Category: Network & IT Support

The Importance of Password Security

The Importance of Password Security

Passwords are everywhere.  From your Windows login to your banking software, to the online store where you purchase your “can’t put down” books from; everyone wants you to log in with your special login.

But how “special” is your login?

It’s simple.  We are busy people with lots to do; so to remember long, secure passwords may not be high on our priority list.  And if we have to have a different one for every site or device that requires one, then we are really in trouble.  After all, we aren’t just speaking of websites, but phone apps, computer logins, email accounts, and well…you understand.  The list can be endless.

So how can we make things easier for ourselves and harder for the criminals? Let’s break it down into 5 easy steps.

First, Don’t Share Your Login.

As simple as it sounds, it’s a very common problem. It could be a matter of you giving your login to a best friend, or it could also be a case of 8 employees all logging into a network using the same username and password. Either way, you’re setting yourself up for disaster.

Next, Make Your Password Secure

Believe it or not, password is still one of the most commonly used passwords. It actually was the second most common password for 2014, preceded only by 123456 that came in at #1. Others include 12345, qwerty, and letmein. For a complete list, visit gizmodo.com.

Best password practice would recommend that your passwords are 8-12 characters long and include alpha, numeric and special characters. Using both upper and lowercase is also good practice. A perfect example might be: h*3Dxy8vM.

Worried about remembering your password? There are multiple sources available for password keepers. Just always look for one that is secure and from a reputable publisher.

Our Next Recommendation is Locking Your Desktop

This may be the easiest of them all. If you’re walking away from your desk, “Just Lock It”.

In the “good ole days” when security wasn’t an issue, we would leave our desktops unlocked and leave. When we returned, we would have strange replies to emails that were sent from our account. We always knew who the usual suspects were and it was all in fun & humor, but now, leaving your computer available for anyone’s access is just not safe. Information is more critical than ever and customer data is everywhere. It’s our job to protect both our company and our customers.

Let’s Not Use the Same Password for Every Account

If someone steals your only username & password, they could access everything you own. Many of us are guilty of using one login for everything. When you add that to the simplicity of our passwords, we have just done a major portion of the legwork for the criminals. Use different credentials for different sites.

Finally, Don’t Use Your Username as Your Password

Again, this is done as a time-saver and for ease, but you are only making it easy for the password stealers. Your password should be unique, only used as a password and nothing else, and only by you.

Unfortunately, we are in a time where malware and viruses are accessible everywhere as little bots do nothing but infect networks and break passwords all day. And the sad truth is that, for some, creating these infections is a full-time job.

If you are concern about your network or how to determine where your network stands on security, contact a local IT provider, such as CMS IP Technologies in Beaumont and set up an appointment for a no-obligation network evaluation.

The Value of Managed IT Services

The Value of Managed IT Services

So, What is “Managed IT Services”?

We like to call it…your virtual IT department.  Imagine staffing an entire company just to be your IT support, but not having to worry about training, employees calling in sick, or any other issues with an in-house staff.  Managed IT services means that you have access to an entire technology company when you need it, staff who is watching and proactively protecting your business data and network.

Here’s How Your Business Can Benefit from Managed Services.

Remote Support – Most managed services providers will offer some type of remote support. Here’s your scenario….

It’s the end of the month and Sally comes to work to get payroll done. She turns on her computer first thing in the morning, opens an email attachment from a “customer”, and sees an alarming pop-up on her screen, warning her that her PC has been infected and to immediately click below to fix her computer.

Instead of clicking, Sally places a quick call to her IT support help desk so that her managed services support can gain remote access to her PC and verify that the popup is indeed part of the virus.  Being trained and familiar with this type of malware, they then properly remove any traces of the malware without the PC getting completely infected and Sally is able to go back to work.

If caught quickly before anything else was loaded into the PC, this call may have only taken 15-30 minutes of her time. Now, there are instances where things are worse and it does take longer, but Sally’s issue was resolved without having to schedule an engineer to come out on-site, saving both money and time. After all, productivity in a business is what really matters.

