Category Archives: Cybersecurity

Ways to secure IoT devices in your workplace

Cybersecurity, IoT, ,

The volume of IoT devices is booming, Statista forecasts that there will be almost 31 billion devices connected to the internet by 2020. So what is IoT and why does it matter? In the workplace, connected devices are becoming critical to various industries including healthcare, manufacturing, agriculture, and energy.

Connected devices rank very poor in regard to security. Lack of available updates, encryption, and negligence, creates vulnerability in a business network due to IoT devices.  “Unknown unknowns,” are devices that IT security teams aren’t even aware of that could potentially lead to network exposer.

So what steps can an IT department take to lessen IoT vulnerabilities?

You don’t have to connect everything

Odds are your workplace has multiple devices that have the availability to be connected. When it comes to the latest kitchen appliances (fridges, watercoolers, etc.), not everything needs to be connected. In fact, a majority of these types of devices don’t have standard update protocols. Leaving most connectable appliances vulnerable to attack.

Developing a companywide standard for wearables and other IoT devices may help business network security. Employees with personal IoT devices should be wary about what they are connecting to and must adhere to set security standards. In an ideal scenario, employees wouldn’t connect personal devices to the business network, however this is sometimes impossible.

Separate networks are key

Thankfully most WiFi access solutions have what is called a guest network. It is important to keep this network separate from your business network that which includes shared data files and workplace computers. A guest network could be used as a barrier to entry from unauthorized users and breaches from unmonitored IoT devices.

In an ideal environment, IT security teams would create an entire network for IoT devices alone. Separating IoT devices that have questionable security will prevent access of your data and devices that are connected to the business network.

Monitor devices and assess your network

Workplaces need to ensure they are tracking everything that connects to their network and monitor traffic flow. Every device that enters or will enter the network must be assessed to determine the level of access it should have. An example is an employee’s wearable, ideally it would not be connected, but if it is, the access level is minimal.

All devices that enter the network must be monitored to ensure they are fully patched and up to date when updates are available. Any unknowns should flag an alert to the IT security team. Security teams should take the time to actively look for unknown devices on their network. IoT devices are only increasing, it is crucial for businesses to secure their networks from unmonitored devices and vulnerable IoT devices.

To learn more about creating a secure business network, contact CompuOne.

Revamp Your Business Password Management

Cybersecurity, ,

Let’s be honest, we use passwords for everything. From computer logins to retail sites, the use of passwords is so frequent it could potentially put professionals and consumers at risk. According to TechRepublic, 19% of business professionals use poor quality passwords or shared passwords, which could make accounts easily compromised.

It is in every organizations best interest to develop a password management plan to increase security and reduce the risk of data theft. Easy passwords simply won’t do any more. The following tips should be considered for business level password management:

Frequent password changes

Organizations must impose rules on frequent password changes. Password changes should be as frequent as 30 to 180 days; passwords should also never be repeated. Best practice is to ensure passwords have letters, numbers, and special characters.

Depending on the industry, this may already be a requirement under regulation. However, for smaller businesses, this could be a potential life-saver from security breaches. On a user level, frequent password changes may prevent unwanted access to personal information such as social media pages, bank accounts, etc.

Two factor authentication

Two factor authentication is used to confirm the end-user’s identity with a two-factor process. The first step in the process is the actual password, remember all decent passwords must have letters, numbers, and special characters. The second factor is something that the users will only know the answer to; such as a specific pin, answer to a question, or an association of an image.

Why should your business use two factor authentication? Simply because depending on your industry your password may not be enough. Passwords alone can be breakable by social engineering or brute force attacks, no matter how strong your password is. Implementing a two factor authentication can give an employer ease, knowing that employees or consumers have that added password protection.

How to store passwords

As mentioned previously, one user can have too many passwords to remember. There are many password management software’s out there, so many that it’s hard to determine what is considered the safest most reliable option. If choosing to go this route, remember that security mistakes can happen and be wary about what passwords you are storing.

Our recommendation to store passwords is to write them down with pen and paper.  Place your written password sheet in an area where you will remember it for safe storage. While this may sound tedious and paper theft is a concern, consider the fact that cyber crime is only increasing and a sheet of paper cannot be hacked.

For more information, contact us.

Is Your Email Secure?

Cybersecurity,

In this day and age, one of the most commonly used forms of communication is email.  We use it at home, on our mobile devices, and in our workplace. This leads us to the question, what are workplaces doing to keep their email system secure from attacks? According to PhishMe, 91 percent of cyber-attacks start with an email. Email-based attacks come in various ways:

  • Phishing: Attempt to obtain personal information such as passwords and credit card details.
  • Spear Phishing: Personal and highly customized phishing attacks. This is a type of phishing that usually will come from a trusted source and seem legitimate. Spear phishing is highly personalized, attackers usually have done research on the victim.
  • Malware: Malicious software in the form of attachments, links, and drive-by downloads. Malware is usually delivered by spam emails. Spam emails can appear to be sent by legitimate sources, which then increases the chance of download.

Email security solutions

Undoubtedly, organizations must provide protection for their employee’s email communication. Determining the best solution for email security varies from business to business, you should carefully consider what will protect your email communications from attacks.

