Why We All Need a Password Manager

The more connected the world gets, the more vulnerable we become. For years many years now, there has a well-known website that collects and exposes thousands of insecure webcams from around the world. Anyone with web access can see these private camera streams. What lets the feeds be accessed so easily? In most cases it’s the installer’s use of a default password. Easy fix, right?  This can be done by anyone, even if they are not technically skilled. Changing passwords and logging the info is one great non-technical improvement to your security posture.

Default passwords are just one of several errors people tend to make with their passwords. Other common problems include obvious password choices, poorly stored passwords, and reuse across multiple accounts. This should be common knowledge thanks to the frequent news stories. Unfortunately, though, year after year this problem does not seem to improve much.

It’s easy to understand why bad password hygiene exists. We are all busy, and most of us have dozens if not hundreds of accounts that should have unique credentials. Some great day, the solution will be that passwords have become a thing of the past. Luckily there is a simple answer to this problem in the meantime. A password manager can securely store all your credentials, and make proper handling of login info much, much easier.

Password manager programs keep your passwords and other critical info in an encrypted vault. This setup only requires you to recall one difficult master password to recover your information. While a single access point might sound like a key that opens many castles, using multifactor authentication can help to keep your master password secure.

With a password manager handling the burden of remembering credentials, you’ll be able to use complicated and unique passwords across all your accounts, whether it’s six or sixty. That means a piece of your info showing up in a known breach will only require changing only one credential. In most cases, the password manager will even fill the info in for you when it’s time to log into an account.

A web search will return a dizzying amount of password manager options. There are more than can possibly be discussed in this article. Commercial versions are available, as are self-managed options. Most of the products are likely good, affordable choices.

Be sure to look for the following features:

  • Unlimited password storage
  • Multifactor authentication
  • Fingerprint or face recognition login
  • Unlimited devices & sync
  • Secure record sharing
  • Emergency access
  • Web browser integration
  • Web application
  • Strong password generation
  • Multi-platform pc and mobile device compatibility

The truth is password managers can change the way you function online, making life simpler yet safer.  As with any security plan though, a password manager is only one piece of the big picture. Their setup will take little bit of time, too. However, if you take the time and use them in conjunction with multi-factor authentication, frequent system updates, antivirus, and so on, you will make the dreaded hacker’s job much more difficult.

New Years Resolution: Keeping Cyber Safe!

2021 has ended with a record-breaking year for data breaches.
According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

We’re here to review ways for you to stay protected in the New Year!

Change Your Password

Password safety cannot be stressed enough! Changing your passwords every 60-90 days will allow your information to stay protected. With that, your cyber security will continue to increase.

Not only will changing your password help, but also make sure it is STRONG. Adding symbols, numbers and making sure the length is eight or more characters will help keep the password strong. In the example presented above, pa$$word1a has a more muscular password strength than password1 (please don’t use the model above for your next password).

Webroot has given some great tips for creating a new password. Using a phrase and incorporating shortcut codes and acronyms will keep the password strong while remembering your favorite word or saying. Are some examples 2BorNot2B_ThatIsThe? (To be or not to be, that is the question) or ABT2_uz_AMZ! (About to use Amazon).  Unique passwords are more complicated to break through than weak and simple passwords (please do not use any examples given above).

When selecting a password, do not use any personal information! Using personal information can lead to hackers knowing the answers to your security questions.

Examples of personal information to not use:
Your name
Age
Date of birth
Child’s name
Pet’s name
Favorite color/song

Don’t Use The Same Password For Everything!
Using the same password for multiple logins will cause a more significant issue than you may think. Having the same password for your banking, company sites, or even for your email will allow hackers to get into multiple accounts rather than just the one they got into.

Having different passwords will increase your cyber security to protect your data. It seems hard at first, but having that variety will allow not only your companies information to stay safe, but your data will continue to stay protected.

Use A Password Manager
A password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database, or calculating them on demand.

Having this will alleviate having to write your passwords down on a piece of paper.  Writing your passwords on paper or even putting them on a Word/Google document will create an easier passage for hackers to get into your information and cause malicious attacks.

Installing Multi-Factor Authentication

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

DENY any user that is not you logging in!

Phishing Training

Malicious attacks are happening within your email. Clicking on one bad link could lead to a data breach. Knowing how to identify a phishing scam could not only impact your company data but also your personal information. Phishing training allows you to see simulations of different ways a threat email can come through for you to identify.

