4 Helpful Tips For Keeping Your Passwords Secure

4 Helpful Tips For Keeping Your Passwords Secure

Individuals and organizations get hacked every day. It’s a fact of life. Sometimes it’s because the hacker is smart, and sometimes it’s because the users’ passwords are weak. Oftentimes, it’s both.

If you want to boost your protection against hackers, password security is paramount.

Here are four simple steps for ensuring that your accounts stay as protected as possible at all times:

Create Long, Unique Passwords

It’s crucial that you use a unique password on each of your online accounts. If you don’t do this, it could be easy for hackers to access a number of your accounts by cracking just one password. Cyberattackers actually count on you not taking this important step. A popular hacking approach called credential stuffing involves hackers trying your password across multiple sites to see how many of them they can successfully access.

Not only should all passwords be unique, they should also be long and complex. While a more complicated password doesn’t necessarily make it stronger, having a long password is the most important aspect. Experts recommend using passphrases in order to make the password longer, but also easier for you (and only you) to remember. The quirkier the phrase, the better. Substituting characters for certain letters can also help strengthen the password.

For instance, the absurd passphrase “dancing eggplants ate the cake” could be further bolstered by changing it to “d@nc!ng eggpl@nt$ 8 t#e c@ke.” While this does make the precise password more difficult to recall, it’s easier than picking a completely random password that’s 20+ characters long.

Keep it simple by using a memorable line from your favorite book, a special-to-you song title, or the name of your favorite film. This will ensure that the password is easy to recall, while retaining the length you need it to be for maximum security.

Use a Password Manager

A password manager is simply an online tool that helps remember your passwords for you. As well as logging all your passwords to make them easy for you to access, many popular password managers often tie into breach services such as HaveIBeenPwned and will notify you if your credentials have appeared in any known hacks.

Keep a Password Book

While password managers are pretty secure, some people prefer to keep a physical notepad for listing all their passwords. This is a perfectly acceptable practice, provided you make sure to keep it in a safe location and never take it out with you. In any case, a password book still beats using the same one or two passwords for every account you have.

For people who frequently travel, a password book is not an ideal option, especially if the book is stored alongside devices that could be easily lost or stolen.

Enable Two-Step Verification

Two-step verification or multi-factor authentication – when one or other means of authentication are required along with your password in order to access accounts – are among the best ways to keep your accounts secure. Some websites and apps – such as Apple’s Face ID and Touch ID on the iPhone – already have this type of verification built into them for security purposes.

Other authenticating tools, such as the Yubico YubiKey – a physical security key that you plug into your device – and the Authy app – which generates a code you can use in addition to your password – are other good options to try.

Conclusion

In addition to the tips provided above, there are other security measures you can take to further protect your accounts.

Always be wary of emails and texts claiming to be from a familiar service, such as a website or app you use frequently, especially if these messages are asking you to enter your credentials. These types of requests are almost always fraudulent. The sender – likely a hacker in sheep’s clothing – is probably attempting to gain access to your login and password.

Whenever you’re unsure about whether a request of this nature is legitimate, contact your IT department or IT service provider. Don’t compromise your security by careless actions online!

For more cybersecurity tips or to schedule a free IT assessment for your company, contact DataGroup Technologies here or by calling us at 252.329.1382!

Related Posts

Are Your Credentials On The Dark Web?

Are Your Credentials On The Dark Web?

Would you hand over your password to a complete stranger to log in to your bank or investment account? What about your email or other cloud service account?

Obviously, no one wants to voluntarily surrender their credentials to crucial accounts such as these. But every day, many users – potentially even your customers or team members – may be doing something equally as perilous.

We’re constantly being admonished not to use the same password for multiple accounts. At the same time, having an ever-increasing number of applications means also managing an escalating number of accounts.

Recalling individual passwords can be a hassle – if not implausible. A password manager can help. Ultimately, though, the most formidable threat of all is credential exposure.

What Is Credential Exposure?

