Posted by on

We’ve been recommending for quite a while that our clients implement multi-factor authentication (MFA) on their email and Office365 accounts – really, anything that can have MFA enabled should.  You may have heard of two-factor authentication (2FA) before, multi-factor can use two or more methods of authentication. 

We’re asking our clients to use two factors to login now.  This is because like it or not, employees will use weak passwords – or use the same password on multiple websites.  If a hacker gains access to your email, they can trick your clients or employees into sending your hard-earned cash to them, or worse.  Some regulated industries have penalties associated with data breaches.  At a minimum, your reputation is at stake – do you want to have to tell your clients you’ve had a breach?   

Microsoft has made two-factor authentication easy to use with the authenticator app for iOS and Android.  Once connected to your account, all you have to do is push the “approve” button when prompted on your phone.   Read more...


Posted by on

used with permission from Tektonika (HP)

Information security breaches are becoming so commonplace, they’re seen as the cost of doing business—but they don’t have to be. Promoting internet safety and device security isn’t as hard as it might seem. By making small changes to online behavior, IT professionals and users can do a lot to keep their business safe. And the first way you can start is:

Stop using passwords

Wait, what? You read that right: The National Institute of Standards and Technology (NIST) recently came out with new guidance on password best practices. According to Mike Garcia, former director of NIST’s Trusted Identities Group, the gist of these guidelines is, “Simply put: Use passphrases, not passwords.”

This is great news for any users who spend a lot of time in “Forgot Your Password?” purgatory. For years, the advice for keeping passwords hacker-proof was to make them more complicated. But that made them user-proof, too.  Read more...


Posted by on

used with permission from HP Tech@Work

Is my password still enough, or do I need more?

Without question, security is critical these days. Whether it’s device, online, or mobile security, the need for protection is obvious, and the risk can’t be ignored. For years, that protection has centered on a login…and a password. But has that changed?

Oh, that password. We’ve been reminded us for years not to write it down. Not to keep it anywhere that someone could find it. Which has made more than a few people prone to forgetting it. Show of hands, anyone?

Then there’s the issue of using a unique password for every account. Considering we have an ever-increasing number of password-protected accounts, for everything from banking to gaming – and the apps that go with them – this can be exhausting.

Add to that the known problems with public networks, and the risks you and your mobile workers face daily when trying to do business from the road and you have a recipe for sleepless nights.  Read more...


Posted by on

used with permission from Norton by Symantec

By now you’ve noticed you typically have two options to log in to an online account. One is the traditional username and password combination. The other is the social login, which uses your credentials for a social networking account, such as Facebook, Google+, or Twitter.

Until recently the login method you prefer might have hinged on convenience. However, you may want to consider security and privacy before you click that “Log in with Facebook” button again.

Benefits of social logins

One of the biggest reasons people leave a website is because they are asked to create an account in order to proceed. With the number of online accounts people have, it’s no wonder the thought of creating another username and password combo makes people consider getting off the grid. That’s where social logins come into play.

Most people, especially Millennials, are comfortable living their lives online.  Read more...


Posted by on

used with permission from Norton by Symantec, by Christina Schubert

 

980 data breaches occurred in 2016. That left an approximate 35,233,317 known records exposed. Over the years, data breaches have become more sophisticated, and cybercriminals target both large corporations and small businesses.

2016 saw a string of data breaches that left sensitive information of millions of people at the mercy of cybercriminals. In addition to financial consequences, these data breaches ruined customer trust and the reputation of the companies in question.

As we look back at 2016 here are some of the most impactful data breaches that shook the world.

117 Million LinkedIn Credentials Breached

Even though the breach occurred in 2012, its intensity came to light in mid-2016. A Russian hacker going by the name of “Peace” claimed responsibility for the 2012 hack. In 2016 the hacker resurfaced, and set up shop on the Dark Web to sell a whopping 117 million credentials that were acquired from the same breach.  Read more...


Posted by on

used with permission from Norton by Symantec

gmail-steal-passwordsSophisticated cybercriminals have devised a way to steal email credentials that bypasses two-factor authentication security and doesn’t rely on otherwise easy-to-spot phishing methods. Here’s what you need to know to protect yourself from this email password stealing scam.

Who is affected?

Symantec researchers have found this scam largely targets Gmail, Hotmail, and Yahoo Mail users. However, everyone with an email account should be aware of how this scam works to avoid falling victim.

See how the scam works. In just a few quick steps, cybercriminals trick victims into disclosing email credentials.
gmailscam-infog.fnl_

 

How does the scam work?

To initiate this scam, cybercriminals need to know the email address and associated phone number of the user. Both of these contact details can often easily be obtained. With this information handy, an attacker can then capitalize on the password recovery feature that allows an email user to gain access to their account by a verification code sent to their mobile.  Read more...


Posted by on

used with permission from Norton by Symantec
Nadia Kovacs

twofactor_authentication

The significance of employing secure passwords is more important than ever. Hackers are hungry for passwords, as they have substantial monetary value. Stories are constantly developing in the media about high profile data breaches and password leaks, leaving thousands of accounts vulnerable to being accessed by cybercriminals. With two-factor authentication (2FA), you get an extra layer of security that hackers can’t easily access, because the criminal needs more than just the username and password credentials. You’re actually using it already and you may not be aware of it. Your ATM card is a 2FA method, via your physical card and your pin number.

What is used for 2FA?

2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.

  • Something you know – a pin number, password or pattern.
  • Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
  Read more...