-1
archive,paged,category,category-managed-it-services,category-46,paged-12,category-paged-12,qode-social-login-1.1.3,qode-restaurant-1.1.1,stockholm-core-1.1,select-child-theme-ver-1.1,select-theme-ver-5.1.8,ajax_fade,page_not_loaded,wpb-js-composer js-comp-ver-6.0.5,vc_responsive
Title Image

Managed IT Services

June 28, 2021

There Are Serious Benefits to Setting Up a Knowledge Base

If you are looking for a way to smooth out the edges of your business, consider putting together a knowledge base that includes all policies, procedures, and other information so it is readily accessible by the people that interact within and from outside your business. Businesses that have well-documented policies and procedures have a tendency to have less difficulty onboarding new hires, fewer operational problems, and can always provide access to resources needed by employees, customers, and vendors. Today we will give you a few tips on how to successfully create a working knowledge base.

Step #1 – Figure Out What Knowledge Is Needed

The first step to creating a useful knowledge base for your business is to truly understand what information should be included. If too much information is included or is not easily defined, the platform can actually be a hindrance and even become a problem. You will need to determine what information your audience will need and where there are gaps in knowledge with your day-to-day operations.

Think about it this way, if you want to create a knowledge base that caters to your customers and your staff, you will need to know what their various concerns are. What questions do they continually ask? What part of your business is most hindered by information requests? You’ll need to take into consideration what information they regularly need to know and plan the makeup of your knowledge base around that. 

Step #2 – Choose the Type of Knowledge Base You Will Be Focusing On

There are six types of knowledge bases: Internal, hosted, self-hosted, customer, external, and open-source. Each has benefits but may not work for your particular situation. You have to make a decision on how you want to forge ahead. Here is a little information about each type of knowledge base system

Internal – Used by employees only. This typically includes policies for your company as well as workflow procedures to give workers access to the information they need to be as productive and efficient as possible without having to rope other employees in.

Hosted – This is a knowledge base system that is hosted in the cloud for ease of use for employees, customers, and vendors alike. 

Self-hosted – This is a knowledge base system that works much like the hosted system, but is hosted on company-owned servers. This provides more control over security.

Customer – Used to provide information to customers only. Many businesses forgo this option with a simple FAQ, but it is a good resource for support.

External – This is a knowledge base system that is publicly available and accessible. This is a great resource for sales and marketing teams as they attempt to find new customers. 

Open-source – The open-source knowledge base, like a wiki, is one that anyone can edit. This typically isn’t a great option for small businesses, but for groups of people that are passionate about a subject, it can be one of the best types of knowledge base on the Internet.

Typically, companies will set up a hosted or self-hosted knowledge base if they plan on supporting information geared towards employees and customers. 

Step #3 – Create Content

Using the research you conducted in step one, get the experts inside your business to create the content for the knowledge base system. This can take some time, but the more thorough your knowledge base, the more resolutions you will be able to facilitate without productivity interruptions. When creating content for your knowledge base, you want to keep things simple as to not exacerbate people’s problems. You want to keep a question-and-answer-based system that is searchable. You want answers to be clear, readable, engaging and have the utility necessary to solve the problems that someone would need solved when accessing this database. 

Step #4 – Don’t Just Set It and Forget It

You will absolutely want to continue to update information as it becomes available. This becomes easier if you make efforts to add it into the workflow when circumstances change. Having a knowledge base filled with inaccurate information won’t do your business any good, so you will want to understand which material is accessed the most and keep adding to it so it represents the most up-to-date information possible. 

The knowledge base can be a major benefit for any business as it can cut down on support costs, keep workflows efficient, and help with training.

Give Net Activity a call at 216-503-5150 if you would like to have a conversation about setting up a knowledge base system for your business.

By admin
June 24, 2021

Don’t Be A Victim Of Watering Hole Attacks

With cybercriminals continuously developing new ways to infiltrate networks and steal user data, it is more crucial than ever to stay one step ahead of these perpetrators. Protect yourself from one of the most common methods that cybercriminals use to inject malware into computers: watering hole attacks.