Credential exposure is when a company in possession of your login information is breached – that is, personally identifiable information is publicly disclosed – and the attacker is able to access these account records.

If maintained inappropriately by the company being breached, those accounts can be laid bare, giving the attacker easy access to your login information.

Due to the fact that most applications now default to an email address for the username, and many people reuse the same password across countless applications, it’s not difficult to see how this can swiftly wreak havoc.

All of this may well leave you speculating about what steps you can take to defend yourself from dark web breaches. Here are a few commonsense approaches to keep your assets protected.

Implement Multi-Factor Authentication

The first thing you can do to safeguard your credentials is to implement multi-factor authentication (MFA) on any account that supports it. Resign yourself to using that authenticator app regularly – the additional time spent during logins will outweigh the time you’ll spend recovering from a data exposure which results in a compromised account.

There are a variety of free and paid options, including Microsoft’s Authenticator app, which harmonizes with the Office 365 and Azure infrastructure that many organizations are already using. This is the first of many measures to take and should be standard operating procedure in your office. 

Use A Secure Password Manager

While there is a degree of risk connected with storing all your credentials in a single location, the benefit of having the password manager create and remember strong passwords is worth that risk for most users.

In addition, many password managers provide the means to safely share a password with another user, detect who has gained access to a password, and make sure that you are aware of which passwords need to be updated in the event that someone who has previously accessed a password leaves your company.

Perform A Dark Web Scan

There are a number of tools available that can execute a dark web scan – i.e., searching the results of publicly shared data breaches where credentials were exposed. Not only can these resources notify you of any exposures associated with your email account, they can also make you aware of the password which was exposed so that you know to refrain from using that one in the future.

Ensure That Your Product Set Is Secure

You need to ensure that the software you use with your clients is secure. Solutions such as single sign-on (SSO) allow you to access a specific program’s entire suite of products via one secure login, making it easier for you to set up and connect products, as well as manage your account.

Don’t Recycle Compromised Passwords

Lastly, it’s essential to bear in mind: if your credentials have been revealed publicly, you can never use that password again. Once that password is part of a public list – particularly one that’s associated with your email address – you can safely assume that it will also be included in a future attack.

If you use passwords similar to the one that was compromised, you’ll need to change those, too. The risk is too great to even contemplate reusing it; and any other account that uses the same password should be immediately updated as well.

Keep in mind that this isn’t personal. You may not have been the cause of the exposure, but that credential is now public. There’s no indignity in something you can’t control, but taking appropriate action after the fact is the only way to defend yourself going forward.

Final Thoughts

Keep these tips in mind when using and reviewing your login credentials in order to protect your assets from exposure on the dark web. Remember, every precaution you take today is one less risk to manage later.

Are you curious to find out whether your credentials are already on the dark web? We can perform a dark web scan for you! Call us at 252.329.1382 or visit dtinetworks.com today to see how we can help you #SimplifyIT!

 

*************************

An earlier version of this article appeared on the ConnectWise blog.

Related Posts

Don’t Let Your Employees Become Your Biggest Vulnerability!

Don’t Let Your Employees Become Your Biggest Vulnerability

A couple of years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous to Business As Hackers and Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

And yet, many employees do – and it’s almost always unintentional. Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.” 

Where does this weakness come from? It stems from several different things and varies from business to business – but a big chunk of it comes down to employee behavior.

Human Error

We all make mistakes. Unfortunately, some mistakes can have serious consequences. Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.

The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor, or other company leader might use. It’s a phishing scam, and it works. While it doesn’t necessarily compromise your IT security internally, it showcases gaps in employee knowledge. 

Another common example, also through email, is for cybercriminals to send files or links that install malware on company computers. The criminals once again disguise the email as a legitimate message from someone within the company, a vendor, a bank, or another company the employee may be familiar with. 

It’s that familiarity that can trip up employees. All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought.

Carelessness

This happens when an employee clicks a link without thinking. It could be because the employee doesn’t have training to identify fraudulent e-mails or the company might not have a comprehensive IT security policy in place. 