 

Cyber Security Tools

At PCS, we offer cyber security tools to help keep your company and information protected. With Managed Endpoint Protection/Next Generation Antivirus, Advanced E-mail Security/Phishing Training, and Multi-factor Authentication, it would be a challenge for malicious attacks to happen.

Log4Shell Java Zero-Day Vulnerability Creates Critical Risk to The Internet

Log4Shell Java Zero-Day Vulnerability Creates Critical Risk to The Internet

An active zero-day Java vulnerability has impacted widely used software from companies including Amazon, Apple, Tesla, Twitter, and Microsoft. The exploit which has been named Log4Shell, manipulates the Apache Log4j2 logging tool in a way that can grant total system takeover to the attacker. The problem is extremely widespread as millions of applications take advantage of Log4j2. This is a 10 out of 10 in severity.

Put simply, this flaw can be remotely exploited from any vulnerable software that accepts text input.

The Apache Software Foundation released the necessary fixes to mitigate the Log4j2 weakness, but as consumers, we are unfortunately at the mercy of the companies who use the tool in their software. Organizations like Apple and Tesla with plenty of resources to throw at the problem have been able to resolve the issue quickly. Smaller companies are likely to take much longer to resolve this issue. So are those that have the Log4j2 tool buried buried deep in their applications.

PCS is working with vendors to ensure the systems we use to support our clients are safe and secure. We will continue to follow this situation as long as it is ongoing.

For more information, visit this collection of Log4j Security Advisories.

Resources for this story:
thehackernews.com
mitre.org

DUO Adds Another Layer of Protection!

Cybercriminals can easily gain access to an account when there aren’t layers of protection from stopping them.
Hackers don’t want to work too hard to obtain information, so making it harder for malicious attacks to happen is ideal.
One way to keep your information safe is having Multi-Factor Authentication!

What is Multi-Factor Authentication?

Multi-Factor Authentication is an additional layer of security to your online accounts. Having multi-factor authentication makes obtaining data difficult for cybercriminals. If it becomes too much of a challenge for a hacker to acquire information, they will move on and not try anymore. Multi-factor can be used for bank accounts, most programs, and even protect the entire workstation/system!

Two-factor authentication means whatever application or service you’re logging in to is double-checking that the request is coming from you by confirming the login with you through a separate venue. You can secure access for any user and device, to any environment, from anywhere. You can get peace of mind knowing that the information stored on particular systems won’t be vulnerable.

How does Multi-Factor Authentication Work?

Typically, a 2FA transaction happens like this:

  1. The user logs in to the website or service with their username and password.
  2. The password is validated by an authentication server, and if correct, the user becomes eligible for the second factor.
  3. The authentication server sends a unique code to the user’s second-factor device.
  4. The user confirms their identity by approving the additional authentication from their second-factor device.

Why Should You Consider Multi-Factor Authentication?

Having multi-factor authentication will not only give companies that added layer of protection that is needed, but it will decrease malicious attacks. Hackers do not want to have a difficult time trying to access a system, but rather get into vulnerable systems. Multi-factor authentication allows you to present two forms of authentication when logging into an account. The authentication will come directly to your device and it will only work for a short amount of time.

Another reason to consider Multi-Factor Authentication is that Cyber Insurance Companies will make it MANDATORY to have.

How Can You Get Multi-Factor Authentication?

Multi-Factor Authentication can be installed through your IT service. Allowing your IT service to install the product will allow them to monitor any issues that were to occur.

Here at PCS, we offer DUO!

Duo is designed for the modern workforce and backed by a zero-trust philosophy, Duo is Cisco’s user-friendly, scalable access security platform that keeps your business ahead of ever-changing security threats. Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of authorization, like a phone or token, to verify user identity before granting access. Duo is fast and easy for users to set up.

 

If you’re looking to keep your company’s data protected, contact PCS!

Information provided for the product is from Cisco.

Reduce The Risk of Spam Emails!

About 122.3 billion email spam messages get distributed each day.
That’s about 85% of the world’s daily email traffic.
But what if we told you there was a way to have protection against spam AND have email threat protection?
We’re here to review a way that can help companies keep their email protected.

