New Years Resolution: Keeping Cyber Safe!

2021 has ended with a record-breaking year for data breaches.
According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

We’re here to review ways for you to stay protected in the New Year!

Change Your Password

Password safety cannot be stressed enough! Changing your passwords every 60-90 days will allow your information to stay protected. With that, your cyber security will continue to increase.

Not only will changing your password help, but also make sure it is STRONG. Adding symbols, numbers and making sure the length is eight or more characters will help keep the password strong. In the example presented above, pa$$word1a has a more muscular password strength than password1 (please don’t use the model above for your next password).

Webroot has given some great tips for creating a new password. Using a phrase and incorporating shortcut codes and acronyms will keep the password strong while remembering your favorite word or saying. Are some examples 2BorNot2B_ThatIsThe? (To be or not to be, that is the question) or ABT2_uz_AMZ! (About to use Amazon).  Unique passwords are more complicated to break through than weak and simple passwords (please do not use any examples given above).

When selecting a password, do not use any personal information! Using personal information can lead to hackers knowing the answers to your security questions.

Examples of personal information to not use:
Your name
Age
Date of birth
Child’s name
Pet’s name
Favorite color/song

Don’t Use The Same Password For Everything!
Using the same password for multiple logins will cause a more significant issue than you may think. Having the same password for your banking, company sites, or even for your email will allow hackers to get into multiple accounts rather than just the one they got into.

Having different passwords will increase your cyber security to protect your data. It seems hard at first, but having that variety will allow not only your companies information to stay safe, but your data will continue to stay protected.

Use A Password Manager
A password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database, or calculating them on demand.

Having this will alleviate having to write your passwords down on a piece of paper.  Writing your passwords on paper or even putting them on a Word/Google document will create an easier passage for hackers to get into your information and cause malicious attacks.

Installing Multi-Factor Authentication

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

DENY any user that is not you logging in!

Phishing Training

Malicious attacks are happening within your email. Clicking on one bad link could lead to a data breach. Knowing how to identify a phishing scam could not only impact your company data but also your personal information. Phishing training allows you to see simulations of different ways a threat email can come through for you to identify.

 

Cyber Security Tools

At PCS, we offer cyber security tools to help keep your company and information protected. With Managed Endpoint Protection/Next Generation Antivirus, Advanced E-mail Security/Phishing Training, and Multi-factor Authentication, it would be a challenge for malicious attacks to happen.

Log4Shell Java Zero-Day Vulnerability Creates Critical Risk to The Internet

Log4Shell Java Zero-Day Vulnerability Creates Critical Risk to The Internet

An active zero-day Java vulnerability has impacted widely used software from companies including Amazon, Apple, Tesla, Twitter, and Microsoft. The exploit which has been named Log4Shell, manipulates the Apache Log4j2 logging tool in a way that can grant total system takeover to the attacker. The problem is extremely widespread as millions of applications take advantage of Log4j2. This is a 10 out of 10 in severity.

Put simply, this flaw can be remotely exploited from any vulnerable software that accepts text input.

The Apache Software Foundation released the necessary fixes to mitigate the Log4j2 weakness, but as consumers, we are unfortunately at the mercy of the companies who use the tool in their software. Organizations like Apple and Tesla with plenty of resources to throw at the problem have been able to resolve the issue quickly. Smaller companies are likely to take much longer to resolve this issue. So are those that have the Log4j2 tool buried buried deep in their applications.

PCS is working with vendors to ensure the systems we use to support our clients are safe and secure. We will continue to follow this situation as long as it is ongoing.

For more information, visit this collection of Log4j Security Advisories.

Resources for this story:
thehackernews.com
mitre.org

DUO Adds Another Layer of Protection!

Cybercriminals can easily gain access to an account when there aren’t layers of protection from stopping them.
Hackers don’t want to work too hard to obtain information, so making it harder for malicious attacks to happen is ideal.
One way to keep your information safe is having Multi-Factor Authentication!

What is Multi-Factor Authentication?

Multi-Factor Authentication is an additional layer of security to your online accounts. Having multi-factor authentication makes obtaining data difficult for cybercriminals. If it becomes too much of a challenge for a hacker to acquire information, they will move on and not try anymore. Multi-factor can be used for bank accounts, most programs, and even protect the entire workstation/system!

Two-factor authentication means whatever application or service you’re logging in to is double-checking that the request is coming from you by confirming the login with you through a separate venue. You can secure access for any user and device, to any environment, from anywhere. You can get peace of mind knowing that the information stored on particular systems won’t be vulnerable.

How does Multi-Factor Authentication Work?

Typically, a 2FA transaction happens like this:

  1. The user logs in to the website or service with their username and password.
  2. The password is validated by an authentication server, and if correct, the user becomes eligible for the second factor.
  3. The authentication server sends a unique code to the user’s second-factor device.
  4. The user confirms their identity by approving the additional authentication from their second-factor device.

Why Should You Consider Multi-Factor Authentication?

Having multi-factor authentication will not only give companies that added layer of protection that is needed, but it will decrease malicious attacks. Hackers do not want to have a difficult time trying to access a system, but rather get into vulnerable systems. Multi-factor authentication allows you to present two forms of authentication when logging into an account. The authentication will come directly to your device and it will only work for a short amount of time.

Another reason to consider Multi-Factor Authentication is that Cyber Insurance Companies will make it MANDATORY to have.

How Can You Get Multi-Factor Authentication?

Multi-Factor Authentication can be installed through your IT service. Allowing your IT service to install the product will allow them to monitor any issues that were to occur.

Here at PCS, we offer DUO!

Duo is designed for the modern workforce and backed by a zero-trust philosophy, Duo is Cisco’s user-friendly, scalable access security platform that keeps your business ahead of ever-changing security threats. Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of authorization, like a phone or token, to verify user identity before granting access. Duo is fast and easy for users to set up.

 

If you’re looking to keep your company’s data protected, contact PCS!

Information provided for the product is from Cisco.