The Most Important (and Easiest) Security Step You Can Take

Having Good Passwords 

In today’s world everyone should have a password management system in place. Password management entails securing and managing passwords over the course of their lives using long-term strategies. Users must protect their accounts from unauthorized access to accounts and services. 

Good password management involves both setting business policy and putting in place a password manager. More vital data is being kept on many networks as a result of growing technology use and the impact of the COVID-19 pandemic. As a result, a greater amount of data is now exposed. Malicious hackers look for holes in your security posture, or even a lack thereof, and will target a business with a vast network and large assets.

We need to guarantee that the data we store on these systems is safe as we continue to develop and depend on technology, and Password Management is a fantastic starting step. Your primary barrier against fraudsters seeking unauthorized access to sensitive data is a password. Vulnerable passwords were responsible for 81 percent of hacking-related breaches, according to a 2020 Data Breach Investigation Report. 

What are Password Managers?

A password manager is a digital tool that keeps your passwords and digital information in a secure, password-protected location. Password managers can also generate strong passwords that are distinctive. This application helps you establish a password that is different to each of your accounts, which improves data protection. That way if one of your accounts is hacked, the hacked password cannot be used to log in to other accounts. 

Key Advantages of Using a Password Manager

Password managers enable users to write a single password and have each access point’s username and password immediately filled in automatically. Your staff will spend less time struggling with login screens and password recovery and more time focusing on the important things.

In addition, managing who has permission to which accounts can be a problem for many firms, particularly if numerous workers require access to a single account. A password manager will help you handle, manage and update your passwords more conveniently. Some apps even include capabilities that allow one individual to manage an account’s password and grant access to other users without sharing the password. 

If your organization administers a client’s social media accounts, for instance, your social media manager can grant permission to those members of the team who will be updating the social media feeds using the password manager without revealing the client’s actual password. The social media manager can then grant or deny access to anyone without interfering with the work of others.

We Recommend Lastpass 

You can choose from a number of password managers available on the internet like LastPass. LastPass is one of the best password managers because it has a large number of free features that allow most users to obtain what they need without having to spend anything. It is available on most browsers and almost all smart devices, and its commercial editions have more powerful sharing functions. 

Because LastPass never has access to your encrypted data, you and only you have access to it. Your locker is protected by AES 256-bit encryption, which is used by banks. Users can choose from three distinct plans: free, premium, or family. The Free edition includes all of the typical password manager features, as well as a few extras that other services charge for. The free edition of LastPass includes auto-filling, a password generator, one-to-one sharing, encrypted notes, a password strength report, and multi-factor authentication support.

Don’t like Lastpass? That’s ok, there are many other great tools out there to securely store your passwords. Do your research to make sure to find a reputable one. 

Summary of Best Practices 

We know how important your valuable assets are. Take care to adopt these practices to secure them:

  • Use a password manager like Lastpass
  • Use strong passwords (15-30 random characters)
  • Don’t reuse passwords across sites (to prevent widespread breaches)
  • Never share your passwords with anyone (both online or in person)

The bottom line is to use unique and distinctive passwords for all your accounts. Keep in mind to choose a strong, complex yet easy to remember password. Using a password manager will be a plus point because it will enable you to access your accounts with.

How You Can Take a Proactive Approach to Cybersecurity

Every year the volume of cybersecurity threats continues to increase. Approximately half a million new pieces of malware are detected each day. Rules for how to govern data protections are constantly evolving. This means even the most minor of security breaches can be incredibly devastating for your organization, leading to negative publicity, hefty fines, and a loss of confidence in your brand.  

At Insource IT, we can help you implement a proactive approach to cybersecurity. This means understanding your organization, its systems, and user base. This article will dig into how to do that with a dedicated technology partner.  

Identify and Evaluate Cybersecurity Risks 

A proactive approach to cybersecurity is all about understanding, managing, and mitigating risk to your critical assets. The easiest way to get comfortable with your cybersecurity posture is to conduct a comprehensive risk assessment. Here are a few basic steps to ensure a smooth risk assessment within your organization:  

  1. Identify and Prioritize Assets: Determine the scope of the assessment and decide which assets are valuable to attackers.  
  2. Identify Threats: A cyberthreat is anything that could cause harm to your organization. It’s no different than a natural disaster or hardware failure.
  3. Identify Vulnerabilities: You should identify any vulnerabilities that could be exploited to breach security and cause harm to you or your customers. 
  4. Analyze Controls: These are any controls that are in place to mitigate or eliminate the possibility of a cyberthreat. They should be classified as either preventative or detective. 
  5. Calculate the Likelihood of an Attack: You should be able to determine the likelihood of a given attack considering the current control environment your organization has in place. 
  6. Develop a Risk Assessment Report: Finally, you can develop a risk management report that supports management in deciding the level of cybersecurity measures your organization requires.  

