CyberStreams

Beyond The Password Dilemma: Multifactor Authentication Multifactor authentication (MFA) boosts security by requiring multiple credentials, making unauthorized access harder even if a password is stolen. It’s like needing both a passphrase and a biometric scan in a spy movie. Two-factor authentication (2FA) is a form of MFA using two security layers. Though slightly different, these terms are often used interchangeably. MFA uses three types of information: things you know (passwords, PINs), things you have (phone, security badge), and things you are (biometrics like fingerprints). Here’s how it works: after entering your username and password, you’re asked for additional verification. This could be due to recognizing an unfamiliar device or receiving a code via text or an authenticator app. Even with strong passwords, breaches can occur, as seen with AT&T and T-Mobile. Changing your password post-breach is best practice, but not everyone does. Without MFA, hackers could easily access your account. With MFA, unauthorized access becomes highly unlikely. Receiving an unexpected MFA request may indicate someone passed the initial login step but was blocked by MFA, or it might involve “MFA fatigue,” where bad actors initiate repeated authentication requests causing users to approve, just to stop them. Though it may seem inconvenient, enabling multifactor authentication (MFA) is crucial to account security. It might slow you down a bit, but it makes unauthorized access nearly impossible. Even if it's optional, using MFA significantly increases your protection. Using challenge questions like "What was your childhood best friend's name?" or "make and model of your first car?" can be vulnerable to social engineering and aren’t as secure as MFA. Microsoft’s article “Your Pa$word doesn't matter” highlights that strong passwords alone aren't enough—MFA is essential for true security. These include: Credential Stuffing – where a bad actor takes one set of credentials from the dark web and tries them on many different sites. Phishing – when you’re tricked into logging into a site that looks legitimate but steals your credentials. Keystroke Logging – when malware on your computer captures all keystrokes, including credentials. Physical Access – for instance, recovering data from improperly disposed of hard drives at e-waste recyclers Password Spraying – where bad actors use a list of passwords recovered from a breach against accounts. Brute Force – just trying every possible combination until a password works. I've put together three takeaways and next steps: 1. Set IT Up Everywhere If you have any systems or sites not protected by MFA, set it up now. 2. Make IT Redundant Most sites will allow you to set up multiple MFA methods, such as SMS & authenticator. Do this in case your primary method is unavailable when you need it. 3. Do IT Anyway MFA is Inconvenient. Do it anyway.

Happy Thanksgiving from all of us here at ????????????????????????! ???? We want to take this opportunity to express our gratitude to our amazing clients and dedicated employees. Your trust and hard work are the foundation of our success, and for that, we say thank you. May your Thanksgiving be brimming with tasty dishes, cherished moments with family and friends, and a wealth of gratitude. #Thanksgiving #Thankful

?????? ???????????????? ?????????????? ????????????: ???????????????? ???????????????? So, you know that you need strong and unique passwords, but you have a problem. You can't remember all these passwords and change them frequently enough. The average person manages around 100 online accounts. How can one remember that many strong, unique passwords? From banks and Amazon to social media and utilities, we log in everywhere. Accordingly, people tend to fall into bad password habits like reusing them, opting for short ones, writing on post-its, or using physical password books. Reusing passwords may seem convenient, but it’s a huge security risk. But it's impossible to remember strong, unique passwords for every site. Right? Password managers help balance the need for strong passwords with convenience by storing them securely and generating complex ones as needed. While many people save passwords in their browsers for convenience, this isn't safe. Weak passwords are the leading cause of data breaches. 60% of small and medium-sized businesses do not enforce password policies and very few have insight into their employees' password practices. Nearly two-thirds of employees use the same passwords for multiple accounts. As a business leader, are you aware of your employees' password hygiene? Even with strong passwords facilitated by a business class password manager, through no fault of your own, your passwords could still wind up exposed on the dark web. If a company you work with has a breach, your password may be exposed and sold. The dark web refers to websites on an encrypted network, accessible only with special browsers like Tor. These sites aren't indexed by search engines and often facilitate illegal activities, including drug sales, weapons trafficking, and stolen data exchanges, while also enabling anonymous communication for sharing sensitive information. A password manager can inform you in real time about compromised passwords and accounts shared on the dark web, empowering you to take proactive measures against data breaches. I've put together three takeaways and next steps: 1. IT’s Not Safe Don’t store passwords or accounts in your web browser. These can be easily exported in plain text by bad actors or anyone with undue access to your computer. 2. IT’s Not Your Fault Breached data ends up on the dark web through no fault of your own. Regardless, you need to immediately change those passwords on any accounts where it’s been used. 3. IT’s Manageable Use a centrally managed password manager for your business. Generate and store passwords and account information for all users. Users must remember only 1 strong and unique password. Utilize the reporting to determine if any proactive action needs to be taken.