The term “watering hole” colloquially refers to a social gathering place where a particular group of people often go to. As internet users, we all have unique “watering holes” or websites that we visit frequently. A financial analyst, for example, is likely to visit websites related to financial investments and market trends.

In a watering hole attack, cybercriminals observe the watering holes of a specific demographic and infect their most visited websites with malware. Any user who has the misfortune of visiting any of these compromised sites will then have their computers automatically loaded with malware.

The malware used in these attacks usually collects the victim’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer.

But how does a cybercriminal choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Hackers these days are so highly skilled that they can exploit any website using a watering hole attack. In fact, even high-profile organizations like Facebook, Forbes, and the US Department of Labor have fallen prey to this scheme in recent years.

Protect yourself from watering hole attacks by doing the following:

Update your software

Watering hole attacks often exploit security gaps and vulnerabilities to infiltrate computers and networks. By updating all your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely

Regularly conduct security checks using your network security tools to detect watering hole attacks. Use tools like intrusion prevention systems that allow you to detect and contain suspicious or malicious network activities before they can cause problems. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities

Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature. Also, block social media sites from your office network, as these are often used as share points of links to infected sites.

Staying informed is one of the best ways to stay protected. As cyberthreats continue to evolve, it pays to be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

By admin
June 21, 2021

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers are actively hunting for vulnerable servers.

On May 25th, VMware released a patch that corrected for two critical security flaws, either of which would allow for remote code execution. These two flaws, tracked as CVE-2021-21985 and CVE-2021-21986, both had severity ratings of 9.8 out of ten.

Unfortunately, the software vendor can only do so much. The simple truth is that even when patches are released, most of the people and organizations using the software are notoriously slow to update, which creates an often large window of opportunity that hackers can exploit.

In a recent VMware blog post, a company representative wrote:

“In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

It’s a grim outlook, but the central point of the blog post is certainly valid. In any case, the CISA has issued formal recommendations that include patching right away and reviewing VMware’s advisory on the matter, as well as the FAQ the company published on their website relating to the matter.

All of that is sound advice, so if you use any of the VMware products mentioned above and if you want to minimize your risks, you know what to do. Here’s hoping that we can get the word out quickly enough to prevent attacks via this avenue. It would be nice to hand the hackers a decisive defeat.

By admin
June 17, 2021

The Hybrid Workforce Is Here

The COVID-19 pandemic forced the way people worked drastically, and it did it very suddenly. As more people are being vaccinated, offices are starting to reopen. Workers, who gained substantial flexibility by working from home, however, are now expecting some of that flexibility to continue. Employers, who up until mandated shutdowns were not enthusiastic that they could make the remote workforce work for their companies are now set up to manage them proficiently. This month we thought we would take a look at the inevitable compromise that is being reached: the hybrid workplace.

A Necessary Shift

For years, workers had been chomping at the bit to be allowed to work remotely. Some companies made it work for them, while others attempted it only to realize that it was too difficult or in some cases costly to permanently utilize the strategy. The lion’s share of companies axed the idea from the get-go. This all changed when jobs that could be done remotely were moved offsite due to health concerns surrounding the COVID-19 pandemic. Companies that for years had been denying their workforce the ability to work from home, now needed people to.

Obviously, some businesses weren’t set up for this. Others, that had invested in cloud-hosted tools as a way to control capital costs, were miles ahead. Most businesses needed to make adjustments, as did most workers. Regardless of how management viewed the work-from-home model, the sustainability of many businesses was at stake, and as a result, it was clear how the situation had to be approached. Business owners and managers needed remote workers to keep their businesses running.

