alt tag

Posts Tagged ‘password manager’


7 Ways to Keep Work Secure on Employee Personal Devices

Monday, May 14th, 2018

Technology improvements have made it easy for employees to get work done on their personal devices from anywhere. However, that freedom comes with additional security risks and requires extra diligence to keep data secure. Safeguarding information is a combined process of utilizing technology and educating staff. The following considerations will help your business keep work secure on employee personal devices.

1. Always Update/Patch Software

Hackers invest time trying to find new ways to bypass security or take advantage of personal apathy and laziness.

According to PC World, failing to install the latest patches and updates for software is the top security risk for both business and private use.

Hackers can look for known exploits that the software creator closed and use them against people who haven’t updated the software to close that security hole. Unlike with business-owned devices, your business really can’t force employees to install software that will prompt updates, so it becomes a matter of training.

2. Use Cloud Apps

Cloud applications for both computers and mobile devices offer some excellent security benefits for your business, especially when your employees access them on personal devices. Cloud apps shift much of the data security burden to the server side, which alleviates many of the security problems that could come from traditional apps run on employee devices. Cloud email is an excellent example of this because the server can handle scans for phishing, malware and other malicious attacks before the content ever makes it to the employee device. Cloud apps generally run the most current software versions, so your business won’t have to worry about employees running updates.

3. Encourage Strong Antivirus and Anti-Malware Practices on All Devices

While employees don’t need to use the same security software your business runs on their personal devices, they do still need quality security software. There are many free and low-cost security programs for personal users that provide excellent protection. Your IT staff can help make recommendations for employees on personal devices.

4. Train to Avoid Phishing Scams

While security software and cloud apps do a great job of catching phishing scams, some still might slip through. That’s why it’s important to train your employees in how to identify and avoid phishing scams.

5. Use Strong Passwords, Password Managers and 2-Step Verification

Employees should also keep their accounts secure by using sophisticated access credentials. This means using 2-step verification for all accounts and programs when possible and using password managers to protect their credentials. Employees should be trained in creating strong passwords in the event that more advanced security techniques don’t work.

6. Practice Public Wi-Fi Safety

In general, employees should avoid using public Wi-Fi when working with confidential information. If employees are going to do work on Wi-Fi outside of the home or workplace, they need to be trained in identifying fake access points and how to tell if a library, restaurant or other business’s network is secure.

7. Consider Using Remote Wipe or Lock Software

As a final effort, your business should encourage employees to install software that allows them to remote wipe or lock mobile devices and laptops they are going to use for work purposes. That way if someone steals that device, the damage will be limited to the financial loss of the hardware and not related to a data security breach.

The IT consulting experts at MPA Networks can help your business implement both software and training practices to help keep your data safe when employees use their personal devices for work. You can read our previous blog on tips for managing remote employees for even more information on keeping data safe. Contact us today to learn more.

Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.

Password Managers and Recovery Strategies

Tuesday, August 16th, 2016

password-397656_640

Secure passwords and recovery strategies are an essential part of doing business in the digital age—and password manager programs can help streamline the process.

Password managers store and, often, automate login credentials for individuals across all secured online platforms for easy, secure, and fast access.

Why You Need It

Password-related IT security is an always-hot topic in the tech world; new reports of password security breaches are still hitting headlines with alarming frequency. In June of 2016, hackers hit remote desktop access service GoToMyPC® with a sophisticated attack, causing the company to send out a mass password reset to all of its users. Security breaches like these are a good reminder of why your business should use a password manager.

Everyday Use

Using the same password for every platform is problematic for the obvious fact that hackers can use that one password to break into several accounts. Your best bet is to use different passwords for different platforms—but trying to remember them all can, of course, be a challenge. For services you use infrequently, a password manager can improve productivity by helping you avoid tedious password search and reset processes.

Naturally, the biggest advantage of password manager platforms is that they allow you to easily create and store complex, hack-proof passwords. What do those look like? Here are a few tips: Secure passwords should use 10-12 characters with a mix of capital letters, lowercase letters, numbers, and symbols. And since it’s admittedly difficult for humans to remember 12+ character passwords that look like someone punched a keyboard, a password manager can come to the rescue.

Restoring Secure Access

When it comes to passwords, the best defense is a good offense—but breaches are going to happen. According to PCWorld, password leaks should be treated more like a “when” situation than an “if” situation.

Password managers can help you each step of the way, from locking down compromised accounts to restoring access on all devices so your employees can get back to business like nothing ever happened. After you regain control of the account, the password manager can generate a new, secure password. Additionally, the program will restore access on all of your connected devices by entering the new password in a single location, saving you the time and hassle of re-entering each new password on your work computer, personal desktop, personal laptop, smartphone, tablet, etc.

If you’re worried about password security, talk to your IT consulting service. A local MSP can help your business establish and implement secure password practices and manage them with ease. Check out PC Magazine’s list of top password managers for 2016 for a closer look at your best options.