  1. Endpoint Security: Endpoint security is the process of securing various endpoints in a network, mostly end-user devices such as smartphones, desktops, laptops and tablets. Endpoint security systems can either be a software application or hardware that allows the system admin to manage and discover any devices trying to connect to the network. This will prevent from malware downloaded on the network, but will not prevent from phishing.
  2. Anti-Spam: Anti-spam is software, hardware, or even a process that combats spam by filtration. It is key to realize that not one anti-spam method is perfect, end users should be encouraged to be careful about providing corporate email address information. Anti-spamware can be installed to strengthen the security level of your businesses email provider by conducting screening prior to delivery.
  3. Secure Email Gateways: Secure email gateways come in many forms: public cloud-based, hybrid cloud based, hardware, virtual appliance, and email server based. Secure email gateways monitor emails being sent to a company and prevent unwanted content from being delivered. Secure email gateways prevent from malware, phishing, and spear phishing.
  4. Email Security Training: Human error is considered the biggest risk in email security. End users can click on malicious links, fail to keep their security solutions up to date, and divulge confidential information about the company. Training employees on cybersecurity and email best practices is crucial in preventing unwanted content and unauthorized users.

Email security takeaway

Email security approaches differ from organization to organization, not one single approach will work for all businesses. Every business has risks, issues, budget restrictions, and current security solutions to consider. With that said, a strong well-implemented system should have multiple solutions to cover every end of the organizations network. Businesses should also set up a reporting system, where employees are able to report all suspicious emails in a convenient way.

No email security system is completely secure, but implementing the right solutions can maximize efficiency and minimize risk.

 

Learn more on email security by contacting us. 

Is Private Browsing Considered Secure?

Cybersecurity, ,

The Definition of Private Browsing

Private browsing otherwise known as “Privacy mode” or “Incognito” is a feature in most web browsers that disables web cache and browsing history. This allows users to browse the playground of the internet without being able to retrieve their local data at a later point in time. It also means that browsers are not storing data in cookies.

When is Going “Incognito” Useful?

Private browsing is handy for a number of reasons. Usually, authorized users are taking advantage of it to prevent people who have access to their machine from viewing their search history. Here are some ways to utilize private browsing:

  • Blocking sites that you visit from collecting your personal information. Notice that Amazon will show you products based on your search history? Private browsing prevents sites from gathering data based on your searches and cookie information. Sites like Amazon won’t show products based on past purchases. Google will not autofill a search with something you’ve searched for previously.
  • Getting the best price from an online purchase. Browsing on incognito can prevent from online retailers varying prices based on browsing history and location. Booking accommodations such as hotels and airfare are notorious for varying prices, going incognito may help prevent hiked prices based on search history.
  • Logging into multiple accounts on the same site. If you have more than one account for the same site, private browsing allows you to log into multiple accounts at once. This can be especially handy if you have two emails on one site – you would be able to pull them up side by side.
  • Bypass article limits. News and sites filled with articles may have free to read content to a certain extent. Once you reach their free article limit some sites will prompt you to either purchase the article you are reading or a subscription to their site content. Private browsing can bypass this if they are using cookies to remember when you have visited that site before.

Private Browsing Misconceptions

While people who have access to a user’s machine are unable to view search history when browsing privately, there is a common misconception that private browsing will prevent anyone from seeing search activity. Here is some information to take into account when proceeding to search incognito:

  • Private browsing is not a firewall. Whether or not you are choosing to browse publicly or privately, private browsing does not prevent from malware or other attacks such as spyware and key logging.
  • Private browsing doesn’t protect your data on public networks. Private browsing doesn’t stop an unauthorized user from stealing your data on public WiFi. Public WiFi may not be encrypted, or the user may willingly connect to a fake access point, allowing cybercriminals to gain access to the machine without their knowledge.

Some Tips On How to Browse Securely

Private browsing can help in terms of browsing history and preventing certain sites from viewing personal information about you. It can also be utilized if you are concerned about unauthorized users taking advantage of your machine to gain access to your history and online accounts. However, private browsing does not protect your data from cyber theft or other kinds of unwanted snooping.

  • Keep your OS and Firewall Updated: Attackers are more likely to target machines that are outdated, it is critical you keep your operating system up to date as developers are usually patching to cover up vulnerability. If you only have your machines built-in firewall, consider investing in a decent anti-virus program, but don’t forget to update!
  • Practice Safe Browsing Habits: Don’t download anything from a website you are not 100% sure of. A quick tip for downloading something off the internet is to hover your mouse over the download, a link will show up in your browser footer telling you exactly what the file name is.
  • Avoid public WiFi all together: If you choose to use it, then refrain from doing anything involving your personal information and sensitive data, including  accessing your email account.
  • Always Use HTTPS: The “S” stands for secure, the website is using SSL encryption. Using SSL technology ensures all data transmitted on that web server and browser remains encrypted. Check for the padlock icon or “https:” to verify that the site you are viewing is secure.
  • If Available, Use A VPN: VPN stands for “Virtual Private Network,” which is essentially a private solution within a public network. It creates a tunnel to browse in privacy online, which is helpful in preventing attackers from accessing your personal information.

Don’t Confuse Private Browsing with Browsing Securely

The key take away is to remember that private browsing SHOULD NOT be used a safeguard against cyber criminals. While is does prevent sites from seeing your history & cookies, it should not be used a preventive measure against hacking.

Cyber thieves can just as easily steal data while you are browsing privately. They can gain access to your machine in various ways to get ahold of your personal information.  Personal information can include: account names & passwords, information regarding finances & credit card information. It is important to differentiate between using a private browser and browsing securely.

For more information about VPN and safe browsing habits, please feel free to contact CompuOne at 858-404-7000 or send us an email at info@compuone.com.

Prevent Brute Force attacks by having a strong password or passphrase | IT Services San Diego

Cybersecurity, IT Service Provider, IT Services, Outsource IT, Professional Services, Quick Tip, Tips, Workshop, , , , , , , ,

How you can prevent brute force attacks or dictionary attacks simply by using a strong password or passphrase.