The Lowdown on Good Passwords and How They Work

Best Practices, Cyber Security, Ophtek, Password Security, Security, , ,
25
Jun 2019

We all use passwords on a daily basis, but do we know how they work? And how do you go about creating the best and most secure passwords?

Every day, in our home and business lives, we use an assortment of passwords to gain access to systems that are important to us. Entering passwords is such a regular occurrence that it soon becomes automatic. This regularity means that we pay little attention to the process. But we should. Passwords, after all, are what protect our data. And, in an age of huge data breaches, it needs protecting.

This protection can be enhanced with good passwords. For a good password to provide security, however, you need to understand how a password works.

What is a Password?

Passwords have been used since the dawn of time to gain access to secure areas. In ancient times, a visitor to a king’s palace would have gained access in exchange for a password. Fast forward several hundred years and very little has changed. Accessing a king’s palace may not be a major requirement in your life, but passwords are crucial in the digital age. Using a series of numbers, letters and symbols, a password helps you to gain access to computer networks, databases and social media.

How Does a Password Work?

It’s easy to enter passwords all day long, but understanding the process is another matter. What is it that allows a series of characters to grant you access to shielded content? Let’s take a look.

When you set up a password it’s not stored in the same form as it’s typed. Instead it’s stored as a hash. Using advanced cryptography, a hash takes your password and converts it into a number. These hashes tend to be 128 or 256 digits long depending on the encryption method. Either way they’re more complex than a 10-character password. These hashes are then stored in a file as a reference guide to verify the password entered. If the password matches the corresponding hash then access is approved. Otherwise, access is denied.

What Makes a Good Password?

Now you know how a password works you need to make sure you have a good password. The stronger your password is the less chance there is of a hack taking place. To strengthen your passwords make sure you:

  • Keep it Long: A longer password adds complexity. Hackers tend to target passwords through brute force attacks, so a longer password is more time consuming. Aim for around 15 characters as this isn’t too difficult to remember, but it also provides complexity.
  • Avoid Obvious Passwords: Many IT users go for simple passwords such as PASSWORD. And when that expires they add a number on the end. While these passwords are very easy to remember they’re as easy to guess. These types of passwords will be the first ones that hackers try. More often than not they’ll pay off. And that’s why you need to create a unique password.
  • Don’t Use Personal Information: Another common mistake with passwords is to use personal information such as your name or date of birth. This may feel unique, but it’s information that is researchable. Hackers are cunning and it won’t take them more than a few minutes to get this data. So, make sure that nothing contained within your password can be connected to yourself.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Very Basics of Good IT Security

anti malware, disable employee access, email security, IT Best Practices, Ophtek, Password Security, Safety, Security, Security Threats, two factor, , , , ,
18
Jun 2019

Cyber-crime remains a major threat to any organization that works with IT, but the basics of IT security are often the best way to counter this threat.

It’s difficult to avoid the fact that cyber-attacks are reaching record levels. IT systems are less secure than ever and need protecting. And that’s where your organization needs to take up the baton. Protecting these systems may sound like a monumental task, but it’s a lot easier than you think. Key to success is following the basics of IT security. The simplicity behind these processes is remarkable and can make a significant difference.

It’s crucial that you know what these are, so let’s take a look at the very basics of good IT security

Understanding the Basics

The complexity of IT systems often means they’re difficult to work with. And from this complexity comes flaws in security. The good thing is that IT security doesn’t have to be difficult. The best way you can help protect your IT system is by following these basics:

  • IT Inductions: You should never assume that new employees have a solid understanding of IT security. And that’s why your staff should always have to complete an IT induction. Not only will this familiarize them with the technology you use, but it allows you to run through the basics of cyber threats. This knowledge can make a real difference in strengthening your defenses. 
  • Disable USB Ports: The level of damage that USB devices can cause is shocking and unbelievable. Your employees are unlikely to be aware of this threat. To them, a USB port is simply a handy device for charging their mobile device. The truth is much different. This threat can be extinguished by disabling the USB ports. This can be achieved by adjusting the USB settings for your employees. 
  • Use Antivirus Software: It may feel like a simplistic step in IT security but antivirus software remains essential. Good antivirus software can recognize malware within milliseconds and flag it. A manual scan will never be able to match this. And your employees wouldn’t know what they were looking for. The vast databases in use and the speed in which they operate ensures that antivirus software is a must have in business. 
  • Assign Privileges Accordingly: Different employees will need different network privileges. These variations arise from the different tasks they perform within your IT system. Certain departments, for example, will need access to one drive whilst another department will not. Understanding these differences is critical. Once the necessary privileges have been identified then you can minimize the risk of cyber-attacks spreading through the entire system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Should You Do When Your Network is Hacked?

Hackers, Hacking, malware, Ophtek, Password Security, PC Security, Security, , , ,
28
May 2019

A hacked network is a disaster for any organization, so keeping things secure is vital. However, sometimes things go wrong and you need to know what to do.

Your IT operations are supported by your IT network, so, if it gets hacked, there’s every chance that all those PCs you have lined up in your offices will be unable to operate. Naturally, this means that productivity will drop off almost immediately and affect not just you, but also your customers. With good IT practices in place, you significantly reduce the risk of this happening. Mistakes, be they caused by hardware or human error, are inevitable, though, and it’s rare that a business can claim to have defenses which are 100% secure.

Therefore, it’s important that you know what to do when your network is hacked. Rather than have you learn the hard way, through experience, we’re going to save you some of the pain with a quick guide on how to cope.

Steps to Take When You’re Hacked

Most importantly, you need to take the following steps when you discover your network has been hacked:

  • Put Everything On Lock Down: The stealthy nature of hackers means that it’s difficult and time consuming to determine exactly how much of your network the hackers have breached. So, in order to preserve as much as your network as possible, you have to assume the worst: they’ve gained access to everything. And that’s why you need to lock down and change passwords on everything be it folders on a shared drive or your social media accounts. This is the only way to minimize damage. 
  • Learn from the Experience: As we’ve stated, it’s likely that your network will, at some point, experience a security disaster. However, while in the short term this may feel like nothing but non-stop chaos, there’s an important set of learning to be absorbed for the long term. Mistakes are what allow us to evolve and make better decisions in the future, so make sure you take the opportunity to analyze exactly what went wrong and the steps you can take to prevent it happening again. 

Final Thoughts

A hacked network represents every IT professional’s worst nightmare, but it’s important that you understand the best steps to take in this situation. Not only does it prevent network hacks from escalating into more devastating hacks, but there’s also the chance to learn and strengthen for the next time hacker aims an attack at your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Biggest Cloud Security Mistakes You Can Make

Cloud, Cloud Backup, Ophtek, Password Security, Security, , , , ,
19
Feb 2019

Cloud storage and infrastructure is the way forwards for organizations due to the massive range of benefits it offers, but how secure is your cloud?

Security is the single most important factor when it comes to an organization’s IT operations, so it’s essential that it’s treated with the utmost attention. However, cloud networks are a relatively new platform and, as a result, the level of security knowledge behind these platforms is lacking compared to more traditional networks. Hackers, of course, are keen to this fact and invest substantial time and effort in uncovering security vulnerabilities that they can exploit. Combating this threat, therefore, is paramount to your organization’s security.

As I’ve already stated, cloud networks are a new phenomenon and the wider community generally isn’t as clued up on them as they perhaps should be. And this leads to common mistakes that can cost dearly. However, by taking a look at the biggest cloud security mistakes you can make, you can hopefully avoid them.

Multi-factor Authentication is Vital

Administrative accounts on cloud networks have significantly more privileges than your standard employee’s privileges. Mostly, this is down to the amount of IT knowledge required to carry out these system admin tasks. A non-IT employee simply doesn’t need these privileges. Accordingly, an administrative account is much more attractive to a hacker, so security needs to be tightened. Any cloud platform that understands security risks should have an option for multi-factor authentication, so make sure this is rigorously enforced for all administrative accounts.