Workers From Home

For many workers, there was some excitement when they were forced to work from home. Over time, however, some workers have shown fatigue. Others have prospered. Workers with children who were also home for much of the time due to the same health concerns, found it to be both a benefit and a curse. As regulations start to ease some workers, who have thrived during this period, are afraid that the good work they put in during the pandemic won’t be rewarded as their management teams bring people back to the workplace. Others just want to get out of their houses and are looking forward to the personal interaction they typically have at work. There are a lot of different situations and a lot of different perspectives.

Ultimately, given the flexibility that remote work provides, a lot of workers simply don’t want to go back to how it was before. The studies that have been conducted over the past several months make this clear. In fact, one survey found that 87 percent of workers that worked remotely over the past year would like the ability to continue to do so in some fashion after the risks subside.

The Compromise

With the lack of concert expectations from management and the workforce, the workforce of the future will likely adopt some type of hybrid model. What this means is that workers will be asked to be in the office on certain days and be able to continue to work from home on the others. This is not just because workers want to work from home. It is also because people are going to be worried about going back to work with the COVID-19 pandemic still an issue, even if they are vaccinated. It’s just an uncomfortable situation, especially as tens of millions of people outright refuse to get the vaccine. 

The hybrid model still needs to be hashed out for a lot of businesses, including who would work from where when. Do you need to schedule specific days for people to be in the office, or would it be more about who needs to collaborate or use internal resources that are more secure and more readily available from the confines of the office? Your individual business will dictate how the hybrid workplace should be structured at your company. 

The Main Benefit of the Hybrid Workplace

While it doesn’t seem like there are a lot of benefits on the surface to doing business this way, you need to understand just how expensive it is to replace workers. As mentioned above, workers will look for the situations that will benefit them, and for a business that has been operating for over a year with a completely remote workforce, allowing your employees to work from home a couple of times a week is a compromise that you have to make. Your employees want flexibility and making this move will help your retention rates and your staff’s overall happiness. Ultimately, you save from having to replace the workers that will most likely leave if you were to make them come back to the office full-time.

The post-pandemic workplace will look different, but through the use of technology, you can successfully move on from the pandemic with your staff intact. If you want to talk to one of our IT consultants about the technology that can help you successfully implement the hybrid workforce strategy in your business, give us a call today at 216-503-5150.

 

 

By admin
June 14, 2021

A Solid Mobile Device Strategy Needs These 3 Components

It’s no surprise that mobile technology has infiltrated the workplace in more ways than one. Many businesses issue company-owned devices to their employees to get work done while out of the office, while others allow employees to bring their own devices, or use their own laptops and smartphones for fulfilling their day-to-day duties. That being said, it’s important to remember that mobile devices need to be managed in a very specific way to maintain security.

Let’s discuss how your business can manage the benefits of mobile devices in the workplace without sacrificing security.

Remote Wiping

Let’s say that one of your employees goes on a business trip and they set their briefcase down for a moment while they order a cup of coffee or some other task. When they return, the briefcase is gone, along with any devices that were in it. Besides scolding the employee for their negligence, your first thought might drift to the question of “What about the data found on that laptop?” What might the thief do with such data? The possibilities should have you concerned. Should you fail to recover the device, you will want the capabilities to remotely wipe the device of any and all sensitive data. This is to ensure that hackers don’t make use of it against your organization and to comply with various data privacy regulations. While it might stink to lose the device and have to replace it, it would stink more to have that data fall into the wrong hands.

 

Whitelisting and Blacklisting Applications

Some smartphone and desktop applications will be more secure than others, meaning that you will need to be extra cautious in what you allow applications to access on your devices. While we encourage all users to pay attention to what permissions are granted to applications, this is especially important for businesses. You should have the capabilities to whitelist and blacklist applications based on their potential merits or risks, thus keeping your devices (and data) as secure as possible.

 

Managing and Tracking Devices

Finally, you will want to consider a method for keeping track of any and all devices used to access your organization’s data. This includes any company-issued devices and employee-owned devices used for work purposes. You want to know who has which device at any given time, when that device was issued, what the employee is using the device for, etc. All of this helps you keep track of devices so that you can be sure they are being used effectively and, most important of all, safely.