Essentials for Email Security

In today’s cyber-threat environment, email security and compliance solution is crucial. Having security that delivers comprehensive security against revolutionary attacks while being able to deploy, configure and manage can be difficult.

With Barracuda Essentials for Email Security, it provides:

  • Complete, cloud-based protection against advanced targeted attacks
  • Helps ensure email continuity
  • Scans outgoing email to prevent data loss
  • Creates unalterable email archives

This is all happening without the need to install any additional hardware or software!
Let’s go into detail on how Barracuda Essentials for Email Security works!

Comprehensive email threat protection: Protects against phishing, malware, ransomware, and other sophisticated, email-borne threats. Barracuda explains that its multi-layered, cloud-hosted scanning engines include Barracuda Advanced Threat Protection, which combines behavioral, investigative, and sandboxing techniques. Sandboxing techniques is when they execute a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens.
It automatically scans email attachments in real time; suspicious attachments are denotated in a sandbox environment to observe its behavior. Link protection redirects suspicious and typosquatted (a form of cybercrime that involves hackers registering domains with deliberately misspelled names of well-known websites) URLs to protect email recipients against accidental malware downloads.

Archiving for compliance: Barracuda Cloud Email Archiving Service integrates with Exchange and other cloud-based email services to create a cloud-based, itemized archive. It allows granular retention policies, extensive search, role-based auditing/permissions, legal hold, and export.

Ensuring business continuity: Barracuda Email Continuity ensures that email can still be delivered during email outages or loss of connectivity. Email operations continue by falling over to a cloud-based email service in case primary email services become unavailable.

Keeping your company secure is what we strive for!

For more information, contact PCS!

ALL PRODUCT INFORMATION IS BY BARRICUDA

Keep Your Internet Traffic Secure!

With a current worldwide estimated population of 7.8 billion, approximately 4.93 billion people have access to and use the internet frequently.
That means that 63.2% of the world population uses the internet.
So why should anyone think to have a protective DNS service?
We’re here to review what a protective DNS service is and how it can benefit everyone!

What Is A Protective DNS Service?

Protective DNS service creates a highly secure, private, resilient and manageable connection to the internet. This filtering stops most internet threats before they can infected networks or endpoints.

Why Do You Need A Protective DNS Service?

With todays businesses, they need secure, private, manageable and visible control over internet traffic. The DNS (Domain Name System) resolves internet requests through a global system of servers, then translates those requests into their unique IP (Internet Protocol) addresses. But using a protective DNS service, organizations can control their networks and maintain the security, privacy, and visibility they need to protect IT setup and users … Even those working remotely!

Webroot DNS Protection Features: 

  • Secure and Reliable Internet Security
  • No on-site hardware to install
  • IPv4, IPV6, HTTP, and HTTPS filtering
  • 80 web categories
  • Roaming and mobile user protection
  • WiFi and guest network protection
  • Policy control by user, group, or IP address
  • On-demand drill-down reporting

How Can You Get A Protective DNS Service?

Here at PCS, we provide organizations ways to stay safe and secure through such vulnerable times.

PCS offers Webroot DNS Protection to help companies stay secure.
Below are attributes that can help organizations understand what Webroot can do.

Webroot is different from other DNS Protection services.
Here is how:

Webroot DNS Protection also secures your mobile workforce without interfering with the VPNs, firewalls, and security tools you already use.

Webroot DNS Protection and your organizations VPN work together to:

  • Protect end users on any network, anywhere
  • Provide a secure encrypted connection
  • Never slow down DNS requests
  • Stop malicious inbound web traffic and threats
  • Provide full visibility into users’ internet activity

Protective DNS Services allow organizations to stay secure while maintaining the security, privacy, and visibility they need to protect IT setup and users. Continue to keep your business secure!


For more information, contact PCS
!

Trick or Treat! – Cyber Security Awareness At Your Door

Halloween is right around the corner!
October is also Cyber Security Awareness Month and we’re here to review some tips to keep your information safe.

Don’t Click Spooky Links From Strangers

We’re taught to never take candy from strangers, so opening links from an unknown source can be just as dangerous! Phishing scams are designed to make their victims believe they are interacting with a trusted website/user. Once the hacker gains the users trust, they will attempt to collect login credentials, financial data, or account information. This could cause a data breach and could affect you and your companies data.