Another form of carelessness is unsafe browsing habits. When employees browse the web – whether it’s for research or anything related to their job or for personal use – they should always do so in the safest way possible. Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads). 

Bad websites are fairly subjective, but one thing any web user should look for is the presence of “https” at the beginning of any web address. The “s” tells you the site is secure. If that “s” is not there, the website lacks proper security. If you input sensitive data into that website – such as your name, e-mail address, contact information, or financial information – you cannot verify the security of that information, and it may end up in the hands of cybercriminals. 

Another example of carelessness is poor password management. It’s common for people to use simple passwords and to reuse those same passwords across multiple websites. If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access. A strict password policy is a must for every business.

Turn Weakness Into Strength

The best way to overcome the human weakness in your IT security is education. An IT security policy is a good start, but it must be enforced and understood. Employees need to know what behaviors are unacceptable, but they also need to be aware of the threats that exist. They need resources they can count on as threats arise so that they can be dealt with properly. Working with a trusted managed services provider or IT services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.

Final Thoughts

DataGroup Technologies provides businesses of all sizes with security awareness and best practices training. Our goal is to make sure that your staff can identify threats and remain proactive. Knowledge is power, and well-informed employees can serve as a human firewall for your organization. For more information about our security awareness training solutions, please call us at 252.329.1382 or drop us a line here!

Related Posts

Computer Security Day: 8 Tips to Bolster Your Business’s Cybersecurity

Computer Security Day: 8 Tips to Bolster Your Business’s Cybersecurity

In 1988, the Association for Computer Security established the first Computer Security Day to raise awareness about cybersecurity issues. Computer Security Day encourages people to take ownership of their online presence and identity. Taking the time to review computer security best practices can help individuals and organizations avoid compromised data and other unwanted scenarios.

In celebration of this day, here are 8 tips for bolstering your computer security:

1) Update Passwords on All Your Devices

Take the time to change the passwords on all your online accounts. This is something that should be done on a regular basis anyway, but if you’ve neglected to do so recently, today is as good a time as any.

Avoid using the same passwords across multiple accounts and devices. Reusing the same or similar passwords over a period of time can put you at greater risk of being hacked. Ideally, you should create a different password for each account that you use on your various devices.

It probably goes without saying, but it’s never a good idea to share your passwords with others, even people that you trust. You can’t know for sure that they will keep your credentials as secure as you would yourself.

2) Create and Use Strong Passwords

When it comes to password security, length matters. Passwords that are 6 characters or fewer are much easier to hack, particularly if they consist of only lowercase letters. To strengthen your password, create a complex, unique mixture of upper and lowercase letters, symbols, and numbers that is at least 9 characters in length.

A password manager can help generate unique passwords for each of your online accounts. At the same time, this useful tool can save all your passwords in one convenient location, so you don’t have to remember them each time. You can also take advantage of Password Checkup, a Google Chrome extension that warns you when it detects you using compromised, duplicate, or weak passwords. As another option, consider using the tool How Secure Is My Password to test the strength and “hackability” of your passwords.

3) Keep Your Software and Hardware Up-to-Date

Make sure that all software – for your operating systems, browsers, programs, applications, etc. – is updated with the latest versions available. When you’re all set with that, it’s time to update your protection software, including spyware, antivirus, and antimalware software. Run a security scan not only on your computers, but on your smartphones and tablets as well. Mobile devices are as much at risk, if not more so, than your desktops or laptops.

It’s crucial to check on the status of your hardware as well. Outdated hardware may not support recent software security upgrades, and also responds slower to cyberattacks, in the event that one should occur. Better to be safe than sorry and upgrade your hardware while everything is smooth sailing.

4) Encrypt and Back Up Your Data

Keep your data secure and confidential – whether it’s being stored or in transit – by encrypting it. Encryption uses complex algorithms to scramble your data and make it unreadable, ensuring that only an authorized person can access the data.

