alt tag

Posts Tagged ‘hacking’


5 Commonly Overlooked Workplace IT Disasters

Wednesday, February 28th, 2018

Because IT staff get so invested in making sure software, networking and security elements are working, they sometimes overlook the human, environmental and contingency planning factors that can invite workplace IT disasters. In many cases, preventative work becomes an afterthought for IT staff who are expending all their energy on regular operations. Thankfully, planning ahead can help businesses minimize their chances of dealing with the following commonly overlooked workplace IT disasters. Here are five problems to watch out for:

1. Knowledge Loss

It’s common for an IT staff member to take on project ownership, often resulting in excellent work. However, it’s a problem for your business if the only person who understands how a project or a system operates decides to leave for another position. The rest of the team can have a difficult time picking up where the lost employee left off, especially if something breaks or needs immediate adjustment and they’re under pressure to fix it ASAP. Avert a crisis by cross-training IT staff: At least two people should know how anything works.

2. Insufficient Documentation

Proper documentation can mean the difference between a brief disruption and a catastrophe.

IT staff should prioritize documenting everything from programming code to network infrastructure maps to device use walkthroughs.

This information makes it much easier to understand how something works and how to fix it if something isn’t working. Proper documentation helps staff avoid creating disasters when making changes to something they don’t understand. Additionally, IT staff may forget how something works, and documentation decreases the learning curve.

3. Overheating Computer

Too much heat is bad for computers — it causes unplanned shutdowns and eventual device failure. In addition to making sure computer software is patched, IT staff should periodically make sure computers aren’t being used in high-heat conditions. Computers used in areas that don’t have air conditioning, lack clear airflow passage and pull in dust can all result in overheating.

4. Environmental Problems

Heat isn’t the only elemental factor that can prompt an IT disaster: A leaky pipe, a blocked vent or extreme humidity can also damage hardware. These disasters may require replacing computer hardware or entire devices. Servers and network hardware often get tucked away in closets, basements and spare rooms to stay out of the way of daily operations. Issues like exposed pipes, bad airflow, dust, debris, humidity and poor temperature management create conditions ripe for an IT disaster. For example, a pipe leak can flood a room and destroy a server. IT staff should look for and mitigate environmental factor risks.

5. Use of Improperly Tested Tech

While having confidence that you can plug in technology and it will work is a testament to advancement, it is still a recipe for disaster in the IT world. Just because a device turns on and connects to a service doesn’t mean that it’s ready for use. For example, IT staff need to thoroughly test a new AppleTV in the presentation room before a C-level employee uses it in a presentation for investors. While short-term technical failures aren’t a disaster as far as IT is concerned, they can have far-reaching effects in other areas of the business.

In some cases, not having a disaster recovery plan in place before catastrophe strikes could be considered an overlooked IT disaster in itself. The IT consulting experts at MPA Networks can help your business avoid potential overlooked disasters. Contact us today.

Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Does Fintech Pose a Threat to Cybersecurity at Financial Services Companies?

Monday, January 29th, 2018

Financial services companies should embrace a healthy dose of caution when implementing new fintech in their business. Fintech, or any technological innovation in the financial sector, is not inherently more or less secure than any other new technology, but because it works with substantial sums of money, it is a common target for hackers and would-be criminals. Financial services companies need to keep up with innovations in how people transact business including cryptocurrency, digital cash, blockchain technology, smart contracts and open banking in order to remain competitive. Therefore, it’s vital that companies working with fintech pay close attention to risk mitigation and security.

Fintech Is Growing

Bitcoin is likely the best-known and most publicly discussed story in fintech today. It’s an excellent topic for discussion because it’s well known outside of the financial industry for both its potential and problems. Bitcoin shows its potential with its fluctuating value, starting at just pennies a coin and reaching a peak value of over $15,000 USD as of early 2018. However, Bitcoin also has a high-profile case of the risk associated with new technology: the 2014 MtGox theft, which resulted in more than $800,000 in stolen Bitcoins.

As of early 2018, fintech startups continue to proliferate and innovate. Fintech startup funding reached $17.4 billion in 2016 and was on track to surpass that for 2017.

According to CB Insights, there were 26 venture-capitalist backed fintech firms with a combined value of $83.8 billion in Q2 of 2017.

