Things you should never do when creating passwords

Things you should never do when creating passwords

Everyone always had advice on how to create a password… but what about how not to create a password? In other words, what are the things you should never do if you want to create and maintain a solid collection of passwords? Here are a few things to try avoiding.

Using words found in the dictionary

Don’t ever create a password that consists of one lone word that can be tracked down inside a dictionary. When a group of hackers play out a brute force attack, automated software basically throws out a bunch of guesses until they find the correct password. And typically, dictionary words are the first guesses thrown out.

Reusing old passwords

This goes two ways. Never take a password you’ve used in the past and use it for a new account, and never take a password that is currently being used on one account and use it for a second account. This is because if one account gets hacked, any account relying on the same credentials could also be hacked – and it won’t even be hard. All a hacker has to do is plug-and-play, no hacking necessary.

Using common phrases

Just like it’s easy to crack a dictionary word, it’s also pretty easy to crack a password created from a common phrase… something like ?ilovelove? or ?peanutbutteandjelly? or ?tobeornottobe.? Password-cracking software will automatically check for combinations like these, too.

Using an ordered sequence of numbers

Everyone says to throw numbers and characters into your passwords to make them stronger, and that’s a solid tip. However, it doesn’t always help. For example, throwing a 1 or 123 onto the back or front of a password won’t do anyone any good except a hacker. To legitimately strengthen your password, shoot for random combinations of numbers (5024 versus 1234) or a random placement (pass5024word versus password5024).

Using information that can be found on social media

Sometimes hackings are targeted and closer to home. It’s not always a massive attack on a random website. Because of this, you need to be careful with the ?things? you base your passwords off. For example, using your spouse’s name or your favorite football team as your password isn’t a good idea. This type of information can quickly be found on your social media profiles.

Writing passwords down on paper

For some weird reason, people think it’s okay to write down their passwords and keep them on their desks or stored in a drawer. This is a terrible idea. Random hackers from some far-off country aren’t the only sources of hackings. A hacking could happen right in your own background and even inside your own office. Don’t leave your password laying around from someone to pick up and do what they please with.

Sharing passwords

Never at any point is it okay to just give your passwords out. Even if it is a trusted friend or your brother from another mother, don’t do it. They may not do it intentionally but there’s always the possibility that your password could get loose. It’s better to play it safe and keep your passwords to yourself.

The Internet can be a very dangerous place, which is why it’s important to have strong passwords as your first line of defense. If you’d like to learn more about internet security and best practices, contact us today!

4 ways cybercriminals use social engineering to steal your data

4 ways cybercriminals use social engineering to steal your data

Social engineering is yet another tactic cybercriminals could use to steal data from an unsuspecting company. However, this tactic is slightly different than typical methods, mainly because it preys on the human element. Here are a few of the most common ways social engineering could play out in your business.

Sending an email

The majority of people are most accustomed to this form of social engineering, commonly known as ?Phishing.? They receive an email with a message asking them to send over private information, download an attachment, or click on a link. Another strategy used is called ?Pretexting,? in which the criminal uses personal information they already have (such as your birthday, address, or social security number) in order to get more information from the victim.

Offering you something

These criminals could offer you something in return for specific information. Some of the information they could request are login credentials, credit card numbers, or client records. The hacker will typically offer a large sum of money in exchange for the info, but don’t expect a dime from them. If it’s too good to be true, then it probably isn’t.

Posing as someone you know

In most cases, a person using social engineering tactics will pretend to be someone they aren’t. The criminal could pose as your boss or a friend, and send you an email asking for a favor or to wire money to a bank account number they provide. They are also infamous for creating fake social media profiles and reeling in their victims that way. These types of attacks have increased over the years thanks to sites like Google and LinkedIn, which hackers use to find out just about anything they want about a company and its executives.

Putting up a relevant ad

You see an online advertisement everywhere these days, and cybercriminals have caught on to the trend. They are becoming notorious for running extensive online advertising campaigns, in which they will offer a product or service, and then trick the victim into downloading ransomware onto their computer. Commonly referred to as the ?Rogue? technique, you will

most commonly see this as an advertisement for an anti-virus software, or as an alert from your computer stating your system has been infected.

