We’ve all heard horror stories of a business or a person losing priceless account access or data. It may have been your mom losing access to her Facebook account or a local manufacturing company having to pay to get their data back from hacker. You may have even experienced it firsthand. Whether you are trying to secure your business infrastructure or your personal accounts here are 6 simple, low cost, and possibly free solutions you should to do TODAY to protect yourself from the most dominant security concerns.
- TURN ON MFA (Multi-factor Authentication) – Surely you’ve been warned to reset your password, pick a complex password, and to not use the same password for multiple accounts. All these solutions help mitigate risk, but only using a password is one of the least secure ways to protect an account as they are easily guessed and it only takes one bad click or one fake website for your password to become compromised. It is less likely, however, for a hacker to steal something you have on you such as your cell phone. MFA helps secure your account by using an additional piece of evidence in combination with your password to confirm your identification via a phone call or text message. Banks, email services, and social media platforms have MFA available. While most services have this feature turned on by default, others require you to enable it. Search online for instructions on how to use MFA for you accounts and, if you’re tech savvy, you might even be able to help your grandma set up MFA on her Facebook over the Holidays!
- VERIFY YOUR BACKUPS – If your account or laptop becomes compromised, there is a good chance you may not be able to restore it and it will require a full wipe. Ransomware, for example, is an increasingly common virus that will encrypt your data so it is no longer accessible. A hacker will send you a ransom email requiring you to pay hundreds or thousands of dollars before they will decrypt your data. If you prefer to not do business with criminals, make sure you have good backups in place and confirm that you can restore from that location. Programs such as Microsoft OneDrive or Dropbox make for inexpensive solutions to get data off your laptop and into the cloud. These products work great for both personal and business solutions. Products such as Backblaze or Carbonite or a bit more expensive but do a full backup of your laptop to ensure all data is backed
- USE A PASSWORD MANAGEMENT SOFTWARE – I’ve had several people call me over the past year looking for a solution to recover their social media and email accounts. I’ve got bad news – once your email and social media accounts have been compromised there is no recovering them. Most often, this happens when a person uses the same password for multiple accounts. Once one of your accounts become compromised a hacker will systematically try other popular sites using your email and password to take over all your accounts. Then they’ll reset your password and reset your email account used for recovery. This allows hackers to start posting pictures on your social media and commenting on your friends’ walls. Platforms such as Facebook and Instagram do not restore accounts – they only delete them. That’s why it’s criticallly important to use different passwords on each account. Programs such as 1Password or LastPass use secure vaults to store your passwords. Their phone apps and browser extensions make it easy to manage all these passwords and quickly fill them into login pages.
- REVIEW YOUR AUTHENTICATED USERS – On the business side of IT security, dormant usernames can come back to haunt you later. Most companies are good at catching main accounts such as Microsoft Active directory or Salesforce CRM, but many businesses miss odd accounts such as cell phone carriers and retail websites like Amazon. It is not your former employees that are the concern. User data from these websites are being hacked every day and when the bad guy gets your Verizon or Amazon account, they can start purchasing phones and other goods. This task takes a lot of discipline, but removal checklists or calendar reminders that include even these odd accounts can be a helpful trigger. Reviewing these accounts every 6-12 months could save you a lot of pain in the future.
- BE VIGILANT – My email address firstname.lastname@example.org. Or is it email@example.com? At a quick glance you may not have noticed the extra ‘n’ in envizionit.com in the first email address. This is a simple hack for a criminal to complete. Anyone can buy the domain ennvizionit.com, copy my signature line and send emails to any of my co-workers. They will ask my co-workers for credit card numbers, bank wires or personal information about other employees such as social security numbers. We’ve had clients who have had employees email back and forth with someone posing as their CFO asking for money. When employees and business owners aren’t vigilant, we’ve even seen companies wire money to criminals posing as leaders in their organizations. It is critical for finance and HR to put proper checks and balances in place to make sure money or personal information is not handed over to the bad guys. Require a phone call or face-to-face interaction before money or personal data is transferred.
- TALK ABOUT SECURITY – Criminals, just like computer viruses, continue to evolve and find new ways to con businesses and people. That’s why it’s essential that you and your organizations continue to learn and educate yourselves in these new techniques. The best way to do this is through talking about how to protect yourselves with other businesses and IT industry experts. Envizion IT helps our clients in a variety of industries sleep better at night knowing their data and systems are secure. Envizion can guide and support your business through enabling MFA, securing your backups, managing passwords, reviewing dormant user accounts, and identifying scam or hacking attempts.
Security isn’t something you want to put off, so contact us today for an expert’s perspective on the status of your IT security.