There are a few things that cause you to have that ‘sinking feeling’ in life. We will be talking about one of them today - being hacked and what to do if it happens to you.
Switching on the TV or looking at social media news, constantly reminds us of the heightened level of cyber-attacks. In 2017-2018, 76 percent of businesses were victims of a phishing attack1. And, over 92% of malware infections were delivered via email2.
Small to midsize businesses are simply not immune to cyber-attacks. We find ourselves in a situation of not if, but when, our company is hacked. In this article, we will explore what being hacked can look like and how to fix it.
There are many ways that computer hacking happens. They include ransomware, which encrypts files then asks for payment to decrypt them to ‘bots’ which take over a computer and turns it into a slave to do the bot’s bidding.
If you become infected by any of the malware out there you often experience tell-tale signs:
Even if you don’t have any tell-tale signs you could still be infected. Malware variants are continuously changing and often are specifically designed to work in a stealth-like manner. This works well for the cybercriminal as it means the malware is less likely to be found and eradicated.
If you are hacked, you need to contain the infection and remediate the incident. Hacks can be caused by many different routes. But once the hack has occurred there are several things you can do to contain the problem:
Disconnect and isolate: Many infections begin in one location and then move across a network to cause widespread infection. Ransomware, for example, can infect across a network and out into Cloud repositories, encrypting files as it goes.
Make sure your machine is disconnected from the rest of your network. This means unplugging the network cable and switching off your Wi-Fi connection. Take care to do this manually as some malware will trick you into thinking the computer is disconnected when it isn’t.
Decontaminate: Removing a malware infection can be tricky. Full decontamination is a process. One thorough way to eradicate an infection is to first remove the infected hard drive. Next, connect it as a non-bootable drive to another uninfected computer. Then, run an up to date anti-virus/anti-malware package from the host PC, to scan and quarantine any malware files on the drive. Now, remove any important files and documents from the hard drive before finally wiping the drive using a secure disk erase utility. You will then have to reinstall the operating system.
Change passwords: Malware infections can be used to log keyboard strokes, collecting passwords as they are used. Change any account passwords that may have been accessed via the infected computer.
Alert others: Make sure colleagues and your IT department know about the breach so they can check for any further breaches. Your company may also have to make a breach notification to relevant authorities as is required by some data protection regulations.
Reduce the risk of it happening again: Using a professionally managed cybersecurity service company reduces the chances of your organization being hacked in the first place. Even if you do end up being hacked, a managed services company can help to professionally and efficiently contain an infection or a breach. For example, if the hack involved ransomware infection, files and documents would likely be encrypted and lost. An outsourced managed services company would be able to swiftly deal with the infection, remove it, and possibly recover any deleted files (some ransomware will make copies of files, encrypt the copy, and delete the original).
In addition, if you do choose to outsource cybersecurity, the managed service company will put a secure backup system in place before an infection happens. In which case, you will be able to fully recover files to replace those encrypted.
In terms of health, “prevention is better than cure”, someone once said. The same is true of our cybersecurity health. Preventing a cybersecurity incident means you don’t have to deal with the aftermath. Remediation of a data breach and a hacked network, takes time; IBM finding that the average time to spot a breach being 197 days3 and then to contain it, a further 69 days. In that time, you have lost money, reputation, and suffered other intangible damages.
With cybercrime at an all-time high, we have to use proven methods to help us fight back. Managed Cybersecurity Services gives us the tools to reduce the likelihood we will suffer a cyber-attack, but it goes further. Having a completely hardened, 100% secure system is never possible; cybercriminals continuously change their tactics. Having an experienced team like those offered by DynaSis managed cybersecurity services on call, means you are covered, no matter what level of cyber-incident has happened. DynaSis will always have your back. DynaSis: The Right Choice for Your IT Support
In 2017, the credit file agency Equifax was hacked. It resulted in 146.6 million Americans having their personal data exposed and the cost to Equifax as a company was massive. To date, the breach is expected to cost Equifax around $600 million1 to resolve - this includes lawsuits. But this is not the only losses Equifax experienced after the breach. The company's share price drop, post-breach, resulted in $4 billion being wiped off their market value.2
The Equifax example is an extreme case, highlighting the cost of a security incident. But the costs associated with a cyber-attack hit all sized companies. In this article, DynaSis, an experienced cyber security company in Atlanta, looks at the costs that a security incident has on a small to mid-sized business.
