Home » Blog » password

Tag: password

Fire Employee

3 Essential Steps Before You Fire an Employee

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it’s a responsibility every business owner must face at some point. While your accounts team will no doubt be on top of stopping their paychecks, it’s important to take the same proactive stance to strip their system access.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage hand-over to their replacement so your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion. While you’ll have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented the entire business on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed. A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps.

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee is fired, if at all. Unfortunately, this is the one type of delay your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially as they leave to start their own business or work for a competitor. It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change passwords fast – even before your employee knows they’re fired. This lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text. Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they’re fired, you can use the dashboard to see who is having access to what and add/revoke at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

We can help you set up password management and lock down your network. Call us at 570-779-4018!

mac malware

Apple devices and Macs get malware!!

I don’t like picking on Macs… Oh, wait. That is a lie. I do like picking on Macs because I am tired of hearing “Apple’s don’t get viruses or malware.” This absolutely not true!

There hasn’t been a serious ransomware outbreak on Mac but that doesn’t mean isn’t coming. There are a few ransomware programs in the wild and there has been increased activity in the mac security sector just like there has been in the PC world. Other malware and scam software are out there and on the rise.  “Our tracking of Mac malware has seen a more than 220 percent increase in malware so far in 2017 over 2016,” said Malwarebytes. The main reason that Mac desktops and laptops seem to not be affected is that they only are about 7% of computer users. They are a much small target so there are less malicious programs out there. That doesn’t mean they don’t exist. They will still steal your data if they can. WIth RaaS (Ransomware as a Service) and cross-platform malware, it is becoming easier for the bad guys to target whatever they want. They don’t even have to be proficient at programming anymore. And with an attitude like “we don’t get malware,” you might be easy pickings.

Beyond that, you are also just as likely to lose your online data as a PC user! Just because you are browsing the internet from your Mac doesn’t mean things like the Yahoo and Equifax data breaches will not affect you. You still need to be vigilant in the cloud and protect your personal information.

Protect you and your Mac

  • Backup your data – Onsite, Offsite and Cloud
  • Keep your software and OS up to date
  • Don’t use unapproved software
  • Use an extra anti-malware solution
  • Be wary of unknown websites and unsolicited email
  • Use strong password and 2fa (Two-factor authentication) wherever you can
  • Use a standard account over an admin account for everyday use
  • If you have a laptop, consider full disk encryption

We offer backup, monitoring, and antimalware solutions if you use Apple products in your business. Let us know how we can help!

4 Simple Tips to Keep Your Internet Banking Safe

Online banking has boomed in the past few years to become the new norm. Branches are out and apps are in. Half the time when you visit a branch, you’re steered towards a computer for a DIY transaction – with optional assistance. But is internet banking really safe? You’re always told to keep your financial details private, but now also to jump on board the online banking train – talk about a push/pull scenario! The good news is you CAN bank safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim there’s a problem and ask you to click through to your bank and correct it ASAP. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info. You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark.

Avoid public computers and networks

Jumping onto a PC at the library or mall might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers to record usernames, passwords and other private data, then sit back as all future user details are emailed to them. The same problem applies with free, unsecured Wi-Fi. You’re better off using an ATM or a data-enabled smartphone.

Use a strong password with 2- factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like kids names, pet names, birthdates, etc and really think outside the box. And of course, never write it down anywhere near your wallet, phone or computer. If remembering is likely to be an issue, you might like to consider a secure password manager app. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (or a special LCD device they provide) to verify any activity.

Check page security before entering data

Finally, take a micro-second to spot the small padlock icon before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with httpS:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

Everything You Need to Know About Facebook Privacy

Finding the balance between Facebook privacy and Facebook fun can be challenging. It’s a double-edged sword that allows us to connect with friends no matter where they live, but it also publicly shares information that just a few years ago, weíd never dream of putting online. You can search for people based on where they went to school, town they live in, clubs they belong to, who theyíre related to but when is it too much?

Your birthday is the first piece of info collected when you sign up, and it’s great getting birthday wishes from friends and family when it appears in their newsfeed. But while Facebook is sending you balloons and funny memes, your birthday is now public knowledge. It seems harmless, but when you call your bank or other institution, what’s the first question they ask to verify your identity? Your birthday! Some password recovery systems even ask questions like “which high school did you go to?” assuming this is knowledge that only you would know. Except you’ve just publicly shared it on Facebook. Whoops!

We’ve all heard stories of people who’ve lost their jobs after less-than-wholesome pictures or statements have gone public. If you have a reputation to keep, you definitely don’t want pictures from last weekend’s private party showing up, especially if you really let your hair down. While you can’t control what others do with photos they take of you, you can control whether or not you’re tagged in them.

Fortunately, there are settings in Facebook that allow you to control who sees what information and what happens when you are tagged. Despite what you may have heard or seen floating around in a Facebook share hoax, you do have complete control over your Facebook privacy, and it’s easy to adjust.

How to Check and Adjust Your Facebook Privacy Settings

See what your account looks like to an outsider

From your Facebook homepage, click your name on the blue bar at the top of the page. Click the three dots next to “View Activity Log” and then select “View as”

Run a quick privacy checkup

Click the question mark in the top right corner and choose privacy checkup.

Think about what you really need to share and do people need to know the YEAR of your birth or just your birthday? Your friends will still get the notification, and you’ll still get the balloons.

Edit advanced privacy

While the checkup covers the most obvious info, you can go much deeper. Click the V-shaped dropdown to the right of the question mark. Go to settings and choose privacy.

Adjust timeline and tagging

In the privacy settings, you can explicitly control who can tag you, who can see or share the tagged content, and what shows up on your newsfeed.

Tightening your Facebook privacy only takes a few minutes, but it can save you a whole lot of trouble in the future.