Social engineering won’t be going away anytime soon, which is why it’s crucial to regularly train your staff on email and internet best practices. If you need any assistance protecting your business from these types of attacks, then give us a call today!

3 Ways to Enforce an Internet Culture at Work

3 Ways to Enforce an Internet Culture at Work

It’s safe to assume that you want your staff to be more productive and efficient when at work. It may also be safe to assume that you’ve seen your employees waste a lot of time on the internet when they should be working instead. They’ll waste time on Facebook, stream movies on Netflix, order stuff off of Amazon, and they might even be on looking for another job (on your dime).

As a matter of fact, studies show that around 64% of employees waste an average of 2-hours a day on non-work related websites every day. That’s 25% of their work day if they work the typical 8-hour shift!

So if you’re looking to get your employees back to work, follow these three simple steps:

Content Filtering

The easiest way to boost productivity is by enforcing content filtering, which involves placing limitations on which websites your employees are allowed to visit and when. The best part is, you probably already have the tool you need to do this! Your firewall, which is typically used to sets rules on what’s allowed to enter or leave your network, will most likely have a content filtering management tool for you to block certain websites, popular messaging and chat applications, game applications, and to set security options to disable certain online activities.

If you don’t have a firewall, you have bigger problems to worry about.

Implement a Computer Usage Policy

If you don’t feel comfortable blocking user internet access, another option would be to create a Computer Usage Policy, in which you would review with and have all employees sign. This should also be a part of the onboarding paperwork when you bring on a new employee.

An effective Computer Usage Policy will clearly outline which websites they can and cannot visit during business hours, what they can and cannot download, email best practices, and computer misuse policies. Even with all of this, you need to clearly outline the disciplinary action that you will take if an employee violates the policy, which needs to be strictly enforced and consistent across all departments. They need to understand that their computer and internet access is the property of the company, and should only be used for work-related purposes.

Setting password controls

The third, and probably easiest, way to limit internet access is by setting password-level controls. Think of it as setting parental controls for your children at home. This process includes assigning each employee to a specific network user group with preset rules and limitations based on their log-in


passwords, which would carry over no matter which computer they use. This would be a great strategy if you have some employees that share computers in the office.

If you need assistance implementing an internet culture for your business, please give us a call today. We have the knowledge and expertise to get those 64% of time-wasting employees back to work!

5 Ways to Keep Your Staff Mobile and Secure

5 Ways to Keep Your Staff Mobile and Secure

These days, work doesn’t just happen from nine to five. With smartphones and other devices, business happens 24/7. As a boss, it’s important to foster mobility—but, at the same time, boundaries should be established to keep your data as secure as possible.

Even if you don’t supply your staff with company devices or require them to work from home, most employees still use their personal devices to access company information from work and on-the-go. For this reason, it’s important to take the security of these connected devices very seriously.

Here are a few best practices to keep your staff mobile and secure:

1. Require regular training sessions

Employees definitely won’t take cybersecurity seriously unless they truly understand the damage it can have on the company they work for. Require regular training sessions and motivate your staff to learn the implications of unsecured devices. No one wants to be the one responsible for taking down the entire business, do they?

2. Require MDM software

Mobile Device Management (MDM) software allows you to secure company data if a device is lost. Downloaded only at the agreement of the device owner, this software can wipe data remotely, reset factory settings, or completely erase a device. You never know what can happen if a lost device winds up in the wrong hangs. MDM software is your plan B and shouldn’t be a problem if your staff has the company’s best interests at heart.

3. Register and update all connected devices

Register all connected devices with the IT department (or with upper management if you don’t have an IT department). Registering devices gives your techs the ability to know if and when a device turns up missing, and it also gives them the ability to monitor, track, and install all required updates. If you can’t get all your employees to remember to register new devices, then refuse Wi-Fi access to all unregistered devices. We all love free Wi-Fi at work, so taking it away until they register is a very effective method.

4. Create a mobile device policy

Smartphone usage puts your company at risk when precautions aren’t taken. If employees want to use their devices for work (or on the company network), then you need to establish a BYOD (bring your own device) policy. Most employees are more than willing to sign on the dotted line and accept the terms and conditions. Just make sure they know what they are and can completely understand them.

