization out of business.

The best way to protect your organization is to be proactive by establishing and enforcing a set of best practices.

  • Organizations must maintain complete, ongoing visibility into sensitive data wherever such data is stored.
  • All sensitive and confidential data should be encrypted.
  • Email should be archived.
  • Require appropriate authentication for sensitive data. Creating policies that will alert or require approval will keep data safe.
  • Limit and manage employee access by department, role, and function. Limit access only to content that is needed to get the job done. For example, an IT person does not need unlimited access to HR files, nor does a financial person necessarily need complete access to the CRM system.
  • Ensure a proper backup and recovery policy. All data should be backed up to a central or accessible location. A recovery plan should be in place should an employee maliciously change or delete data.
  • Develop a policy for the proper use of email and company-owned devices. Employees should be trained on these policies and asked to sign an acknowledgement form.
  • Train management properly so that when an employee leaves, the exit process is handled professionally to prevent both inadvertent and malicious loss of data.
  • Do not allow employees to install their own applications, mobile apps, etc. as this will open up the organization to malware and ransomware. The IT department should always handle the installation of applications.
  • Develop a policy around BYOD (Bring Your Own Device) to ensure that personal devices are properly secured.

You can protect your organization to minimize, if not eliminate, the threat of sensitive and confidential information theft. Create corporate policies focused on appropriate employee management of data. Establish processes designed to control employee use of data. Deploy technology solutions that will keep corporate data safe.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

Have You Ever Used a Public Cell Phone Charging Station? If so, read on…

Beware!

Free charging stations are located in many public places such as bus stations, airports, cafes, hotels and conference centers. If you travel frequently, it is very convenient to give your cell phone battery power a quick boost. But connecting to an unknown port has its risks.

A technique used by hackers called “video jacking” is when a USB cord is rigged to capture the smartphone’s video display and record everything that appears on the screen.

Plugging your phone into a hacked power strip or charger can open your device to infection and compromise all of your data. Once a port is compromised, there is no limit to what a hacker can steal. Your email, photos, videos, contact information, text messages, bank passwords and PIN numbers will all be vulnerable.

Hackers can find all the tools they need online, and for just a couple of hundred dollars. They will use their custom electronics hidden in a faux USB charging station. The person who is using the charging station believes it’s authentic, and will connect their phone to the correct charging cord. Then, while the phone is connected, the “charging station” mirrors your screen and records everything that you can see on your screen. And then, in a matter of minutes, the damage is done. If you have an Android or any HDMI ready smartphone, you are vulnerable. If you have an iPhone, you’re not safe either.

So, the best advice for those of you who cannot live without your phone?

Security experts advise never to use public outlets — instead, invest in a portable USB battery pack. You can also buy USB cords that don’t have wires to transmit data, thereby preventing a hacker from accessing your phone’s information.

Be prepared. The risk just simply isn’t worth it.

Securing your tablet and smartphone

Think for a moment about how much of your life is on a tablet or smartphone. Personal information such as texts, emails, apps, photos, passwords, financial information, as well as work related information.

As time and technology move forward, tablets and smartphones become an item we cannot seem to live without. These devices have become a necessity in the workplace, especially for those people who travel frequently – you can even translate signage abroad or do videoconferencing. They’re convenient, easier to carry, have built-in cameras, thousands of handy apps, and even offer GPS technology. There’s no doubting the convenience these devices offer – but, here are a few things to be aware of whether you use these devices for personal use, work, or both.

Now, with all this great technology comes the risk should your device(s) be stolen or lost. Losing your smartphone can be very stressful, and costly. With this in mind, there are some relatively easy steps you should take to secure your devices so that the door is not left wide open for a hacker or thief to steal your valuable information.