?????????????????? ????. ??????????????????????: ?????? ???????????????? ?????????????? How do you create your passwords? Do you include personal information such as names, birthdays, addresses? Do you use words with cleverly exchanged Ch@rA<t3R$? Stop! Here’s the simple truth; if you can remember it, a hacker’s computer can guess it. Recently, the Department of the Interior tested its own security by hacking itself. The Inspector General's report revealed that within 90 minutes and for under $150,000, they obtained plain text passwords for 16% of user accounts. The most common password was "Password-1234". Although this is better than past results where 20-40% of passwords were cracked, it still poses a significant risk. A World Economic Forum report titled “this chart shows how long it would take a computer to hack your exact password” demonstrates how easily weak passwords can be cracked. Their chart reveals the time required for a computer to break your password based on its length and character, symbol, and number mix. Each additional character in a password exponentially increases possible combinations and, commensurately, the time required to crack it. Getting locked out of an account might indicate a hacking attempt if it's not you trying to access it. The three-strikes lockout rule helps safeguard your security by preventing brute force attacks. Lockouts are a security measure, not arbitrary IT decisions. Creating a strong password can be easier with a passphrase, which is a longer but memorable sentence. Ensure it includes mixed cases, numbers, and symbols. For example, start with "My cat likes burritos from Hacienda" and replace some characters with numbers A report by LogMeIn and the National Cyber Security Alliance reveals that while many understand the risks of weak passwords, they aren't applying this knowledge to protect against cyber threats. Just like how you know you should go to the gym, but you don’t, and that puts your health at risk. Avoid reusing passwords. Hackers can use credential stuffing to try your password on other sites you visit. If your LinkedIn password is breached and is the same as your bank password, your bank account is also at risk! A forced password reset policy can weaken security. Users might write passwords down, reuse them, or create overly simple ones to avoid forgetting them. It's better to keep a strong password until there's a specific reason to change it, such as a breach. I've put together three takeaways and next steps: 1. IT’s not 1995 8 characters is not long enough for a password any longer. Longer is better and, in 2016, Microsoft & NIST increased their recommendations that a password should be LONGER than 12 characters. 2. Knowledge is Power but Wisdom is Application More than 90% of computer users know they shouldn’t reuse passwords. 66% of them do it anyway. 3. I’m Not A Target After being notified of a breach, 52% of people do not change their passwords.

#TechTipTuesday #SLAM Curious About SLAM???? Get the full picture by watching our engaging video—click here to learn more! https://lnkd.in/g7pGZeyz

?????????? ???????????? ?????? ????????: ?????? ???? ???????? ???????? ???? ???????????? ?????????? Social media is a great tool for connecting with people… anything from sharing photos, reconnecting with old friends and finding like-minded individuals or groups to exchange ideas and connect over shared hobbies. It's also a powerful tool for businesses to market products and events, stay updated on industry trends, and prospect for new customers. But is there such a thing as oversharing? And if so, at what point does social media become a risk? Hackers can access your personal information through your profile and the details you share. Your mother's maiden name, your high school, childhood nickname, college mascot, first pet—these are common password recovery questions. Don't make it easy for someone to compromise your account! And be cautious of seemingly innocent and fun online quizzes, as many are designed to harvest personal information. The seemingly harmless quiz revealing your romantic preferences or telling you which friend character you are might actually be malicious. First job? Favorite TV character? Favorite band? Do these sound familiar? Think carefully before participating. So, familiarize yourself with your account's privacy settings, which often change without notice due to updates to social media platforms. Review these regularly to ensure they are configured to your liking. And if you're going on vacation, consider waiting until your return to post about it, so you don't alert potential criminals that your home is empty. Additionally, don’t share photos of your boarding pass. The barcode contains critical information such as your full name, flight details, and airline account number. Seemingly trivial pieces of information can be pieced together to guess login credentials or even create fake accounts in your name. Having a deeper understanding of the various risks will help you protect yourself online. With the rising popularity of social media for personal and business purposes, it’s become a growing target for cybercriminals. By increasing your cyber-awareness and implementing protective measures, you can ensure that social media doesn’t become a source of trouble for you. I've put together three takeaways and next steps: 1. Think Before You Post Could what you’re about to post be useful to a criminal? Does it tell them anything about where you or someone you care about are? Or where you are not? Could they use it to build trust or impersonate? 2. Will The Real Slim Shady, Please Stand Up? There are many impersonated profiles on social media, posing as both famous and regular people. Is the person you’re talking with really who they say they are? 3. Don’t Get Spear Phished When you receive an email or a chat that seems very convincing like they know all about you, your friends, your interests… Keep in mind all the things you’ve posted online.