5. Don’t forget about the apps

Most companies are so concerned with who is connected to their network that they forget to think about why they’re connected. With so many cloud storage apps, sharing apps and collaboration apps, the security fears are endless. Use mobile app security tools to identify problem apps and to block network access until threats are removed.

Not sure on where to start with all of this? Contact us today and we’ll be glad to help!

Everyday Habits that Leave You Vulnerable Online

Everyday Habits that Leave You Vulnerable Online

Whether you check social media, read email, or do most anything online, your internet behavior can put you at risk. Hackers and scammers take advantage of your online movements to get your financial data and other sensitive information to use for their gain, at your pain. To stay safe and protect your identity, make sure you avoid these everyday habits that leave you vulnerable online.

1. Using the same password for multiple accounts

You already know that your passwords should be strong, duh. But besides using long combinations of random numbers, letters, and symbols, you should also make each password you use unique to that account. If you use the same password for multiple accounts, a hacker who gains access to one account also has access to your other accounts. So keep separate passwords and change them every few months. Sound like too much to remember? Some great options include LastPass or Dashlane.

2. Oversharing on social media

It’s easier than ever to share details of your life, but all that social media sharing can leave you vulnerable to identity thieves, who can piece together information you share to crack your passwords and answers to security questions. Disable location sharing, don’t reveal your birthday or the first concert you attended, and give a second thought to telling the world you’re on vacation. It’s always better to post after you’ve returned! There’s nothing worse than advertising that your home is unattended from this date to that date.

3. Regularly connecting to public Wi-Fi

Although you may enjoy setting up a makeshift office in a coffee shop equipped with Wi-Fi, tread very carefully. Public Wi-Fi networks make it easy for hackers to see everything you do while you use the connection. If you must use public Wi-Fi, never log into banks or social media accounts, and consider using a virtual private network (VPN) to protect your sensitive data. VPNs act like a tunnel around your information so potential thieves cannot see all your data.

4. Immediately opening an unfamiliar email

If you don’t think twice before opening an email (or attachment) from an unfamiliar sender, you put yourself at serious risk of phishing. Phishers are scammers who send emails containing links or attachments that, once you click on them, can trick you into revealing your login information or infect your computer with malware or ransomware.

Be mindful before opening any unusual emails, and pause before clicking on links or attachments that seem suspect. Before you click on a link that appears to be from your bank, for example, go directly to your bank’s website or call your bank to determine if the email is legitimate.


Or, if you’re using a desktop computer, hover your pointer over the link and see where it really redirects to.

5. Accepting invitations from strangers to connect

Although online platforms offer legitimate professional networking opportunities, be wary of impulsively accepting invitations and requests from strangers. Cyberstalkers can use social networks to gain information on potential victims and send unwanted messages. Before you add a stranger to your social networks, take a good look at his or her profile and consider the risk. It can be easy to assume you’ve simply forgotten that person from a brief interaction at a networking event, but that’s why looking closely at their profile will help you weed out the scammers from the real people.

6. Relying on Autofill

When you’re logging in to an account or doing online shopping, autofill and autocomplete features can save a ton of time. But storing your data makes it seriously vulnerable to cybercriminals. Make sure you disable autofill on your browser, and take the extra time to manually type in your credit card number each time you buy something. It may seem like a hassle now, but it’s a breeze compared to dealing with identity theft. Trust us.

7. Overlooking old accounts (personal or work-related)

Whether you have to create a username and password to read a random article or try a yoga class at a new studio, it’s easy to rack up a large number of online accounts. But having your personal information stored on multiple unused accounts can put your data at risk. Keep track of every new online account you open, and delete any accounts you no longer use. Doing so will ensure that only the companies and platforms that you’re active on will have access to your data.

8. Leaving a computer unattended

Some criminals are more low-tech. If you regularly leave your computer, phone, or tablet unattended, you put your information at risk. Even leaving your devices unattended while you go to the restroom or get coffee can leave you vulnerable. The United States Computer Emergency Readiness Team (US-CERT) recommends you lock your computer any time you’re away from it. Protect your devices with a password that you must enter each time, and close your laptop’s lid (or put it to sleep) when you step away from it.

The internet can be a very dangerous place. Contact us today to learn more about keeping your personal and professional online presence secure.