  1. Set a passcode/password. A passcode is a basic multi-digit code. Without a passcode, anyone who has your device in hand can access everything. Many of the newer devices also offer an option to use a longer alphanumeric password. Immediately after you have set your passcode or password, you should turn on the auto-lock function and set it to as short a time frame as possible. Usually 2 – 5 minutes is recommended. It will save a little bit of battery life, and by shortening the window, it’s much less likely that someone will stumble upon it while it’s still powered on.
  2. Be App-Savvy. Installing apps from Amazon Appstore, Microsoft’s Windows Store, Apple iTunes, or Google Play is much safer. Bad Apps can be loaded with Malware which can infect your device and steal your information. Be leery of third party app stores as they often host malicious apps, and are usually disguised as more “popular” real apps.
  3. Read the app permissions instead of blindly accepting the terms and conditions. Is there a reason a game wants access to your camera, microphone, and contacts?
  4. Update the Software. Updates to your mobile OS and any apps on your tablet or smartphone often include security fixes and should be downloaded as soon as they are available.
  5. Beware of Public Wi-Fi. Always use caution when browsing the Web on a public Wi-Fi. Since your traffic is public, it can be captured.
  6. Don’t be Gullible. Immediately delete suspicious text messages from people you don’t know, don’t click on any embedded web links or call any unknown phone numbers. Scammers and spammers are increasingly targeting smartphone users, be it through text messages, emails or even phone calls pretending to be someone they’re not. This could lead to them locking your device and extorting money from you to unlock it (“ransomware”).
  7. Enable Remote Location and Wiping. Preventing someone else from gathering your sensitive data is the most important task you have. One piece of good news is that the percentage of smartphone theft has decreased over the past few years thanks to the increased number of “kill switches” that make it harder to wipe and resell them. If your device is lost or stolen, tracking apps can tell you the location of your device. These types of apps can also let you wipe your sensitive or business data remotely. A remote wipe is similar to a factory reset; it erases all the data on a smartphone or tablet.
  8. Consider Antivirus. For those of you who are Android users, it’s highly recommended to protect your mobile data with security software. Not only do these apps protect your device from viruses and other malware, but it will lock down your privacy settings, scan apps and files for threats, and some solutions can snap a photo of someone attempting to log into your stolen phone via the front-facing camera, and send the image to you.
  9. Data Backups. Backing up data on your smartphone or tablet is relatively simple and it is something that should be done in the event the device is stolen, lost, or simply stops working. By using automatic online backups stored in the cloud or backing up data by syncing your device to your PC or office network are good options to help secure your device.

Regardless of which smartphone you use, it’s critical to prevent your personal (and professional) information from falling into the wrong hands. Even if your device isn’t lost or stolen, your data could still be accessible by a remote thief if not properly protected. No system or protective measure is completely foolproof, but the steps outlined above will make your device much safer.

Meet Your “Typical” Hacker – Know Thine Enemy

Imagine sitting in your chair watching TV after a long day in the office, you look up and there’s a stranger rummaging through your refrigerator… a little disconcerting at best! You would likely stand up and ask: “Who are you and how did you get into my house?” You would likely call the Police. This is very serious. When someone invades your home you are angry, scared, and possibly indignant.

The scenario described above can happen with your computer and network without you even knowing someone is there. Who are these people and what are they doing on your computer and network?

There are different tiers of hackers who might invade your home or business computers and network without your knowledge or consent. Who are they are they? Let’s have a look.

There is not a single “typical” type of hacker, but rather 4 types or variants of hackers who might invade your computer and your network at home or work:

  • Kiddie Hacker
  • Corporate Hacker
  • Military Hacker
  • Criminal Hacker

Their motives and methods vary but often result in similar consequences:

  • Stolen personal or confidential information
  • Disruption of the operation of your computer or network
  • Kidnapping your files and folders for ransom

Kiddie Hackers

The name sounds innocent, but the problems caused by these hackers can be debilitating or at the very least, time consuming and disruptive. This type of hacker can be the kids next door who are bored of playing video games and are just curious as to how far they can go if they attempt to walk into your computing environment. It can be your nosey neighbors who have familiarity with computers to the extent that they look for the easily available tools to penetrate your defenses (if you have them). These hackers look for the local Wireless Networks that neglected to impose security and show up as unprotected. Some go even further in their determination to invade and the results are the same. See Bryley’s IT Security Checklist for more information on how to protect your home and organization.