“The DynaSis team helped educate us on how vulnerable our systems can be if we are not using the right tools. With the advanced security products that DynaSis offers, we feel that our systems are prepared to block out hackers, malware, phishing attacks and any other cyber security risks.”
The simple answer is yes. Cybercriminals do not discriminate. All companies, everywhere, across all sectors, are a target for cybercrime. Every industry, from manufacturing to healthcare to government to financial to education, is being affected. Cisco’s 2018 SMB Cybersecurity Report3 looked into the impact of cybersecurity threats on organizations with fewer than 250 employees. The report found that 53% of SMBs had experienced a cyber-attack. If your company suffers a breach, data is exposed, systems are potentially damaged, and employees lose work time. All of this equals money, reputation, and time lost.
“Cyber security attacks happen every day and are a huge expense to recover from. DynaSis has taught us that the best way to avoid these attacks is to be proactive and have the right solutions in place to protect our network from these outside threats. We are very satisfied with the success DynaSis has in keeping our business safe!”
Cyber security service companies are at the forefront of highlighting and preventing this wave of cyber security attacks. DynaSis sees the devastation that a data breach or cyber security incident causes and we act to make sure it doesn't happen to your company. According to cyber security firm Radware's 2018-2019 Global Application & Network Security Report4, the average cost of a cyber-attack is $1.1 million. This is an increase of 52% on 2017-2018. McAfee5 has estimated that in 2017, globally, cybercrime cost around $600 billion a year.
No company is immune to a cyber-attack. Small businesses are targeted because they commonly lack the support needed to protect against these attacks. In the aforementioned Cisco study, over half of small companies interviewed reported the costs of a cyber-attack were around $500,000. When asked how long they could remain profitable if they lost access to critical data, over half said they would be unprofitable within a month.
The situation is perhaps not surprising when we look at how the security landscape is changing. In the last few years, attack methods like phishing have increased. In a Wombat study6, 48% of respondents had seen an increase in phishing attacks and new methods like cryptojacking saw a staggering 8,500%7 increase in 2017. Small to midsized organizations do not have the internal staff to manage the day-to-day needs of risk mitigation.
When we look at the price that we pay for a security incident, how do we come up with the figures? The cyber-cost equation has many variables:
Some or all of these issues can be felt by a company, post-attack. Many of them are long-lasting and complex. Costs incurred can mean communicating with customers as well as regulatory bodies. This takes time from your business and means paying attorney costs.
“Cyber terrorists are targeting small to mid-sized businesses like ours on a daily basis. The amount of security protection that DynaSis implements helps put us at ease so we can focus on running our business, while they make sure that we are staying safe.”
Small to mid-sized organizations are highly vulnerable when hit with unexpected large costs. The levels of cost in both time and money that results from a cybersecurity incident could be catastrophic for a SMB.
Cyber security services companies exist to bridge the gap between enterprise-level security and the smaller organization. DynaSis is a cyber security services provider in Atlanta. We offer enterprise-grade protection for the small to midsized company. We act as your digital guardian, making sure that the costs of cybercrime stay away from your company door.
Simply put, you don’t need to have an internal dedicated cybersecurity department to protect your business. If you use a cyber security services provider, you can have the best protection and stop your company becoming a costly victim.
Netflix, UPS, Facebook, your bank, and your power company are all companies that you receive emails from regularly. These are the companies that cyber attackers will use to send their phishing emails from to capture your personal information or to install malware on your device. These brands are sophisticated and believable. People click on these emails without thinking twice. Our job at DynaSis, a managed IT service company in Atlanta, is to educate our users on signs to look for that indicate the email is a phishing scam.
There are some proactive things you can look for to protect yourself from these attacks, and by working with DynaSis for IT support, we have the systems and tools available to help keep these emails out of your inbox.
So, what do you do if you find yourself as part of a successful phishing email scam? Here are a few self-recovery steps to take to after clicking on a phishing email.