Outdated Tech: A Cybercriminal's Playground Cyber criminals constantly find new ways to exploit vulnerabilities for profit. In this ongoing battle, it's crucial to keep your tech updated. When notified about updates, install them promptly—it's free and worth the effort. Microsoft, the leading software provider, operates on 1.4 billion computers globally. They release monthly updates on the second Tuesday, known as Patch Tuesday, alongside occasional critical updates. Security flaws are researched and patched; installing these patches keeps you secure. People ask why Microsoft appears insecure with frequent patches. While Microsoft's updates are highly publicized, all technology requires regular updates for security. For example, iPhone updates also include security patches, but Apple doesn't detail them as clearly. Similarly, Adobe, Android, Cisco, Chrome, Zoom, and other tech products are susceptible to security threats and must be kept current. Eventually, your device will lose support, requiring an upgrade. At that time, there won't be Technical Support, bug fixes, or security updates available to protect your PC from viruses, spyware, and ransomware. Once support ends, your software will still work but won't get updates. Cybercriminals exploit this, knowing many delay upgrading. In January 2020, Microsoft stopped supporting Windows 7, prompting a global push to move to Windows 10. A recent report on The Verge indicates that around 100 million PCs still run Windows 7. When extended support ends, users face security risks and fall out of compliance with frameworks like HIPAA, the various state data security laws, and more. In 2017, the wannacry ransomware affected 300,000 computers across 150 countries. Although Microsoft issued a patch for the vulnerability two months earlier, many systems remained unpatched, including millions running outdated Windows XP. Britain's National Health Service was severely disrupted, leading to patient diversions due to their inability to provide care. The Massachusetts data security law which, went into effect over 10 years ago, contains requirements to keep computers up to date. This is just one example; CCPA, NYSDFS, Colorado data privacy law, the Oregon consumer identity theft protection act, and more are passing every day. Hanging on to old technology and ignoring updates results in risk and related expenses. Think about an old house without smoke detectors and old faulty wiring? I've put together three takeaways and next steps: 1. Keep IT Updated Update all of the software on everything. Software updates are a free and easy step to significantly improve your security. 2. Keep IT Modern Replace any hardware older than 5 years. 3. Keep IT Alive Remove from your network and dispose of any technology that is out of support and beyond it’s manufacturers end-of-life date. This would include just about anything over 10 years old.