Corporate Hackers

These hackers are motivated and capable. They want to get information about your company or disrupt your business operations. They are usually professional IT people who have clear motives and directives. These hackers are concerned about being caught and in most cases take extreme measures to hide their activities.

Military Hackers

These are the patriots of their respective nations who are on the job 24×7 targeting other countries to find and potentially expose government intelligence and the vulnerabilities of their targets. Although they target national agencies, they will, in the process, uncover many unsuspecting individual users who might lead them to their objectives, so they are very opportunistic and aggressive. They have the tools, the time, and the determination to break into anything or anywhere they can to find their openings. This activity is common to around the world and includes players such as: US Military/Government, UK, France, Germany, Russia, China, Japan and many others. These hackers are also concerned about being caught and in most cases take extreme measures to hide their activities as well.

Criminal Hackers

DANGER. These are the truly bad guys. There are many organized criminal groups around the world who engage in hacking for profit. They are remorseless, determined, and capable. They enlist operatives who want to make a quick dollar, provide them with the tools of the trade, and take a percentage for making them capable of performing their work. This group is growing rapidly as is evidenced in the sharp rise of Ransomware and DDoS (Distributed Denial of Service) Attacks. These people are performing many of the tactics that the Military Hackers employ. They just recently stole tools used by one of our national security agencies to infiltrate computers and networks and have made them available for sale on the Internet. These are the guys who send you that email with the attachment that when opened, will encrypt every file it can find on your computer or network, and then demand payment for allowing you to regain access to your files. These are the guys who initiated the DDoS attack recently that disabled the credit card verification ability of much of the country. There is one organization suspected of being capable of targeting a victim with up to 100Gb of Internet traffic, which can completely disable the Internet access for the victim. These are the guys who seed the Internet with their specifically designed software that makes innocent users’ computers part of a BOTNET for the distribution of SPAM or a component in a DDoS attack. These are the guys who likely invaded the DNC computers this past election.

The conclusion you can reach here is that the bad guys are out there working 24×7 to invade your computer or network for a variety of reasons. You must be aware that the danger exists from a variety of sources and if you don’t exercise due diligence, they will gladly give you the motivation to do so after you’ve been violated. Unfortunately, it’s not a matter of whether you will experience an attack; it’s a matter of when. No one is completely immune, but you can protect yourself to minimize your surface of vulnerability. In most cases, these hackers want the low lying fruit. If there is a barking dog at the door when they knock, they will likely be motivated to check the house next door.

Ask Bryley how you can reduce your surface of vulnerability in your business. It can mean the difference between an inconvenient disruption and an unmitigated disaster. Call us at 844.449.8770 or email us at ITExperts@bryley.com. We look forward to hearing from you.

Why Is Data Loss So Serious?

Data Loss Can Completely Cripple Business Operations. In the event of extreme data loss such as the loss of an entire database, even temporarily, it is not uncommon for the impacted business processes to fail at multiple levels. The organization may be rendered helpless, unable to fulfill orders and struggling to update employee records. Producing financial reports and providing customer services may also be impossible.

This occurs because technology is the backbone of most business operations and most of these operations are connected through a central IT system. Therefore, any disruption to the IT system can affect other business areas such as phone systems and manufacturing processes. As a result, employees may be idled for prolonged periods of time while the lost data is being recovered. Productivity will suffer.

The Impact of Data Loss on Sales. Organizations can suffer significant harm when data loss makes it impossible to interact with customers, often resulting in lost sales. Since email is the primary channel of communication between organizations and their customers, if your email system were to go down, how difficult would it be for you to conduct business as usual? Any disruption in your communication with leads, prospects, or clients can translate into lost business. For instance, should you fail to submit a proposal or bid on time, the result would potentially be a major loss of projected revenue.

The same applies when a data breach is directed at a call center or CRM provider. This is particularly true for small businesses that rely on independent call centers for customer support assistance and Customer Relationship Management (CRM) providers for managing customer relationships. In a worst-case scenario, the harm resulting from an attack on either of these two might be enough to force a small organization into bankruptcy.