The best way to avoid a phishing attack is to be aware of what to look for. Learn more about How to Prevent Scams, Phishing and Mis-Sent Emails. DynaSis, a managed IT services company in Atlanta, has the products and tools to help keep you and your staff educated on cyber threats and how to be prepared. Fill out our form today or call 770.629.9615 to learn more about how DynaSis can help keep your company safe.
DynaSis: The Right Choice for Your IT Support
When you open your email inbox in the morning you no doubt experience a tidal wave of emails. You are not alone. Radicati1 looked at the world of emails and found that by the end of 2019 there will be 2.9 billion email users in the world. They also found that email use is only getting stronger every year. By the end of 2019, there will be 246 billion emails sent and received every day.
Email is an amazing way to communicate. Even with the advent of messaging tools and mobile messaging apps, email is still a major tool of business. But is this trust also its downfall?
In this article, we will look at three ways that email trust can and is broken, and how personal vigilance and the use of managed IT support can help you to fix it.
One of the most worrying scams of recent years is the Business Email Compromise (BEC) scam.
BEC scams are big business for cybercriminals. The FBI released a report on BEC scams2 showing losses of over $12 billion. And it is only getting worse, with BEC scam rates up by 136% since 2016.
BEC scams are all about tricking companies into releasing money. The cybercriminal behind the scam uses a number of techniques to achieve this. An example is the case of Walter Stephan3, the CEO of Austrian company FACC Operations GmbH. This BEC attack started with surveillance of Mr. Stephan. The thief was able to then send an email to the finance department that looked like it was from the CEO. This email contained an urgent message to transfer money to a new project (the recipient bank account being controlled by the scammer). In the end, FACC Operations lost around $47 million to the fraudsters.
BEC scams rely on surveillance of key members of staff and tricking other staff members by masquerading as a key employee. The scam may or may not involve email account takeovers. It also may or may not, involve phishing emails, so let’s look at phishing.
Phishing is all about stealing information such as personal data and/or login credentials, e.g. username and password. According to Wombat Security, 76 percent of businesses were victims of a phishing attack4 in 2017.
Phishing takes a number of forms:
Email phishing: An email which looks like it is from a legitimate company but is, in fact, a spoof. The email will either have a link to click on or contain an attachment that is infected with malware. The link will, typically, take you to a website, which looks like a real brand. It will ask you to enter personal data or login credentials. If you do, they will be passed immediately to the cybercriminal behind the phish. Links sometimes go to an infected website which will infect your computer with malware. Email attachments in phishing emails are infected with malware. If you open the attachment it installs malware on your machine.
Spear Phishing: This is a targeted form of email phishing. Many major data breaches have started with a spear phishing email, targeted at a system administrator. The cybercriminal stealing login credentials to privileged areas of a company's IT network.
SMiShing: Text messages and mobile app messages are being increasingly used as phishing conduits. Kaspersky5 saw a 300% increase in SMiShing (the text equivalent of email phishing) in 2017.
Vishing: This is a voice form of phishing. The phisher will call, pretending to be from a well-known organization such as a government tax office or bank. They will then attempt to extract personal information from you.
Data breaches aren’t just about cybercriminals stealing credentials and using them to access databases. Data leaks and accidental disclosure is a major issue for companies too. Data compiled by Gemalto shows that in 2017, 1.9 billion data records were accidentally leaked. Mis-sent emails are one area where sensitive information and personal data can be exposed. An example was seen during the 2014, G20 Summit. The Australian immigration department accidentally sent an email6 to the wrong person, revealing personal details of world leaders like Obama and Merkel. Sending sensitive or personal data to the wrong person can cause financial losses, reputation damage, and non-adherence with regulations.
Preventing complex human-centered email threats, like mis-sent emails, requires a layered approach to security. DynaSis managed IT services in Atlanta can look at your normal working patterns and apply the right tools and training to ensure email is not your weakest link.
DynaSis: The Right Choice for Your IT Support
Compliance with data protection regulations can be a complicated, heavy load to manage, especially for small to mid-sized businesses. For example, Verizon’s 2018 Payment Security Report, shows that, although improving, only 52% of companies meet full compliance with PCI-DSS.