 

Implement a Mobile Device Management Policy

If you want a comprehensive all-in-one policy to keep track of your company’s mobile devices, look no further than mobile device management from Net Activity. We can help your business stay on top of its mobile devices and reinforce best practices at every turn. To learn more, reach out to us at 216-503-5150.

By admin
June 10, 2021

Here’s The Right Way To Inventory Your Technology

Businesses use technology to varying degrees, but even small businesses have a lot of technology that must be tracked on a daily basis. With so many devices floating around the office, how are you making sure that you know who has which device, when it was issued, and how it’s being used? We suppose the question is not “how” you are keeping track of it all, but “if.” For this task, we recommend implementing an inventory tracking system for your business’ technological assets.

 

Do I Really Need One?

In short, yes, and for a number of reasons. Even small businesses have a ton of technology that is constantly being assigned, reassigned, and taken out of the office. Take, for example, the average employee. They might have a work desktop that stays at the office, a company-issued laptop for working remotely, and maybe even a company-issued smartphone to stay in touch while out and about. It makes sense to track who is in possession of which device from both a logistics and security perspective.

 

That said, your tracking system will be made up of two different components: the tracking method itself and the records you keep. You could, of course, keep a paper leger of technology, complete with manual sign-in and sign-out, but this system is just begging to be replaced by technology. Paper records are much less secure and prone to user error, so we encourage you to use one of the following methods for tracking your business tech.

 

Tracking (Barcodes, RFID)

There are two ways that your business can track inventory coming into or out of your organization. The first is through the use of a barcode scanner system. In this case, you assign each piece of technology, be it a laptop or smartphone, a barcode. When the device is assigned to someone, you simply scan the barcode. This records in the system that the device is “checked out,” so to speak, along with all other necessary details (which we will get to in a moment).

 

The other notable method of tracking your technology is to use what’s called Radio Frequency Identification (RFID) technology. The difference between the two is that unlike barcodes, which are just pieces of paper with a pattern printed on them, RFID uses microchips attached to the device. There are two types of RFID technology that can be used: passive and active. In an active system, the microchip is tagged when the device moves through a reader (kind of like a scanner in the aforementioned system). In a passive system, the microchip is tagged when it enters or leaves a specific radius.

 

Electronic Record Keeping

Whichever method you decide to go with, it should be hooked up to automatically populate information into an electronic record-keeping system. As for what information should be included in said system, you will want to know who is taking the device, what the device is, what the device will be used for, contact information for the employee taking the device, and any other information that you might find pertinent. Essentially, what you should be aiming for is enough information to be able to track down the employee should you need to retrieve any assigned devices.

 

Need Help Getting Started?

As you might have guessed, this kind of tracking system can be used for much more than just technology. Net Activity can help your business get set up with an inventory tracking system that will help you reduce waste, increase your bottom line, and improve redundancy. 

 

When we work with a business, we track every device we implement or touch. That way, we can track the overall history of support over the lifespan of the device. We’re big on documenting and linking all of our documentation to the device and user because it helps us streamline and provide the best support possible.

 

To learn more, reach out to us at 216-503-5150.

By admin
June 7, 2021

Defend Your Business From These 5 Types Of Hackers

“Know thine enemy” — it means to get to know them and their motives. In this blog, we take a close look at the five types of dangerous hackers, what their motives are, and how they operate.

Script kiddies
In terms of skill, script kiddies (or skids, for short) are at the bottom of the hacker totem pole. Their name comes from the fact that they use scripts or other automated tools written by others. They are often young people on a quest for internet notoriety or simply bored and searching for a thrill.

Script kiddies shouldn’t be dismissed so easily, however. The ILOVEYOU virus, considered one of the worst malware on the planet, was developed by skids.

Hacktivists
Hacktivists often hack into businesses and government systems to promote a particular political agenda or to effect social change. These so-called “hackers with a cause” steal confidential information to expose or disrupt their target’s operations.