Data Loss Resulting from Theft. Data loss can also take the form of data theft where a hacker breaks into a computer or network and steals critical private business information. Business plans, product designs, and a variety of other mission-critical information can disappear. The economic impact of information theft is difficult to measure because the extent of the harm caused may only manifest itself over a long period of time.

Data theft often results in lawsuits, breaches of contracts, regulatory compliance failures, and loss of business.

Lawsuits and hefty fines typically go hand-in-hand when a company experiences data theft. As an example, if personal information such as names, addresses and financial account numbers are accessed by hackers, then organizations may find themselves embroiled in lengthy legal court battles.

Data thefts can also result in contract breaches and a variety of fines and lawsuits. Shareholders, for example, can sue an organization for failure to perform duties outlined in a contract. Customers can sue companies for direct and collateral damages resulting from a data theft that caused an order to be delayed or lost.

Regulatory Compliance Failures. In 2007, the State of Massachusetts Legislature passed 201 CMR 17.00, a comprehensive set of regulations addressing data breaches. Under these laws are a set of regulations that affect any business that collects and retains personal information of its customers. For the purpose of these regulations, “personal information” includes names, social security numbers, driver’s license numbers or financial account numbers, including credit or debit card numbers.

The regulations took effect January 1, 2010, and mandate that personal information – a combination of a name along with a Social Security number, bank account number, or credit card number – be encrypted when stored on portable devices, or transmitted wirelessly or on public networks. Additionally, the regulations call on organizations to utilize up-to-date firewall protection that creates an electronic gatekeeper between the data and the outside world and only permits authorized users to access or transmit data, according to preset rules.

Loss of business isn’t uncommon after data loss incidents especially if the loss was a result of a preventable event such as a security breach. Customers may feel that the company didn’t take adequate measures to safeguard their information and may therefore choose to discontinue doing business with the organization for fear of a similar event recurring in the future.

Data loss or theft can strike any organization. The wise choice is to be proactive by deploying an up-to-date and secure data backup system.

The main takeaway from these costly consequences of data loss is that businesses bear a huge responsibility for protecting the data they own. Failure to do so means facing serious operational and legal ramifications.

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

Do’s and Don’ts of Password Security

We can’t say enough about the importance of passwords for your security

Strong passwords are the frontline against cyberattacks.

Passwords are the primary gatekeeper to secure your data, so it’s imperative to ensure it they’re as strong as possible. We have compiled a list of DOs and DO NOTs to help you create secure passwords.

DO create a complicated password. While passwords such as “123456” and “password” are easy to remember, they are also easy to hack. It is best to create a password that has at least 8 characters and uses a combination of upper and lowercase letters, numbers, and special characters. This makes it harder for hackers to gain access to your accounts. One way to accomplish this is to take a sentence and convert it into an acronym, using numbers to replace words such as “to” or letters (3 or $ for “s”, 1 for “I”, @ for “a”, etc.). For example, take the sentence “my favorite activity to do is swim” and convert it to “mF8a2di$!”

DO NOT keep written passwords within reach. There’s no point in creating a secure password if you are going to have the password in plain view. That’s akin to locking the deadbolt on the house, but having all the windows open! If you would like a written reminder of your passwords, keep it in a secure place (a locked cabinet or car glovebox are good examples). You may also consider a Password Manager Service.

DO change your password regularly. Even the most complicated password can be compromised given enough time. It is recommended that passwords be changed every 90 days (or sooner depending upon the importance of data that they safeguard). When you change your password, do not reuse an old password. Instead, create a new one for better protection.

DO NOT use the same password for multiple accounts. While this may be easier for you to remember, it also makes it easier for cybercriminals to gain access to all of your information!

DO use two-factor authentication. Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different components, generally something you know with something you have. A good example in everyday life is the withdrawal of money from a cash machine. Only the correct combination of a PIN (something you know) with a bank card (something you have) allows the transaction to be carried out.

This provides another layer of protection and significantly reduces the risk of a hack. That being said, it’s imperative that you update your personal information when something, such as your phone number or email address, changes.

For more information on password protection and security, connect with Bryley’s cybersecurity experts by calling us at 844.449.8770 or emailing us at ITExperts@Bryley.com.