In the last few years, we have seen regulations updated to reflect new technologies and ways of working. Issues like data privacy are now placed center stage by regulations like the General Data Protection Regulation (GDPR) with legal nuances and exacting requirements. Meeting compliance requirements is a full-time and ongoing job. Often, companies have to meet a mosaic of regulations too, including state, sector, and global, complicating the landscape even more. Using managed IT services that specialize in helping your company meet data protection compliance is a vital tool in the compliance armory of the SMB.
To steer you down the path of compliance, DynaSis has pulled together five ways that data protection compliance impacts your organization.
Money: Fines for non-compliance with data protection regulations can be hefty. Under the GDPR, the largest fine is up to 4% of global revenue or $23 million, whichever is largest. Other data breach and non-compliance fines may not reach these figures, but they are still often tens of thousands of dollars. The World Economic Forum has stated that what was previously considered a large data breach a few years ago is now normal. The risks of a data breach cuts across companies of all sizes, and if you are breached you could end up with a large fine.
Data Handling: Data protection laws require you to look carefully at your cybersecurity, general security, and privacy when utilizing personal data and Protected Health Information (PHI). This can be complicated and involve various legal overtures. Your firm will need to have an understanding of data classification, audit, data privacy, and data security. This requires specialist skills. Managed IT service and support companies with compliance expertise help you meet regulatory requirements letting you focus on your core business.
Competition: In a report by an analyst firm, 85 percent of U.S. companies believe that the data protection law, GDPR, will make it harder for them to compete with European companies. The Ovum report also pointed out that data privacy regulations are not uniform across the world. The U.S., for example, has “unclear, varying laws” across different industries and states. The California Consumer Privacy Act (CCPA) is one such U.S., state-centric law which came into effect in 2018. How this law impacts organizations outside of California can be a complicating factor in a company’s choice of where to do business.
Using a managed IT service firm, like DynaSis, with expertise in data protection compliance, including GDPR, CCPA, and industry-specific laws can ensure you are at your competitive best.
Skill costs: The changing technology landscape means that data protection compliance is also changing. Keeping up with new regulations and new laws is something that requires a high level of skill in the legal and technical aspects of compliance. Skills in the area of compliance cost money. The average salary of a compliance officer in the U.S. is $63,746 and can be as much as $155,000. Using an outsourced IT services company helps to bridge this cost.
Reputation damage: The 2017/18 Kroll Annual Global Fraud & Risk Report found that three-quarters of companies experienced damaged reputation due to fraud and cybersecurity incidents. Data protection regulations are designed to prevent data loss, which would otherwise result in company profile damage. Managed IT services and IT support help to get your compliance measures into a compliant state to help prevent data breaches.
Data protection compliance is not something to take lightly. It requires expertise and diligence to meet the exacting requirements of modern data protection regulations and laws. Getting compliance right when you are a small to midsize company is a challenge. However, experts like DynaSis, who have a deep knowledge about data protection regulations, can take the weight of compliance from your shoulders. Outsourcing compliance makes sense when the needs of these regulations are complex and nuanced. Using DynaSis will help your company achieve compliance and let you get on with your core business.
DynaSis: The Right Choice for Your IT Support
In 2016, a business was attacked by ransomware every 40 seconds. In 2017, we saw a massive global ransomware attack, known as WannaCry, hit businesses of all sizes and across all sectors. Attacks of ransomware also rose by 350% in the same year, according to Dimension Data. And, Kaspersky said that a single ransomware attack can cost a small to midsize business up to $99,000.
Ransomware is a sinister and costly form of malware that has taken the cybersecurity world and our businesses by storm. Using managed cybersecurity services can help prevent ransomware infection or can help manage a ransomware incident if the worst does happen.
But what is ransomware and how can managed IT services and IT support help to prevent it?
Ransomware encrypts files and documents on your network. Once they are encrypted you will not be able to open them. The malware can encrypt files right across your network, even those in Cloud repositories. If your business becomes infected by ransomware you can expect the following to happen:
Infection by ransomware is costly, not just because of the extortion price, but because of the disruption to your business.
Infection usually happens in the following ways:
The world of cybercrime is continuously updating the methods used to attack your organization. Keeping ahead of cybersecurity threats requires vigilance and expertise. Using managed IT services, like DynaSis in Atlanta, that offer experts in cybersecurity, gives you the best possible defense against ransomware.