Fintech is chipping away at the traditional financial institution, so the traditional businesses need to embrace it in order to remain competitive. Consumer demand drives financial services companies to use these new technologies; however, it’s the businesses that shoulder security risks.

Security Vulnerabilities Thrive in Fast-Growth Environments

Fintech’s incredible level of success is the very reason it’s a cybersecurity threat at financial services companies. With such a large number of innovations being adopted in the financial services industry, it’s inevitable that some technology won’t have sufficient security in place. If the vulnerabilities exist, it’s only a matter of time before hackers will find and exploit them. Because there are so many players with so much money on the line, it could lead innovators to push technology to the market as fast as possible at the expense of proper security development. Enterprise Innovation cites a survey respondent who expresses concern that the financial services industry can’t keep pace with how quickly fintech is evolving.

Unfortunately, there’s no easy way to cover all the possible threats that can come from new fintech — because those threats don’t exist until the technology exists. However, financial services companies must ensure they employ proper security practices. Firms need to use fintech platforms securely and ensure devices are always running the latest versions of software for security purposes. Additionally, businesses should be prepared for problems outside of their control with insurance. The 2017 Equifax hack is a warning sign for any business that wants to skimp on security, because it shows exactly how destructive the financial hacks that exploit poor security can be.

MPA Networks offers extensive experience and incredible expertise in providing IT service and support to financial services. If your business is expanding into fintech use, contact us today to learn more about how we can enhance the safety of your information and your customers.

79% of Businesses Were Hacked in 2016. Was Yours One of Them?

Tuesday, June 27th, 2017

broken-business-2237920_640

Getting caught off-guard in a cyber security attack is a disaster for any business, large or small—and the frequency of attacks is only getting worse.

According to the CyberEdge 2017 Cyberthreat Defense Report, hackers successfully compromised security at least once for 79.2 percent of businesses over the last 12 months.

These figures may be alarming, but keep in mind that all businesses can (and should) be taking proactive steps to prevent attacks, and to make a quick recovery from any breaches. Here’s how you can protect yourself, with help from a Managed Service Provider.

Increase in data breaches

Even if your business has not been attacked in the past year, the odds of staying under the radar aren’t in your favor. In 2016, businesses experienced a 40 percent increase in data breaches over 2015. The situation is especially bad for smaller businesses: 60 percent of small companies that suffer a major cyber attack go under within six months.

Less severe incidents are more common, but businesses are typically ill-prepared for them. A staggering 63 percent of small business owners report their websites have come under attack by hackers or spammers; of those attacked, 79 percent say they have no plan for what to do if it happens again. Most businesses find that mobile devices and social media services are the weakest links in their online security.

Protective Measures against Cyber Attack

The best protective measures against digital security threats are to secure networks, websites, applications, and social media platforms, and to implement a reliable backup system. The following tips provide a baseline to help your business minimize its security risks:

  • Use unique, secure passwords for all accounts including internal services, external services, email, and connected social media to prevent data breaches.
  • Activate “2-Step Verification” for applicable services.
  • Use Secure HTTP for websites and applications that pass personal information.
  • Take advantage of desktop management services; make sure computers are running up-to-date software to minimize exposure to known security holes.
  • Keep antivirus and anti-malware software updated; run scans on a frequent basis to protect from malware infections.
  • Program internally developed services to prevent SQL injection.
  • Secure the Wi-Fi/Internet and manage employee credentials.
  • Secure mobile devices, tablets, and laptops so they can be disabled if lost or stolen.

In Case of Emergency: Disaster Recovery

Ransomware is major concern for businesses these days: 61 percent of businesses say they were compromised at least once by malware demanding payment to return data. Unfortunately, some companies that decide to pay the ransom still don’t get their data back. The best thing your company can do to protect itself from ransomware is to limit the amount of damage an attack can do through backup and disaster recovery. Using the “3-2-1 backup rule” and running frequent backups can be the difference between losing all of your data permanently, and losing a single day’s work.

Digital security should never take a break. If your business is looking to build a better defense against cyber threats, the experts at MPA Networks can help with both desktop and server management. Contact us today to learn more.