Invest in Preventative Cybersecurity Measures 

There is not a single cybersecurity policy that can sufficiently address all the needs of your business. You’ll need to invest in a multi-layered cybersecurity strategy that covers many core areas of cybersecurity, including network security, cloud security, application security, Internet of Things (IoT) security, and more. To lay the foundation for a solid cybersecurity strategy, it’s important to: 

  • Understand the risks your organization faces on a daily basis 
  • Establish protective monitoring to detect and mitigate these threats 
  • Prepare secure data backups that keep your business up and running in the event of an attack 
  • Revisit your cybersecurity strategy as your organization changes and evolves over time 

Never Underestimate the Power of Cybersecurity Training 

A proactive approach to cybersecurity begins with awareness. Lack of proper training can leave employees vulnerable, releasing cyberattacks in your organization. Providing proper cybersecurity training could mean the difference between the success or failure of your business. The responsibility lies on the employer to ensure that employees have the knowledge they need to make responsible decisions or raise concerns. Prioritize cybersecurity training for your employees. We recommend getting executive buy-in, starting training early and often, and making the security health of your organization an ongoing, team effort. 

Stop Relying Solely on Reactive Cybersecurity Measures to Protect Your Business 

If your company’s current cybersecurity strategy is limited (firewalls, antivirus, ad blockers, etc), there’s a good chance that you already have a reactive cybersecurity strategy in place. Today, reactive cybersecurity measures by themselves are not enough to comprise a strong cybersecurity defense. You need to have a combination of both proactive and reactive measures in order to actively prevent cyber threats from crippling your business. For more cybersecurity solutions, including cloud security services, contact the experts at Insource IT. 

Your Backup Plan

When it comes to keeping your business alive, having a working backup of your data is critical. Without it, your business is at serious risk. A simple thing like a malicious link in a scam email can all bring your business to a halt. Yet backup is an afterthought to many people. Failed backups can go unnoticed and unfixed. I can relate; I have an appliance in my basement I still haven’t fixed. Simply put, we sometimes have responsibilities that aren’t at the top of our list.

Fortunately for you, backups are at the top of my list. Every one of our clients has a modern backup plan in place. We test and report the status of their backups constantly. Our clients know their business is safe; and should there be a disaster we will restore it.

A modern backup plan ensures you can survive a catastrophic event because it:

  • Backs up multiple times a day.
  • Takes snapshots of infrastructure for disaster recovery.
  • Saves data onsite and offsite.
  • Has humans to validate that it is working.
  • Reports status to decision makers.

Are you completely comfortable with your backup plan? 

Schedule a free assessment with one of our experts so that you can rest easy.

How To Reduce the Cost of Ransomware

Ransomware is hurting your bottom line whether your business gets hit or not. The average ransomware recovery costs nearly $2 million. Businesses are experiencing cybersecurity insurance premiums going up each year.

Fortunately, there are ways to mitigate risk and reduce cost.

When your business gets hit by ransomware you don’t want to be scrambling, yet most do. Employees will be unable to work. Customers will be unable conduct business with you. Your files are going to look like a scrambled mess. The truth is that most don’t know what to do if this event happens.

To understand how to combat the problem you have to start with the most important thing. People. You should focus on preparing your people. You and your staff need to be on the same page so that during a security event you can react with precision and grace. 

  1. Be Prepared with a Backup & Disaster Recovery Plan
  2. Better Discipline from Regular Staff Training
  3. Learn through Simulated Email Attacks

The next 3 items are the technology. They are the brains behind ensuring you stand a chance against getting attacked. Having smart humans is crucial but smart tech steps in when humans falter. Together they’ll help you stand the best chance of growing your business.

  1. Detect with File System Monitoring
  2. Escalate to Detection and Response Partner
  3. Control Access with Structured Permissions

Your business has a lot to lose. Make sure you have a modern approach to each of these items and rest easier at night.

If you’d like more insight to learn how you can leverage this for your business, feel free to schedule a consultation with us. 

Ransomware Consultation Request

How Facebook Died

Facebook died. Sort of.

If you use Facebook you probably noticed it disappeared. Dead. Gone. If you’re not wondering “why should I care?”, here’s why you should:

Processes. Redundancy. Backups.

Facebook is so big now that when they look for solutions they often select from within their own technologies. So when someone accidentally misconfigured a core networking component they also told the entire internet “uh, sorry, we’re not here anymore.” It was as if Facebook had died. For all practical purposes, they had. Nothing was usable. No family updates, no recipes, no more click bait ads. No FB Messenger and no Whatsapp.

It gets worse.

Once Facebook knew what the problem was, they couldn’t fix it without driving to their datacenter. At the datacenter they couldn’t get in because their smart key system was offline. Now stranded, they couldn’t contact security because Facebook Messenger was down.

At Insource we live for processes, redundancy, and backup. Knowing there are alternatives when stuff happens (and you know stuff is going to happen) is critical to staying alive. That is how we treat your technology. We implement responsible alternatives so that you can do your job, run your business, and yes even check Facebook!

If you fashion yourself a bit of a nerd, check out Cloudflare’s writeup on what happened with Facebook yesterday.

Facebook eventually did get into the building and fix the issue many, many hours later. Just not before Facebook took a $6bn loss.