DynaSis provides a managed cybersecurity service that protects across all of the target areas used by cybercriminals. Our managed cybersecurity uses a layered-approach to prevent ransomware, which includes:
2018 has seen continued ransomware campaigns. Malwarebytes has found a 55 percent increase in cyber-attacks, including ransomware, during Q3 of 2018. Keeping on top of cybercrime is a time-consuming and costly exercise. Managed IT support and IT services can do this job for you, keeping your IT resources free of malware and allowing you to get on with the job at hand - making your business successful.
DynaSis: The Right Choice for Your IT Support
Running a company is more than a full-time job, and it takes diligence, focus, and great management to make a business work well. But running a modern business means using modern methods of work. Small businesses need to be innovative to compete. This means using best-of-the-best technology solutions. Fortunately, with the advent of Cloud and mobile computing, the small to midsize business (SMB) can have the same type of technology as their enterprise cousins. But with this technology comes increased and often complex management issues.
Finding skilled staff to manage your IT resources is not easy and IT skills are hard to come by. Research into the skills gap shows growing concern in finding skilled staff. A study by Career Builder has shown that 60 percent of U.S. companies have vacancies that remain open after 12 weeks. The study also found that 67 percent of companies are concerned about a skills gap.
IT skills, and cybersecurity skills, in particular, are much sought after. The skills gap in cybersecurity is expected to see a shortfall of around 3.5 million cybersecurity jobs by 2021.
Let’s explore the benefits of engaging an IT support expert to make sure your technology use goes smoothly.
Our businesses are embracing the digital revolution, just as our chances of finding a skilled person to maintain the technology is decreasing. Outsourcing IT tech support is the alternative that can give us the benefits of technology without the headache. Here are 5 reasons why you should hire an IT support expert:
The average salary for an in-house IT support person who has reached expert qualified level, is around $52K and can be up to $90K, without work benefits included. You are paying for expertise and using a fixed cost. In addition, in a SMB environment, the IT support person might not always be needed. Using managed IT support services allows you to use a variable cost model for your IT support and budget accordingly.
IT staff need to be trained in your company ethos, ways of working, and other areas. They require phones and other supplies. This takes time, money, and effort. Using a managed IT expert will allow you to focus on your core business. DynaSis operates a close business relationship by taking the time to understand your business. The result is a seamless extension to your in-house staff.
Managed IT services employ the best in their field. There may be a limited pool of skilled people, but they will gravitate to companies where they can showcase their strengths. DynaSis managed services only employ domain experts with vast experience - we give you the best possible IT people for a fraction of the cost of recruiting and employing someone of that caliber directly.
Technology changes quickly. Having expert IT people who understand your business can ensure that the decisions you make around technology choices are the best for your organization. Having the most relevant technology in place, and working seamlessly during an upgrade, will keep your company competitive.
IT support is a vital cog in a wider technology machine. This includes working with you to improve your cybersecurity. Choosing a managed services company, like DynaSis, who are experts in cybersecurity and compliance, gives you access to experienced staff. Hiring a managed services IT expert will mean your IT security is monitored. It also ensures that company day-to-day security issues, including everything from forgotten passwords to software patches to phishing emails, are taken care of promptly.
Focusing on your core business is vital in a competitive world. Hiring a managed IT expert allows you to do that, while at the same time, giving you access to best-of-the-best IT staff without the cost. In a world where IT skills are at a premium, and experienced staff expensive, having a partner like DynaSis gives you access to scarce resources allowing you to focus on what you do best - your business. Call us today at 770.629.9615 to learn more about why DynaSis is the Right Choice for Your IT Support!
Fact: 40% of companies today do not have disaster recovery plans in place. Considering the security risk landscape today, this is pretty scary. You have critical assets to protect but if, like many small to mid-sized businesses, you don’t have in-house resources that can handle a risk assessment, not to mention the follow-up disaster recovery plan the assessment may dictate, it’s time to consider bringing an IT support company like DynaSis on-board.
The assessment will accomplish a number of things, in addition to laying the groundwork for a recovery program:
Long-Term Cost Reduction: When companies start thinking about bringing in third parties, they often assume that the end result will be increased costs but this is not necessarily so. By identifying real and potential security flaws in your company’s infrastructure and attacking them proactively, you can be saving your firm from significant future costs that can be associated with both technology failure and compliance infraction fines, aside from the long-term costs of negative public relations and customer/client dissatisfaction.