Scheduling Security: Take Control of Your OS Updates

Wednesday, May 10th, 2017

update-1672385_640

It happens to everyone: You turn your computer back on after you intended to leave the office, or come in early to get a head start on a new project, only to be greeted by a 20-minute operating system (OS) update session. This common workplace frustration turns what should have been a four-minute job into a half-hour ordeal, forcing you to stay behind or defeating any time gains from starting early.

OS updates provide essential security fixes that keep your business safe, but the platforms have a knack for pushing updates at what feels like “the worst possible time.”

Here’s what you can do to remain one step ahead of your updates at all times.

Change the Default Settings

Don’t leave operating system updates on their default settings, because they’re likely to interfere with work when you need the devices. The solution to this productivity- and attitude-killing problem is to adjust the system settings to force the updates at a specified time when your team won’t need them. Other software, like Office, Photoshop, and web browsers, tend to be less of a problem, since their update sessions are usually much quicker.

Updates Are a Security Issue

The worst solution to update inconvenience is to disable automatic updates. While updates that don’t add any new features may seem irrelevant, they’re actually doing lots of work keeping you safe behind the scenes in areas like IT security and virus/malware prevention.

According to TrendMictro, malware and other security exploits tend to target known security holes that have already been closed through updates and patches. Instead of finding new exploits, it’s easier for hackers to continue to exploit the old ones and take advantage of users who do not update their computer software.

Schedule Around Work to Increase Productivity

Microsoft usually posts their updates on the second Tuesday of every month, which is commonly known as “Patch Tuesday.” However, this may not work well with your business if it disables employee computers Tuesday night or Wednesday morning. The ideal time for updates will differ depending on your business, but for the typical Monday-to-Friday 9-to-5 office, you will be best served by installing updates around 2 a.m. on Sunday morning. Devices can even be individually customized for each employee based on their personal schedule.

The IT Consulting experts at MPA Networks, serving San Francisco, San Mateo County, San Jose, and other San Francisco Bay Area cities, are ready to help your business make technology work for you, not against you. Scheduling updates is a desktop management and support issue, which IT Managed Services can deliver. Contact us today to find out how we can help you better manage your office computers.

Mac- and Linux-Based Malware Targets Biomedical Industry

Tuesday, March 14th, 2017

virus-1920629_640

The malware infection, discovered in late January, that’s been hiding out on Mac and Linux devices for more than two years doesn’t mean the security floodgates are open, but it is a reminder that these devices aren’t invincible. Apple is calling this new malware “Fruitfly,” and it’s being used to target biomedical research. While not targeted for Linux devices, the malware code will run on them.

This attack may hit a little too close to home for those industries MPA Networks specializes in protecting, including healthcare and biotech. That makes this a good time to reexamine security best practices for devices that aren’t commonly targeted for attacks.

Attacks Are Rare, But Not Impossible

Broadly speaking, any device that isn’t running Windows has benefited from a concept called “security through obscurity,” which means hackers don’t bother going after these devices because of a smaller market share.

Mac OS X and Linux provide more secure options than Windows for various reasons, but neither is an invincible platform.

Every so often, hackers strike the Mac community with malware—and when the attacks are successful, it’s typically because users don’t see them coming. The lesson here, of course, is to never let your guard down.

You may not need an active anti-virus program on a Mac, but occasional anti-malware scans can be beneficialAccording to Ars Technica, “Fruitfly” uses dated code for creating JPG images last updated in 1998 and can be identified by malware scanners. Anti-malware programs like Malwarebytes and Norton are available for Mac devices. MPA Networks’ desktop support and management can also improve user experiences on non-Windows devices.

Keep Your Macs and Linux Machines Updated

The old IT adage that says “keeping your programs updated is the best defense against security exploits” is still true when it comes to Mac OS X. While Mac OS X upgrades have been free or low-cost for years, not everyone jumps on to the latest version right away. For example, less than half of Macs were running the latest version of the OS in December of 2014. This means all the desktop and laptop devices running older versions of Mac OS X are exposed to security holes Apple patched with updates.

Typically, Apple only supports the three most recent versions of their operating system, which usually come in annual releases. Your workplace computers should, at the very least, be running a version still supported by Apple. The good news is that Apple quickly issued a security fix to address Fruitfly. The bad news? This isn’t the first Mac OS vulnerability malware has managed to exploit, and it won’t be the last.