Scheduling Priority – So what if Sally’s PC was already infected beforehand. This may prevent IT staff from gaining remote access to her PC, because unfortunately, that is what malware does. Your IT company may offer their managed services customers a scheduling priority. Basically, your emergencies take priority over other minor IT calls from customers who may not subscribe to managed services.

Proactive Network Management – aka…”Stopping threats before they happen.”

Monitoring software can help manage your network, notifying staff when your server is no longer connected to the internet or your business network.  They can also receive status updates on possible hardware failures, keeping your network running and preventing problems before they happen.

Let’s not forget to include email services that not only block SPAM, but blocks malicious programs that may try to enter your network through a email link or fake attachment.  What if Sally’s virus-infected fake email was blocked before entering her email client?  She would have never seen the threat.

Management of your network security through your firewalls, routers, and even your antivirus software can prevent threats from ever entering the playing field as well.

Other benefits of managed services can include:

  • Disaster recovery planning & data backup management
  • 3rd Party vendor management & assistance
  • Software updates and Microsoft patch management
  • and more depending upon your IT company’s profile

How many people would you have to staff to take care of everything mentioned above?  

Don’t forget, along with salaries, there’s employee benefits to include. And the larger your company network is, the larger your IT staff would need to be to properly secure it.  So just maybe using a Managed IT services provider is what your business needs. And if you’re not sure, find a local IT company like CMS IP Technologies that is willing to do a free evaluation of your network.

Why Employing Strong Firewall Policies is Critical

So, you think your network is safe? I think a large store chain felt the same way until their network was compromised along with thousands of their customer’s credit card information. The truth is you can never be too safe when it comes to protecting one of the most valuable assets your company owns – its data!

Has your server or PC ever been compromised? If you answered no, how do you know? Has your home PC ever had a virus? Yea….how long do you think that virus was on there before you actually realized it?  Maybe someone snuck in, decided there was nothing important in there and then snuck out without you even knowing. Or perhaps they managed to get their hands on your Quicken file and you don’t even know it yet – but you will at some point.

There are many other examples of network and data compromise but you get the point. It’s critical to do all you can to keep the bad stuff away from your network. We had a situation once that our server was painfully slow and we simply did not see any bread crumbs to nail down the problem. We would reboot it and it would stabilize for a day or so then go right back to super slow mode. We finally found the culprit. Someone overseas (from what we could tell) compromised our server and loaded it up with foreign movie trailers and they were streaming them from our server.

Protection with Border Control

We use the term Border Control to characterize the role of a firewall. It’s important to follow best practices with configuration and even down to the type of appliance that you purchase. Sorry, but a $65 Netgear will not do the trick. You need a robust device that offers more than NAT routing and port forwarding. Protecting your network is a multilevel approach and Border Control is just part of it, so keep that in mind. But today we are focusing on the border…your firewall.

Below are some best practices to consider for controlling your border.A quality device from a reputable manufacturer is the best place to start. A business class router from Cisco, Meraki or SonicWall is what we recommend. They offer various models that will fit just about any small business budget as well as large corporations with huge budgets. Throughput, speed, number of users etc. all come into play and need to be considered when determining the proper firewall for your network. A quality sales rep from a reputable company should be your trusted advisor and can help you make that determination.

Options such as security services are very important features of quality firewalls. These security services include Antivirus, Content filtering, intrusion detection / prevention and more.  Remember my note about border control being part of a multilevel solution? Antivirus at the firewall is the first line of defense for viruses entering the work place. This does not replace AV on the desktop! AV at the border will help to mitigate virus and malware issues.

Content filtering is a very important component to protect your network from improper web habits of your employees. It also adds that peace of mind that you’re going to a safe site even though it looks like a legitimate business class website. This at times can be an unpopular policy among employees but unfortunately it is something that needs strong consideration.

