No matter how much people hear “data safety,” they still can get sloppy about their cybersecurity. One of the reasons is that there are so many constant reminders that the warnings just become that much more background noise. Today, let’s do a quick review of the one you hear most about ( and most likely to forget about) Passwords.

Passwords

As annoying as they are (and who doesn’t doest curse them sometimes) passwords are a basic and necessary evil to protect access to your data. One of the root innovations that helps sidestep the tedium of entering ( and remembering ) passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren’t readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices (also known as “ good password hygiene’’)?

Maintaining password best practices

Simple passwords, with nothing but regular vocabulary words (even in other languages) are easily cracked. Most sites generally require mixed case, alphanumeric and a symbol or two for it to be an approved password. Here are a few things to remember.

• Avoid using the same password across multiple sites or devices.
• Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be
• Don’t send passwords ( or any critical personal data, for that matter) via text or email.
• Don’t save them on a device in an unencrypted file
• Remember to change them periodically
• Be sure that access to files is removed immediately when an employee leaves an organization or no longer has need to access particular programs, data or machines

Multi-factor authentication

Related to the password method of maintaining data security, multi-factor authentication is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. Your ATM is an example of MFA. Just a password isn’t enough at the ATM–you have to have your ATM card also. Most of us know MFA through the request to enter a one time code that is sent to us, on a different platform, after we enter our usual password. Again the idea here is that even if a password is stolen, a second form of identification is required to ensure the correct person is gaining access. NOTE: A common form of MFA is to send a text message to your phone. Be aware that if you leave the country and don’t buy a text package for your phone, you may not be able to access some sites that use this form of MFA.

In short, we hear most about password safety, but because it can be such a pain to change them, we open ourselves and our business to data vulnerability. Contact Reliable Networks for ideas to improve your data security.

Open sesame! Life is not a fairy tale…your passwords need to be stronger than that

You will agree that having passwords to access your IT devices, networks and data is the first step to securing your business data. However, having passwords is not enough. The passwords have to be strong and difficult to detect or hack into. A lot of ‘smart’ devices today such as phones, tablets and laptops come with facial recognition and fingerprint sensors that can be used in lieu of passwords. But what happens when you don’t have biometric security measures? You need to ensure that your passwords are strong and also maintain good password hygiene.

Maintaining good password hygiene involves-

• Not having passwords that are too simple or easy to crack. Ideally, a password should be at least 12 characters long, mixed case, alphanumeric and include symbols.
• Not using the same password across different sites, programs or systems. For example, having the same password for your email and laptop is a strict no-no
• Not sharing passwords with coworkers and never sharing passwords via emails or text
• Storing passwords safely and securely, and not on a piece of paper or email or in a file on the computer without encryption
• Changing passwords and revoking access after someone quits the organization or in case they wanted temporary access, then not changing the password or revoking access after their work is completed

Multi Factor authentication: Fortifying your data even further

Multi-factor authentication involves putting up multiple barriers to data access for better data security. The idea is to have another layer of security to protect your data. The first layer is usually something simple like passwords, security questions to answer, PIN numbers, etc. The second layer could be OTP, also known as, One-time-passwords, that are sent to an alternate email ID or phone number, security tokens or access cards that can be scanned and the third data security mechanism could be something personal such as fingerprint or retina scan. Having multiple security layers makes it more difficult for cybercriminals to hack into your system and access your data.

Cybersecurity is a lot of work, but you can’t afford to ignore it. The price you may have to pay if you or business becomes a target of a cybercriminal is too high to take cybersecurity lightly. Download our whitepaper, Cybersecurity basics you can’t ignore, to learn how you can safeguard your business, big or small, from cybercrime.

Fix that lock…and get a spare key! Software updates, security patches and data backups

If the lock to your home’s main door breaks, do you fix it or just let it be? My guess is, you would get a locksmith to fix it for you at the earliest. And, what do you do if you lose the key? Use the spare key, if you have one, to get into your home, right? The situation is kind of similar when it comes to security patches and updates for your software programs. Credible software manufacturers make sure the software programs they develop offer an acceptable level of data security. However, no software is perfect and knowing this well, cybercriminals constantly work to find vulnerabilities in popular software programs that they can exploit to gain access to your data. Security patches and software updates work to prevent this by fixing or patching the vulnerabilities.

So, you need to take the time to make sure that all of your software applications, including operating systems, and browsers are up-to-date. While it makes sense to start with the software programs you are using at work, do not forget your smartphone. It is important not to leave out your smartphone applications and mobile devices as well, because cybercriminals can find a way to invade your network and data from your smartphone. For example, you have your work email configured on your phone. Hacking into your phone can give them access to your work email and consequently to work data. Make sure all of your software programs, whether on computers or on mobile devices such as smartphones and tablets, are patched, updated and secured.

But what happens, if your cybersecurity mechanisms are breached despite your best efforts to secure them? This is where backups enter into the picture. Backups are like your spare key. They come in extremely handy, especially in the case of ransomware attacks. Ransomware attacks are where cybercriminals gain control of your network or data and lock you out of your own system preventing you from accessing crucial business data. Sometimes your data is encrypted, which means it won’t be legible. They then demand a ransom to unlock or decrypt your data. Unless you pay up, you won’t have access to your data or your data won’t make any sense to you as it is encrypted. Having up-to-date, quality backups ensures you don’t have to worry about losing access to your data or paying up the ransom, as you would have a most recent copy of your business data readily accessible. You can make backups on external hard disks, servers located at a place different from your place of business or even on the cloud (think Google Drive or One Drive or cloud servers).

Also, make sure you have clean and up-to-date backups. Just routine backups may not be enough to protect you. Contact an MSP to design workable backup procedures that don’t include copies of the ransomware.