Chances are that you have heard about the factors of making a strong password, like how the longer it is the better and how the use of upper-case and lower-case letters, numbers, and symbols protects you against brute force attacks. But what if I told you there was a way to make an account protected by “drowssap” or “qwerty” exponentially safer than an account protected by more complex passwords like “Th15_1$_@_P@55w0rd”? Multi-factor authentication (MFA) to the rescue! Also known as two-factor or two-step authentication, this is one of the more secure (and quite easy to implement) methods of securing your accounts. MFA can be considered a few different things. The most common form is an algorithm that generates random temporary passwords that must be entered in addition to your standard password. It could also be push notifications from third party apps that manage these MFA communications like Duo Security. This is nice because out devices all have the capability to be only unlocked through certain means like facial recognition, voice recognition, fingerprint scanners, pin numbers, or even retinal scans. What that means for you is even if your first password is compromised you have a second method of identity verification protecting your account. We here at Lighthouse IT Solutions care about your cyber security; our series of posts and webinars espousing its benefits probably convey that just fine.
We hope that you didn't forget about National Cybersecurity Awareness Month! We wanted to discuss some elements of cybersecurity that you may not be familiar with. Cybersecurity is a lot more than just dealing with viruses and not clicking on spam emails. The true definition is "the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this." This means that anything you do to help protect against getting your data stolen can be considered cybersecurity. So let's go through some of the methods often overlooked and skipped.
Firstly, it is important to make sure that all devices on your network have adequate protection, especially the ones you don’t normally think about. And if your computer is mobile, it is a good idea to make sure that device is encrypted and has a strong password on it. Encrypting devices that will be leaving work often, like company laptops, will help ensure company data isn't access when something is lost or stolen. Keep everything that is connected to the internet and your network in mind.Learn more about this in our "How secure is your network?" post.
October is National Cybersecurity Awareness Month (NCSAM)!
Now is the perfect time to talk about being safe online!
One of the most important things to remember for cyber security is that everyone needs to be active in it. It only takes one person clicking a sketchy download from a phishing email to compromise an entire network. Knowing how to be safe online does not require you to learn a load of technical jargon. You simply need an idea of what actions could be detrimental and be able to keep an awareness for anything that seems fishy. This can keep you much safer.
There are lots of actions you can take to increase your safety such as:
- Checking that your system is running up-to-date security programs and read up on what scams and exploits people are using.
- Making sure you have an enterprise-grade firewall protecting your business.
- Backing-up all of your data so that you are ready for the worst.
- Implementing user-based security and permissions to minimize human errors.
- Getting a password and document manager to ensure password security.
- You could even enlist the services of a certified ethical hacker to test your system’s security and inform you of any vulnerabilities they find.
One of the most frightening and infuriating types of malware out there is known as ransomware. What ransomware does is lock or encrypt the data on a device in order to make it inaccessible and then, as per the name, holds the data for ransom. Being threatened to pay someone in order to access your own data is absurd. This is an unfortunate reality some come to face though. If you end up being one of the unlucky ones who find themselves in that situation, there are a couple of things you can do.
Reports indicate that the ransomware strain has spread to 150 countries, impacting 10,000 organizations, 200,000 individuals 7 and 400,000 machines. Source: Barkly, “WannaCry Ransomware Statistics: The Numbers Behind the Outbreak,” May 2017.
The Possible Attack
You are often limited in terms of your possible responses to a ransomware attack by what actions you took before the attack happened, however one thing everyone can and should do is do not pay the ransom. One of the best ways to discourage hackers from using ransomware is to decrease the returns they get from it. In addition, just because you paid the ransom does not mean you will get access to your data back, it is possible (and likely) that the hacker will take one payment as an opportunity to charge you more with no plan to stop.