Rather than opening untrusted emails or links, try to verify the information by looking it up to see if there is a website associated with it. You may also want to try phishing training within your company to ensure that your employees understand what a phishing attack looks like.

Chase Away The Lurking Monsters

Unlike Halloween monsters that go away after the holiday is over, online monsters can infiltrate your computer for months without being noticed. Using your computer on a public Wi-Fi can leave your computer vulnerable and easier to attack your data.

It is important to use a VPN (Virtual Private Network) while using a public network to keep your information secure and encrypt traffic between your devices on public, unsecured network.

Using A Strong Password Will Protect Your Candy

Protecting your candy on Halloween night from bullies or your older sibling is crucial. It is also crucial to have a strong password and maintaining it. Having a strong and secure password will keep your information safe, but changing it every 60-90 days will continue to keep hackers away from your data. Your password should include: upper and lowercase letters, numbers, symbols, and punctuation.

It is important as well to have different passwords for all of your accounts.

Don’t forget a password manager! Password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database or calculating them on demand.

Garlic Will Keep The Vampires Away

A great way to keep vampires away is to have garlic around your neck. Keeping hackers away starts with having Multi-Factor Authentication.

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

Don’t get the monsters compromise your data!

For more information, contact PCS!

Cyber Security – Back To School Edition

Back to school is here and we start to see more children using technology for their assignments/homework.
We also see parents posting pictures of their children with back to school chalkboards.
We’re here to remind that anything can be used as personal data to hack into your information!

Back To School Pictures

September is that time where users can sign in to social media platforms and see those adorable back to school pictures that parents post. Posting pictures of the chalkboards with the child’s school, favorite things, grade, etc. Seems harmless, right? Not for hackers it isn’t. Malicious attacks can happen to your personal accounts just by posting a picture on social media.
Based off of this picture, hackers can see what your child’s name is, school, and sometimes favorite color. Based off of this, sometimes it can trace back to your password hints. Try to keep all personal information sacred and not posting the detailed chalkboards on social media.

Keep it personal to family/friends and try to keep it simple for social media. Be very mindful of what you post on social media. Don’t post any personal information that you don’t want someone using for a cyber attack.

DON’T!

DO!

Homework On Personal Computer

Now that the school year is starting, so will all the homework assignments that children will have to complete through different websites. One thing can lead to another and they can click on a link that can lead to a malicious attack happening. Be cautious on what your child is doing online! Clicking bad links can lead to your personal information on your PC to be accessed.

Clicking on a suspicious link is dangerous:
Information is sent.
Malicious software can be launched.
Your location can be determined.

If you don’t completely trust the site, don’t let it install or launch anything on it. Always make sure you have your firewall activated and monitor your child while using websites to make sure they don’t accidentally click on a link that would cause an attack.

Make sure you also familiarize yourself with all the websites your child needs to complete their assignments. If you’re able to navigate yourself through the website, you can help your child just steer towards where they need to go. This will help ensure that no extra links are being clicked on within the website so there won’t be any risks of malicious attacks.

Password Protection

Assignments being scheduled online and children having to login to specific website, this is a cause for them to have access to passwords. With passwords being such a big secret, children might not understand how important it is to protect data as much as we do. Creating a password can get tricky, but do not make it the same password as all your personal information!

A few tips on password protection:
 Do not use easy-to-guess passwords.
 “Complex passwords” are nice, “Cognitive Passwords” are better.
 Do not use the same password iterations.
 Never use the same password for all of your accounts.
 Do not use the same password at work that you use at home. Keep work and home separate.
 Do not give child password on paper. Could lose it and get into the wrong hands.
 Do not store passwords on documents online!

Make Use Of Parental Controls & Privacy Settings

Parental controls and privacy settings help you keep your child safe from cyberbullying and online predators by allowing you to establish boundaries around which sites your child can access, the amount of information they can share online, and the amount of time they can spend online outside of school. Don’t just configure the settings; explain the importance of them to your children. This is a great opportunity to shift into a larger discussion of online safety.

Make Sure Software & Devices Are Up-To-Date

Having updated software and devices allows important security settings to remain active within your device. Don’t keep pushing it off! That extra added protection will allow your children to have no issues and continue to stay secured.

Beware Of Phishing Scams

Monitoring your children’s school emails are important when it comes to cyber security.  Clicking on suspicious links and replying back to suspicious emails can lead to malicious attacks and causing personal data to be accessed. Talk to your child about the importance of emails and not clicking links they see unless approved by someone.