Limit the Use of your Admin Account

The root account is the first account you create when you sign up with a cloud provider. It’s a highly privileged account as it contains access to every aspect of your cloud network. If this account is compromised then your entire cloud network is at the mercy of hackers. And this is why you need to limit usage on this account to only the most necessary tasks e.g. do not use the root account for general day to day tasks that put you more at risk of being infected by malware etc.

Check the Encryption Methods

Security moves at a rapid pace and the level of encryption that is now available on cloud networks such as TLS-based encryption is fantastic. Unfortunately, there are also plenty of cloud networks that still operate with less security encryption methods such as the SSL protocol. To minimize the risk of your cloud account becoming compromised, you need to investigate the encryption method used on your network. If it’s even slightly outdated, then it’s time to upgrade.

Restrict the Availability of Sensitive Information

The beauty of cloud storage is that it can be accessed from anywhere, so this opens up your data to a much larger audience if you grant them access to it. While this allows you to collaborate with other organizations and remote employees much more easily than ever before, it also puts your data at risk. Your organization needs to bear this in mind and access controls need to be thoroughly thought through to prevent sensitive data being accessed outside of your organization. Ensure that your employees are aware of the open nature of cloud networks when saving data to such public drives.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Do You Reduce the Risk of Phishing Attacks?

email links, Password Security, Phishing, Phishing Email, Security, Security Threats, , ,
16
Oct 2018

Thanks to the power of social engineering, phishing remains a powerful method of hacking organizations. Reducing this risk, therefore, is crucial.

Phishing has been active since the early days of the internet and, unfortunately, it doesn’t appear to be going anywhere soon. Thankfully, you don’t have to fall victim to these deceptive attacks as there is plenty that any organization can do to protect its data. And, don’t worry, it doesn’t involve investing millions in state of the art technology. All it takes is a little bit of common sense and an understanding of how phishing attacks work.

To get you started we’re going to show you how to reduce the risk of phishing attacks.

Antivirus Software is Key

One of the best ways to reduce phishing emails is by working with antivirus software. Capable of scanning attachments and analyzing links contained within emails, a good antivirus software can easily target the two main ways that phishing attacks unleash their payload. However, as with all software, it’s important that you update it regularly and install updates immediately. Phishing attacks can spread round the world very quickly, so you need to stay one step ahead of them.

Keep Up to Date with Phishing Attacks

Hackers are constantly developing their techniques and tweaking their methods, so it’s vital that you keep an eye on what’s happening in the world of phishing. New attack methods can be launched very quickly and be in your inbox within a day, so make sure that you’re regularly monitoring IT news sources to prepare yourself for any incoming threats.

Educate Your Employees

The main targets of any phishing attack against your organization will be your employees, so they have to be educated in order to prevent any data breaches. The basics of phishing are relatively simple, so the training doesn’t need to be too in-depth. All you have to do is ensure that these basics are hammered home so that employees know how to spot a phishing email and how to deal with it.

Practice Phishing Attacks

A popular method for reducing the risk of phishing attacks is by running regular exercises to test your employees. For example, fake phishing emails can be randomly emailed to your employees that test whether they are susceptible to phishing scams or not. Usually, these emails will contain a fake link that urges them to complete something on behalf of the company – such as IT training – but the actual URL contained will be a ‘malicious’ one. Those employees that fail to spot the ‘malicious’ link can then be asked to take a refresher training course.

Combine All Your Preventative Methods

The key to reducing the risk of phishing attacks is by combining all of the above into one multi-faceted security approach. An amazing antivirus software solution, for example, isn’t effective enough on its own. Instead, you need a firm knowledge of the phishing landscape, amazing employee training and regular tests to guarantee that you can tackle phishing on all fronts.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 5 6