Transforming IT from a Cost Center to a Strategic Asset All businesses, regardless of size, are at risk. Small businesses may feel like they are not targets for cyber attacks either due to their size or the perception that they don't have anything worth stealing. Only a small percentage of cyber attacks are considered targeted attacks, meaning the attacker group is going after a particular company or group of companies in order to steal specific data. The majority of cyber criminals are indiscriminate; They target vulnerable computer systems regardless of whether the systems are part of a Fortune 500 company, a small business, or a home user. Those last three statements are from the Department of Homeland security. Here are some other things to consider about cyber incidents. Companies like Boeing, Target, Marriott, AT&T, Equifax, Dell, Ticketmaster, and CDK Global have all faced major cyber incidents and recovered. One in six municipalities has been hit with a cyber incident. More than half of cyber incidents hit small businesses. Large corporations have the resources to bounce back from significant events, whereas small businesses with tight budgets and limited resources might not survive. It’s not acceptable to just say we’re not a target or we don’t have time or budget to focus on cyber security; or we don’t understand that stuff. You bank online. You use social media. You order rides or food on apps. You’re in front of a computer right now. Chances are there are lots of things in your business that you would rather not do, but you do them because they must be done. Well, if that’s where you’re at with IT & Cybersecurity, then let IT fall into that bucket. The great news is there are many simple, affordable ways to significantly improve your IT and Cybersecurity. Most companies I work with discover another truth: when IT becomes a strategic focus rather than a cost-center, business operations improve. Obstructive technology gets resolved, and overlooked tech makes the team more effective. I've put together three takeaways and next steps: 1) Implement Cybersecurity Basics Start with simple and affordable measures such as updating software regularly, using password managers, and enabling multi-factor authentication. 2) Assess Your IT Evaluate your organization's technology use to find areas for improvement or risk. Prioritize these findings and create a plan for gradual enhancement. Quick, valuable opportunities often come at low cost. For example, Microsoft Copilot for 365 can boost quality, reduce completion times, shorten learning curves, and suggest innovative ideas by allowing employees to interact with AI about their work. 3) Seek Professional Assistance When you're ready to transform IT from a cost-center to a strategic asset, treat it like other critical business processes, like accounting or legal. Bring in experts to help develop a management plan or handle it entirely.

The Third-Largest Economy is Not Who You Think From the humble beginnings of the first computer virus to the sophisticated attacks we see today, understanding the evolution of cyber threats can help us contextualize the economic landscape of cybercrime and what that means for our businesses. It all started with the Creeper virus in 1971, a self-replicating program that displayed the message, "I’m the creeper, catch me if you can!". Fast forward to today, and cybercrime has evolved into a multi-billion-dollar industry, far removed from those early, almost playful experiments. The primary driver behind most cybercrimes is money. According to the Verizon Data Breach Investigations Report 2024, financially motivated attacks account for a significant portion of all breaches. Cybercriminals target businesses of all sizes, knowing that even small businesses can yield valuable data. The rise of cryptocurrencies like Bitcoin has enabled cybercrime to scale. These digital currencies provide a level of anonymity that makes it incredibly difficult to trace transactions. A study revealed that cybercriminals have amassed fortunes through Bitcoin, with ransomware alone generating millions. Ransomware as a Service (RaaS) has democratized cybercrime. Even those without technical skills can launch ransomware attacks by purchasing ready-made kits from the dark web. RaaS has made it easier than ever for criminals to get involved in cybercrime, leading to a surge in ransomware incidents. And the chances of getting caught are slim. The World Economic Forum estimates that the likelihood of a cybercriminal being prosecuted is 50 in 100,000. This low risk, combined with the potential for high rewards, makes cybercrime an attractive venture. The financial impact of cybercrime is staggering. In 2021, global damages were estimated at $6 trillion, and this figure is expected to reach $10.5 trillion annually by 2025. To put this into perspective, if cybercrime were a country, it would have the third-largest economy in the world, behind only the US and China. So, cybercrime is bad, but what do you do with this information? I've put together three takeaways and next steps: 1. Financial Motivation Cybercrime is primarily driven by financial gain, making every business a potential target. 2. Vulnerability of Small Businesses Small businesses are particularly vulnerable to cyberattacks. Often lacking the robust security infrastructure of larger corporations, they can be seen as easy targets. 3. Incident Response Plan Develop and maintain an incident response plan. This should outline the steps to take in the event of a cyberattack, including communication strategies and recovery procedures.

When we think of cyber threats, we often imagine external forces like hackers or malware. That's what makes the headlines, after all. ?? But did you know that some of the most dangerous threats may come from within your team? Insider threats - whether from careless employees, disgruntled ex-staff, or insiders collaborating with external attackers - can wreak havoc on your organization. Here are key red flags to watch for: ???U???????????? ????????????????: Employees suddenly working odd hours or showing dissatisfaction? These could be early signs of trouble. ??????????????????????? ???????????? ????????????????: Is someone asking for access to sensitive data outside their role? Be alert—they could be planning something harmful. ??????????????????? ???????????????? ????????????????: Consistent disregard for security rules could signal more than negligence—it might be a deliberate attempt to exploit system weaknesses. Don't let hidden threats from within undermine your security. Protect your business from every angle. ??? #InsiderThreats #Cybersecurity #DataProtection #SecurityAwareness