The IT consulting experts at MPA Networks are ready to help your company find the right tools to increase productivity and improve security on all your office devices. Contact us today to get started.

8 Spring Cleaning Tips for Your Office Computers

Wednesday, March 1st, 2017

bucket-303265_640

When it comes to your office computers, a little bit of spring cleaning goes a long way. Sure, cleaning office computers can seem tedious. But think of it like preventative maintenance on a vehicle: In the best-case scenario, you’ll never know all the breakdowns you avoided.

Keeping your office computers clean and healthy minimizes your risk of downtime and increases productivity.

Here are 8 tips for your next round of spring cleaning:

1. Update All Software

Run updates and patches for the operating system, commonly used programs, and security software on every system. Program and operating system updates don’t just add features; they’re loaded with security updates that keep your devices safe. Most problems with computer security exploits stem from outdated software that allows hackers to break through established breaches that the developer already closed, so running updates and patches is your best line of defense.

2. Run a Full Anti-Virus Scan

After updating all the software on the computer, run a full anti-virus scan to catch any malicious software hanging out on the device. Active anti-virus protection does a good job of safeguarding the system against infections, but sometimes malware slips through the cracks.

3. Run a Full Anti-Malware Scan

Anti-virus programs go after specific, high-risk malware infections, meaning lower-level malware can still find its way onto your computers. Anti-malware programs including Malwarebytes and Spybot are better equipped to identify and remove malware that the anti-virus misses.

4. Defragment the HDD

Older PCs with traditional Hard Disk Drives (HDDs) may experience load time improvements from an annual drive defragmentation. However, newer Windows systems—and all currently supported Mac OS versions—handle this process in the background, so you don’t need to worry about it. If the computer is running a Solid State Drive (SSD), do not bother with the defragmentation process.

5. Remove Unnecessary Launch Programs

It may seem like every program installed on your computer wants to launch itself at startup—even those you rarely use. Removing unnecessary programs from the system startup can help improve performance and reduce login times. Windows 10 features a handy “Startup” tab on the Task Manager that lets users quickly toggle which programs launch with the system.

6. Check and Create Restore Points

Restore points can be a major time saver in returning a compromised computer to full operation. Restore points reverse most of the damage caused by malware and bad configurations, all with minimal effort. Check whether the computer is already using them, and create one if it isn’t.

7. Run a Full Backup

Backups are like restore points for when very bad things happen to a computer. It’s best practice to make at least two backups of a given computer’s files, and store them in different physical locations. This ensures that in the event of catastrophic loss, all the data saved on the computer up until the backup point is preserved. Mashable recommends verifying if automated backup services like Time Machine and Windows Backup and Restore are actually working.

8. Bust Dust on Desktops

This part of the spring cleaning process is literal. As we’ve previously discussed, excessive dust inside a computer obstructs airflow, which can cause crashes due to overheating and even damage components. CNET has a helpful guide on how to go about the dustbusting process.

A little spring cleaning makes for a more efficient office and stronger disaster recovery. The expert desktop support and management staff at MPA Networks is ready to help your workplace in San Mateo, San Francisco, the South Bay, and other Bay Area cities implement better practices. Contact us today for more information.

An Expert’s Guide to Avoiding Phishing Scams

Tuesday, January 24th, 2017

hacker-1944673_640

Unlike most IT security threats, phishing scams attack the human element instead of the machine element. Phishing scams try to bait a person into exposing confidential information by posing as a legitimate, reputable source, typically by email or phone. Most often, the culprits seek users’ account login details, credit card numbers, social security numbers, and other personal information.

By properly educating your employees and following a handful of best practices, your business can significantly reduce the threat of phishing scams.

Here’s how:

1. Treat every request for information—whether by email, phone, or Instant Message—like a phishing scam until proven otherwise.

Meeting any request for confidential information with skepticism, regardless of how trivial it sounds, is your employees’ best defense against phishing scams. Even innocent information like a person’s first car, pet’s name, or birthday can be used to steal accounts through password recovery. Generally speaking, no professional organization or company would ever ask for personal information when contacting you—so any information request of this type is more likely to be fraudulent than real.