Create a backup copy of all your sensitive data on a portable storage device – such as an external USB or hard drive – and store it in a safe place. Alternatively, you could upload your backed-up data to a cloud-based storage solution such as Google Drive. It’s important to keep your data backups up-to-date and test them periodically.

5) Implement Multi-Factor Authentication

Many online platforms now allow you to enable multi-factor authentication in order to keep your accounts more secure. Multi-factor authentication offers an additional layer of protection by helping to verify that it’s actually you who’s trying to access your account and not an unauthorized user.

6) Be on the Lookout for Social Engineering Attacks

Social engineering attacks are difficult to counteract, as they’re specifically designed to take advantage of natural human characteristics, such as curiosity, respect for authority, and people’s desire to help their friends. Anytime you receive a suspicious email, it should be treated as such. Take a moment to think about where the communication originates from; don’t just trust it blindly.

Often, social engineering depends on a sense of urgency. Attackers hope that targets won’t think too hard about what’s going on. Thinking twice before taking any action can prevent most social engineering attacks and expose them for what they are – frauds.

7) Don’t Leave Your Devices
Unattended

Despite what you may think, locking your office is not enough. If you use a laptop or desktop computer at work, you should always power it down at night. Additionally, whenever you leave your office for the day, you need to lock up your memory keys, hard drives, and anything else that has sensitive data on it.

8) Educate Your Employees About Cybersecurity Awareness

Cybercriminals are specifically targeting your employees when they send out phishing emails in attempting to steal information. Through training and awareness, you can help your employees better recognize fraudulent emails when they encounter them. In so doing, you can significantly reduce the risk of your employees surrendering sensitive data to those who would deliberately misuse it.

Onboarding training and continuous updates help create a human firewall between your company’s information and security threats. Employees need to understand that cybersecurity is every bit as much their concern as it is the concern of your technology experts.

DataGroup Technologies offers a wide variety of cybersecurity solutions to help protect your business against cyberthreats like malware, phishing, ransomware, man-in-the-middle attacks, social engineering, and distributed denial-of-service attacks. Are your company’s data and that of its customers fully protected? How can you be sure? Partner with us and we can help safeguard your business against all these and more! Call us today at 252.329.1382 or drop us a line here.

Related Posts

How To Secure Your Business Website In 2022

How To Secure Your Business Website In 2022

If you have a booming business website that’s raking in profits and helping you establish your brand, that’s great! However, you still need to make sure your site is protected from hackers and trolls who might want to tarnish your image. To ensure continued success and prevent bad actors from appropriating your intellectual property, follow these tips to help better secure your business website.

What Is Business Email Compromise?

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

How to Protect Your Business Against BEC Attacks

In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.

  • Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
  • Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
  • Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
  • Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
  • Enable settings on employees’ computers to allow full email extensions to be viewed.
  • Monitor your personal financial accounts routinely for irregularities, such as missing deposits.

What to Do If You or Your Company Should Fall Victim to a BEC Attack

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

What to Do If You or Your Company Should Fall Victim to a BEC Attack

Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.

These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us to find out more about how we can help #SimplifyIT!

Related Posts

Are You Protected Against Business Email Compromise Attacks?

Are You Protected Against Business Email Compromise Attacks?

On May 4th, 2022, the FBI published a public service announcement updating its warnings about the continuing threat of business email compromise, also known as CEO fraud. It’s a problem that has reached staggering proportions. Between June 2016 and December 2021, the FBI quantified 241,206 domestic and international incidents of business email compromise. The exposed dollar loss – including both actual and attempted losses – was more than $43 billion!

What Is Business Email Compromise?

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

How to Protect Your Business Against BEC Attacks

In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.

  • Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
  • Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
  • Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
  • Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
  • Enable settings on employees’ computers to allow full email extensions to be viewed.
  • Monitor your personal financial accounts routinely for irregularities, such as missing deposits.

What to Do If You or Your Company Should Fall Victim to a BEC Attack

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Final Thoughts

Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.

These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us to find out more about how we can help #SimplifyIT!

Related Posts