Improved Future Assessments: Having an assessment completed now can make future assessments more productive. Your IT support provider should be creating a document that can be updated on a regular basis, including ongoing reviews of structure, security, and the ability for corporate self-analysis.
Critical Self-Analysis: An effective IT support and security analysis will guide your employees towards self-analysis and how they are figuring into your organization’s risk and security. Attention will be focused on any risky practices of which your people may be guilty, and will direct them towards the proper way to accomplish their tasks and goals, including strengthening passwords, and the handling of sensitive information.
Cyber Security Risk Avoidance: Your IT support and security assessment will point out security weaknesses within your company. It will also provide recommendations on how to strengthen your security, eliminating potential breaches, thereby saving you from the PR, financial and regulatory disasters mentioned above.
Your Assets: This will include hardware such as servers, workstations, and remote devices. It will tell you how secure (or not) your customer/client information is. Are your company’s trade secrets secure or vulnerable? How secure is your financial information?
Disaster Preparedness: This will include preparation for natural disasters, such as floods, hurricanes, tornadoes, and fires. It will also deal with potential man-made disasters, such as building fires, water damage, etc., as well as accidental and/or malicious human actions. The assessment will let you know if your disaster recovery plan will effectively deal with all these situations.
Vulnerabilities: Where do they exist and how do you and your IT support team fix them? Do you have older equipment that is no longer supported and that no longer receives automatic security updates? Is your staff properly trained? Is there evidence of employee carelessness?
Improving Your Overall “Security Posture”: Do you have the in-house personnel to assess this on your own and make suggestions and improvements that are meaningful and effective?
Cost is always a consideration but we have found that when we are retained by new clients, our fees are almost always the same as or less than the total annual cost these companies have been incurring anyway. Why? Once we are involved, we take over the financial responsibility for all your hardware and security. By proactively maintaining your IT infrastructure, we significantly cut down on the incidents that one way or another cost you money, plus we put you in a better position to sleep better at night!
Here is a basic reality: there is no way a small or mid-sized company can afford the same level of security and IT support that they can achieve by hiring a highly qualified managed IT support provider such as DynaSis. After all, we have been in the business for more than 26 years, serving Atlanta’s small to mid-sized business community. Call us today at 770-629-9615. And remember, we are DynaSis: The Right Choice for Your IT Support!
You have no doubt been hearing about cloud networks over the past few years and understand that many businesses are searching for more and more ways to utilize this technology. As with most everything new that comes along, there are benefits and challenges. That said, you don’t want to be the company that fails to embrace new technology and find yourself being left behind. To do so you may find yourself virtually irrelevant when being considered by potential new customers or clients as they choose to partner with firms similar to yours, but that are more up-to-date in terms of network security, versatility, and speed to market. Here at DynaSis, having provided IT support in Atlanta for more than a quarter century, we can give you proper guidance in determining your best way forward.
One of the first decisions we will help you make is to determine the type of network in which you need to invest: public, private, or hybrid. A private cloud network is usually one that is owned by a large company and only serves that company, while public cloud networks are generally owned by major corporations and serve many companies of all sizes. There are also public clouds owned by very small companies, but we advise you to be very careful before engaging with this type of vendor as security may be a concern. Hybrid clouds, as the term implies, combines features of public and private. Which one to use is a determination in which we, as an IT support company in Atlanta, can give you guidance, but for the purpose of this blog, let’s take a quick look at the different deployment models.
In a private cloud computing model, a company uses its own proprietary architecture to run its own cloud servers within its own data center. This is what we call “single tenant architecture”. Your own hardware is used within your own premises and your IT team has direct control of the underlying infrastructure.
In this cloud computing model, a third party, generally a significantly sized company or major corporation, provides complete computing resources over the internet. Because the vendor is providing a complete service, the customer (your company) does not need on-premises server hardware. This is what we call “multi-tenant” architecture. Costs can be variable with rapid adjustments made as business’s computing requirements change.
This, of course, is a mixture of the above, combining some of the benefits of public and private.