2. Familiarize your staff with scheduled emails for password resets.

Many companies use regularly scheduled password reset policies as a security measure; however, hackers can exploit this system to get people to hand over account login information. Your company’s best protection in this case is to familiarize employees with which services actually send out these requests. If possible, enable 2-step verification services, or avoid scheduled password changes altogether.

3. Never click a “reset password” link.

One of the easiest ways a hacker can steal information is to include a spoofed link claiming to be a password reset page that leads to a fake website. These links typically look exactly like the legitimate reset page and will take the “account name” and “old password” information the person enters. If you need to reset an account or update your information, navigate to the site manually and skip these links.

4. Never send credentials over email or phone in communication that you did not initiate.

Many sites utilize legitimate password reset emails and phone calls; however, a person has to go to the site and request it. If someone did not request a password reset, any form of contact to do so should be met with extreme skepticism. If employees believe there is a problem, they should cease the current contact thread and initiate a new one directly from the site in question.

5. Don’t give in to fear.

One common phishing scam emulates online retailers, claiming they will cancel an order because a person’s credit card information is “incorrect.” These scams rely on a sense of urgency to get a potential victim to hand over information without stopping to think. If the account really is compromised, chances are the damage is already done.

6. Report suspected phishing attempts.

Phishing attacks like this typically target more than one person in an organization, whether it be from a “mass-scale” or “spear” phishing attack. Therefore, it’s safe to assume that if one person receives a phishing email, others will, too—so contact both your company’s IT department and the organization the hackers were imitating.

If your business is looking to improve its IT security practices and avoid falling victim to phishing scams and other attacks, contact the experts at MPA Networks for help today.

A Primer on Phishing Attacks

Wednesday, December 21st, 2016

credit-card-1591492_640

Phishing attacks are a dangerous and devastating method hackers use to steal personal information and accounts—primarily by striking the user instead of the machine. According to the APWG Phishing Activity Trends Report, the first quarter of 2016 saw an explosive 250 percent increase in phishing attacks, meaning both the industry and individuals should be increasingly concerned about these scams.

While security software is getting better at detecting phishing attacks, it can’t stop them all. Here’s the rundown on what you can do to protect yourself and your employees.

What Exactly Is a Phishing Attack?

The goal of a phishing scam is to get a person to hand over private information, usually pertaining to account access credentials, credit card numbers, social security numbers, or other information, that can be used to steal accounts, information, and identities.

According to Indiana University, phishing attacks, or scams, typically present themselves as fake emails masquerading as official sources asking for personal information. Google adds that phishing attacks can also come through advertisements and fake websites.

So, phishing attacks come in several forms. One example of a phishing attack is an email arriving in an employee’s inbox asking them to reset their Gmail account information. Another is an email from “Amazon” saying the account holder’s credit card information didn’t go through for a recent order.

What’s the Best Defense Against Phishing Attacks?

The best thing a person can do to protect themselves from phishing scams is to be wary any time they receive a message asking for personal information. Businesses and organizations can protect themselves by educating their employees and members about what phishing attacks look like, and how to avoid them.

Teach your employees to look for red flags, like an email address that doesn’t correspond to the supposed sender, impersonalized messages, grammatical errors, and/or unsolicited attachments. Equally, watch out for spoofed links that list one URL on the page but redirect to another—and keep an eye out for spoofed URLs that don’t match the real site (e.g., gooogle.com instead of google.com).

Some phishing emails use such highly personalized information that they may appear, on the surface, to be authentic. Don’t let your guard down. Phishing attacks typically use fear to motivate a person into handing over sensitive information with statements like “your order will be canceled” or “your account will be deactivated.” Instead of clicking the link inside the email or responding directly with personal information, go to the real website using a search engine or by typing the URL directly into your browser. If you receive a phishing email related to any of your professional account credentials, report it to IT.

The State of Phishing Attacks

Now that web users are spread out over a variety of operating systems including Windows, Mac OS, Android, and iOS, it makes sense that hackers would divert more effort to scams that attack the user instead of the operating system. Symantec reported a 55 percent increase in “spear-phishing” scams across 2015. In the first quarter of 2016, CSO reported that criminals successfully targeted 41 organizations in a phishing scam aimed at retrieving W-2 data.

If your company is looking to improve its IT security practices against threats like phishing scams, the IT consulting experts at MPA Networks are ready to help. Contact us today.

Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.