Avoid all suspicious emails!

Start off the school year right with these important tips to keeping your information safe!

Cyber Security – What Is It and Examples of Cyber Threats

Technology and data is the core of most organizations.
But what is cyber security and have you put the effort into effective cyber security?
We’re here to explain what it is and cyber security practices for effectively defending against hazards in the digital world with the help of Mike at Cybir!

Cybir is a continued core focus on a full suite of in-house cyber security, digital forensic and data recovery expertise, honed for litigation support, eDiscovery and expert witness services.

What Is Cyber Security?

Cyber security (as stated by Merriam-Webster ), is the measures taken to protect a computer or computer system against unauthorized access or attack.
Any organization that uses modern technology must face with the risk of cyber threats. Taking steps to address this risk is crucial for the operational security of businesses. Data breaches and cyber-attacks against businesses have the potential to cause huge financial and reputational damage. It could not only affect the business, but also the employees.

Examples of Cyber Threats

Malware
Malware, shorthand for “malicious software,” is an application that’s intended to cause damage to systems, steal data, gain unauthorized access to networks, or otherwise wreak havoc. This is the most common type of cyber threat. 

There are a number of malicious software variants, including:

  • Viruses – Attaches themselves to clean files, replicate, and spread to other files. They may delete files, force reboots, join machines to a botnet, or enable remote backdoor access to infected systems.
  • Worms – Similar to viruses, but without the need for a host file. Worms infect systems directly and reside in memory, where they self-replicate and spread to other systems on the network.
  • Backdoor – Used by attackers to secure remote access to infected systems, or to obtain unauthorized access to privileged information.
  • Trojans – Disguises themselves as a legitimate application, or simply hide within one. They discretely open backdoors to give attackers easy access to infected systems, often enabling the loading of other malware.

Ransomware
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware attacks often rely on social engineering techniques such as phishing, tricking users into downloading a dropper that retrieves and installs the payload. Once on the system, ransomware finds all files of a specific type locally and across the network, encrypting and often stealing them. The original files, recovery points, and backups are then deleted to prevent users from restoring the system on their own. Ransomware usually changes the file extension and adds a “help” file, explaining how victims can pay to recover their data.

Mike at Cybir also mentions data exfiltration. He states, “Ransomware is evolving where threat actors are also stealing data and saying, ‘ok great your backups worked and you restored, but you are still going to want to pay us if you do not want us to leak your data to the internet or dark web.'”

He states for protection, “For ransomware and malware traditional AV is no longer effective. Traditional AV basically has a definitions file where when it is running a scan it looks at the current file and compares it to its list of known good / bad files and then makes a decision about what happens to it from there. If it does not know anything about the file it likely skips right over it and allows it to pass. EDR/MDR/XDR SentinelOne provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.”

Cybir offers endpoint protection, detection, and response in conjunction to SentinelOne that provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.

Phishing
Phishing is a common attack technique that manipulates people into taking unsafe actions or divulging sensitive information. In typical phishing campaigns, attacks will use different types of communication – email, instant messages, SMS, and websites – to impersonate a trustworthy person or organization that they are familiar with and using that identity to trick users into clicking on malicious links, downloading malware-laden attachments, or disclosing sensitive personal information.

Mike at Cybir states, “This often leads to ransomware or a business email compromise type of attack.”

One way to stay protected from phishing attacks is training and education. Mike at Cybir states, “The keys are constant user training and education as well as a solution like ironscales that is going to profile an email and add banners/details to give the user a heads up.”

There are two types of phishing attacks – phishing which is wide-ranged and spear phishing which is targeting a specific individual/company.

Spear phishing requires a lot of research for the attacker, but these cyber threats are generally tailored to their target based on insider knowledge or information available on the web and/or through social media. They use reputable names within the company to attack someone who they think will fall for it. It requires extra effort to spear phish, but they are more likely to succeed.

PCS offers a variety of phishing training products to help you and your company stay protected and aware of what to look for when it comes to phishing attacks. 

Knowing the different malicious attacks out there, there are ways to monitor and keep protected again malicious attacks.

Cybir offers Security Operations Center As A Service (SOCAAS) with these key features –

For more information about cyber security and ways to stay protected, contact PCS today!