If you need help with this, just give us a call!

Mobile Cyber Security

Cyber Security: 4 Ways to Travel Safe For Business

Working from anywhere is now as simple as accessing the internet on your device. Managers, owners, and employees are all embracing the flexibility of working while traveling, making it the new global norm. But while you were in the office, you were protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from the building, those protections disappear, leaving your device and the data inside at great risk.

Cyber attackers love to collect any data they can obtain, often preferring to hack first, assess value later. It doesn’t help that almost all data can be sold, including your personal details, those of your clients and suppliers, as well as your proprietary business data. These days, the information stored on your device is usually worth much more than the device itself.

Here are 3 ways a hacker will attack:

Flaunting Opportunity: Whether your employee left their laptop at a café or a thief stole the phone from their pocket, the outcome is the same – that device is gone. Hackers will take advantage of any opportunity to gain access to a device, including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes to install spyware, before handing it back.

Spoofing a Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers will take advantage of this trust to create their own free, unsecure network, just waiting for a traveler to check a quick email.

Intercepting an Unsecure Network: Hackers don’t need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

It’s okay, you don’t need to lock all employees inside the building or cancel all travel plans. Taking these four precautions will increase cyber safety and help protect your business data while on the go.

  1. Make a backup before you travel: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Don’t use public Wi-Fi: Wait until you have access to a secure network before going online – even just to check email.
  3. Use passwords and encryption: At a minimum, make sure you have a password on your device, or even better, have full drive encryption. That way, even if your data storage is removed from the device, the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate people. This might include your IT provider so they can change passwords, your bank so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

Need help with mobile cyber security? Call us at 570-779-4018

What to do if you think you have been hacked

What should you do if you think you have been hacked? Is there a new big site that has been hacked in the news? Not a surprise. What about those small sites that don’t even know they have been hacked that never make the news? Is something strange going on with one of your accounts?

First and foremost, change your passwords. If you use the same password for your e-mail as your hacked account, change it immediately before you doing anything else. You should use different passwords for different accounts. Especially your e-mail account!

 

How do you know?

Check your account activity. Does your account say you have done something or purchased something that you know you did not? Has your contact information or any other settings been altered in any way?

Check your inbox and deleted items.  Have you signed up for new services that you don’t remember signing up for?

Is your computer or device running slower than usual or behaving in odd ways? Use a malware scanner and virus scanner to check your devices thoroughly.

These could all be signs that you have been hacked. Even if these don’t appear in your accounts or computer, but you know you logged into one of those big sites in the news, reset your passwords anyway.

 

Reset your passwords

Make sure you use different complex passwords at each site.  Especially your e-mail account! Did I type that already?  Of course, I did! It is important. One of the easiest ways to keep track of and generate complex passwords is with a password manager.  Check our password manager article out here. Password managers like LastPass can be integrated into your workplace.  I still love LastPass and even use it on my phone now. If you used unique complex passwords at all your sites, you would only have to worry about the hacked one.

Not sure what password to use or what is a complex password?  Try these links:  Microsoft password checker, Password Generator

Use two-factor (2FA) authentication whenever possible. You should be thinking about your email here! Most of the big free email providers offer some level of 2FA. Also, consider using biometrics to ease the pain of entering passwords.

If it is too late and someone else changed your passwords, most of the major services have a system to recover your accounts. Rember that part about 2FA and using a different password for your e-mail? Well here is where it can really help since most of these services send a link to your email.

 

Let other people know

You should let your contacts know you think you have been hacked. One the way hackers attempt to use your hacked accounts is by sending messages or e-mails to people that trust you. They are more likely to follow a link or believe something you sent.

 

De-Authorize your apps

If you were hacked, there is a good chance the hacker logged into a device and authorized apps too.  This means even if you change your password, they will still have access.  You can usually find this feature under the security settings of the service you allowed access too.  Here are links to the big ones: Google, Facebook, and Twitter.

Password Security

Password security is extremely important these days. With all of the security breaches, there is a chance that your name, username, email and possibly password made it into the hands of people that mean to do harm. One of the best ways to defend yourself against these security breaches it to have unique strong passwords at each website. While in practice this a good idea, it is hard to follow this rule when you have a large number of usernames and passwords to track. A great tool to solve this problem is a password manager.

LastPass Password Security About six months ago I decided to follow my own advice and install the software LastPass. So far, I love it! LastPass is a password manager that I read about in a few reviews and liked the feel of the website so I thought I would give it a try. It also has the added benefit of being free. The free version works well for desktop use and there is a premium version which includes mobile device support. There is also an enterprise version which integrates with ActiveDirectory and allows for multifactor authentication.

A password manager really works well to keep track of multiple passwords for multiple websites. It is a great tool to help have a unique strong password for each website that you use. You do use different passwords for each website, right?? I now do a 2-step authentication and don’t have to enter another password until I walk away from the computer. Even if you set LastPass to remember your master password and not timeout (not recommended), it is one thousand times better than using the same password for every website. One of the great features is you can generate new passwords as you are making a new account on a new website. This makes it very easy to make strong unique passwords every time.

I was worried that the whole process would be cumbersome, but I have only run into minor inconveniences. The biggest inconvenience comes into play if you are somewhere that you don’t have your handy LastPass plugin to use. This problem is easily solved by logging into the LastPass website and retrieving your passwords via your password vault. The other issue has to do with commonly used logins like your Amazon or Apple ID. In this case, just use a password that you can remember and don’t use a complicated generated password. I would also recommend not using it to save your e-mail password so that you can reset your other passwords if you need to. Make sure these common website passwords are unique and use two-step authentication if possible.

All in all, any password manager is a great tool for password security. The inconveniences are insignificant compared to the benefits.