Choosing between the different cloud models requires an in-depth look at your current infrastructure. DynaSis provides a complementary IT network and security assessment. During the assessment a highly experienced Solutions Architect and staff will analyze your network for capacity, security, speed, flexibility, and how up-to-date all your equipment is in terms of technical support and expected life.
If you choose, we will then provide you with cost estimates that may include new equipment that can be financed in such a way that your upgraded service and equipment actually costs the same or even less than your current costs. Because we assume the financial risk of the new equipment, we have the incentive to make sure it is always running at peak performance. This is truly a win-win situation.
Want to learn more about our IT support in Atlanta? Give us a call today at 770-629-9615 or contact us online. And remember, we are DynaSis: The Right Choice for Your IT Support!
Combining your cat’s name with your street address number does not make a secure password. Whiskers2089 just won’t cut it. In fact, most of the “fool-proof” passwords people use are anything but. Chances are, they have made one or more of the commonly used password mistakes and, unfortunately, almost anything we do to make remembering them easier for us, makes it easier for hackers to crack them. Our brains are filled with so much information these days, it’s very tempting to take the easy path, but as an Atlanta IT services company, we have to let you know that this can open you up to security breaches.
Have you ever created an account on a website and they let you know if the password you are entering is weak or strong? This can be very helpful, but so is knowing the criteria that determines this. Here are things that as an Atlanta IT services company we have found keep passwords from being strong:
Remember, your password is a code and the more complex it is it, the harder it is to decipher.
Using the same password very every website is a bad idea. While it might make your life easier, it also makes life easier for those who would try and hack into your accounts. As an Atlanta IT services company, we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, and store cards were hacked at the same time! As annoying as it may be, you really need different passwords for each account.
We all have seen prompts to store passwords when we open up new accounts or change passwords. It certainly makes life easier…until it doesn’t. It greatly increases the chances of one or more of your accounts being hacked, and, if you are using the same password on multiple accounts, it gets even easier.
Here are some basic, generally accepted tips:
There are practical and impractical ways to create safe passwords. We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL. But just try remembering passwords like this for four credit cards, two store cards, and two bank accounts!
That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: transformermobiletandem or platterjockeyfences. Then add some capital letters: transFormermobilEtaNdem. We’ll explain this in more detail later.
You’re probably thinking: I have eight financial accounts; how can this possibly be practical? Or, I’m running a business. I can’t expect my employees to do that. Let’s look at some practical solutions.
This is a practical solution for many businesses as they allow you to maintain a large number of passwords as well as in depth information about your accounts. They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that when you go to these accounts, your passwords are automatically entered. An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember a single password.
Many password managers also incorporate multi-factor authentication, something that we as an Atlanta IT services company applaud. The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to copy a code they sent you and paste it into a blank field on your screen? This is one form of multi-factor. “Multi” means more than one way to identify you. Fingerprints and retinal scans may also be used.
While in today’s world, nothing is truly 100% safe, we believe that the average person can develop a system to get almost there. Here is one method that may work for you. Just keep in mind two things: 1 – your passwords still need to be changed every three months, and, 2 – it’s still a bit of work. There is no such thing as simple password protection.
As we stated above, experts currently believe that the most secure passwords are those made of three unrelated words, like carouseltabledrum or relaxsweetfloor. Then change a couple of letters to capitals using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 6th and 8th letter so you have carouSeLtabledrum or relaxSwEetfloor. That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We already are using: carousel, table, drum, relax, sweet, floor, so we will stick with these. Important: the first letter of each word must be different.
To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words, and capitalizing two of those letters.
Now, in your smart phone, under a fake name (that you will remember), create a list that starts with the last two numbers each of your financial accounts and ends with the three letters of that password:
You can now go to the fake name in your smart phone and you will see that the password for your credit card ending in 56 is carouSeLtabledrum.
IT security is becoming more complex by the day. Why? Because really talented cyber criminals are working day and night to figure out new ways to compromise your network and gain access to your most sensitive information, or to lock your files and hold them for ransom. At DynaSis, we have been on the job for more than a quarter century, protecting small to mid-sized businesses across metro Atlanta. Give us a call today at 770-629-9615 so we can discuss how we can protect your business and why DynaSis is the right choice.