We recommend putting a statement in your handbook that outlines company policies and expectations of use for company technology. Ask your employees if they would mind paying the hourly rate of the tech that has to clean their PC or the network from viruses at $100 plus per hour. That may open their eyes.

Finally, intrusion detection and prevention is something that should be considered. The preferred method is to use a service that does 24 hour monitoring for the absolute best protection. However that can be pricey. If that is not an option, the ID/PS on the firewall is an important component. It blocks and filters opportunistic bots and hackers and keeps them from entering your network. It’s important to monitor this and the reports to know who’s trying to get in.

So there you have it. This should give you some things to consider when protecting your network. Nothing can guarantee that you will not be compromised but we certainly don’t want to make it easy. The easy ones are the ones that the bad people are looking for!

The 2015 Annual List of the Worst Passwords

The 2015 Annual List of the Worst Passwords

Sorry Star Wars Fans, But You Just May Need to Change your Password.

It’s that time of the year again. SplashData releases its 5th annual report of the most commonly used passwords in order to highlight the insecure password habits of Internet users.

The purpose of this list is to encourage users to become more conscience of Internet security and the threat of stolen passwords. Using weak passwords puts the user at risk for hacking and identity theft.

Here are the top 25 worst passwords that made it onto the annual list:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

Numerical sequences have taken several spots on the 2015 list, along with keys that are in order on the keyboard, such as qwerty & 1qaz2wsx. Of course, pop references are always a hit and this year was about Star Wars, but even The Force can’t protect you from malware.

Longer keywords did appear, but using a longer password does not add security if the password is simple or has a detectable pattern.

The thing we want you to remember is that the list above was compiled from passwords that were compromised and leaked this past year, so they have already proven to be “hackable”.  If you would care for a downloadable PDF document with the passwords and security tips from SplashData, you can safely download it from CMS.

Cloud Applications VS Installed Software

Cloud Applications VS Installed Software

In the past when a person needed new software such as Microsoft Office, they would simply travel to their nearest retailer and purchase a brightly-colored box with a CD and a license key inside. The next transition from this became visiting a website, purchasing online, and downloading a file directly from the website.

And now it seems that we have hit the next phase. Applications now are going a step further by not requiring a download or installation at all, but by logging into the application via the internet. Welcome to the Cloud!

So what are “Cloud-based Applications” & How Does it Work?

We often see the term SaaS. SaaS is a term for Software as a Service; meaning that instead of buying software in disk form, you are paying for a service that is provided to you. You are no longer getting a CD and installing it on your computer, but accessing it by visiting a website and logging in.

So are Cloud-based Applications Really Better than Installed Versions?

There are certainly advantages to moving to the cloud. Small businesses should really look at their goals and potential growth and evaluate their current network situation. Contacting a local IT company to help with this evaluation would also be beneficial.

Some of the benefits of cloud-based applications include:

  • Less maintenance required
  • Reduction of start-up costs
  • Regular updates and patches, performed by the vendor
  • Reliable backups controlled by the vendor
  • Ability to access your data from multiple locations and devices
  • Flexibility; typically a per user fee.  Only pay for the users you have accessing it.

Questions to Consider:

As with any network changes, there are questions you should consider before making a switch in platforms. Again, it is always wise to involve your IT department or company to help with an evaluation beforehand.

System requirements; even cloud-based applications may have onsite needs. If so, what are they?

Network compliancy; is your environment compliant with current, up-to-date devices? This can be your PCs, the browsers that you use, and most importantly, your internet connection.

HIPAA compliancy; Do you require HIPAA compliancy and does the cloud provider you’re considering offer it?

For the most part, changing from an installed version to a cloud-based version should be a relatively smooth transition, especially if it is still with the same solutions provider or vendor. And as we are now seeing, it is becoming the current trend with most providers to move in this direction, forcing our hand so to speak.

The biggest point to make here is that if we don’t stay current with our technology, we only open ourselves to potential security threats or “old tech” that just keeps breaking. Staying current with your IT will help eliminate your downtime.