Even if you’re a small- or medium-sized business (SMB) owner, you’re not immune to hacktivist attacks. This is especially true if your company is associated or partnered with organizations that are prime hacktivist targets.

Cybercriminals
Cybercriminals break into digital systems or networks with the intent to steal, destroy, taint, and/or lock away data. They usually target individuals, SMBs, and large companies that have exploitable weaknesses in their cybersecurity.

Cybercriminals attack using a variety of methods, including social engineering tactics to trick users into volunteering sensitive personal or company data. This information is then used for identity theft, sold on the dark web, or leveraged to launch attacks against other businesses. Cybercriminals can also infect computers with ransomware and other types of malware.

State-sponsored hackers
True to their name, these hackers are backed by governments. The hackers’ goal is to promote their backer’s interests within their own country or abroad. In most cases, this involves taking down websites that criticize the state, swaying public opinion, cyber-terrorism, and leaking top-secret information, among others.

As they are, state-sponsored hackers are already dangerous to business owners, but even more so when they make it their goal to cripple an entire country’s financial system or disrupt commodity supply lines. This could involve interfering with the economy or disrupting business operations. Tech and pharmaceutical companies are a frequent target, but businesses in other industries aren’t safe from state-sponsored hackers either.

Insiders
The scariest type of hacker is the one that lurks within your own organization. An insider can be your company’s current and former employees, contractors, or business associates. Oftentimes their mission is payback. They’ll steal sensitive documents or try to disrupt the organization’s operations to right a wrong they believe a company has done to them. Edward Snowden is a prime example of an insider who hacked the organization he worked for — the US government.

Malicious hackers are always changing their tactics to meet their goals, making them an ever-present threat to any organization, including yours. You must stay one step ahead by working with cybersecurity experts who can help protect your company from dangerous hackers and other cyber threats. Contact our team today to get started.

By admin
June 5, 2021

Windows 10 To Get Several New Features

Recently, Microsoft announced that later this year, Windows 10 will get a significant update to be called Windows 10 Version 21H2, which will feature a significant number of updates and enhancements. Among other things, these updates will include a couple of aesthetic enhancements such as a redesigned Start Menu, with a new option added to the “Power” sub menu allowing you to restart apps after signing in when you reboot your device.

Another aesthetic tweak is the addition of a new system font. It isn’t much of a departure from the current font (within the same family), but does solve for legibility issues, no matter how large or small the font is.

In addition to that, Microsoft will enable support for HDR mode in apps that use ICC (International Color Consortium) profiles. This includes programs like CorelDraw, Adobe’s Lightroom Classic, and Adobe Photoshop. In a nutshell, the new feature will enable programs that support it to generate accurate colors and access the full range of your HDR display.

One of the more exciting additions added to the mix is a news feed for the taskbar, which will work a lot like “Google Discover” works on Android devices. Bearing the title “News and Interests,” it will display abbreviated news stories, sports scores, or summaries of articles you may be interested in, based on your interests and physical location.

The news feed will be pinned to the taskbar and users can hover over the weather icon to access it. Additionally, you’ll be able to customize your feed by clicking on the “Manage Interests” button which will launch a customization page in the new Chromium-based Edge browser.

On top of all this, you’ll also find enhancements to your display settings, camera settings and even a new touch-friendly interface for File Explorer. While none of these changes are game changers, taken together, they represent a significant step forward in terms of overall user experience. Kudos to Microsoft. The upcoming enhancements look fantastic and we can hardly wait to start playing with them.

By admin
June 1, 2021

Breaking Bad Habits – 4 Ways Your Employees Are Putting Your Business At Risk Of Cyber-Attack

Several years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

Your employees are instrumental when it comes to protecting your business from cyber threats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might be endangering your business and themselves — and what you can do about it.

  1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

  1. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like 1Password and LastPass that make it easy to create new passwords and manage them across all apps and accounts.

  1. They’re Not Using Secure Connections. This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.

  1. They’re Not Aware Of Current Threats. How educated is your team about today’s cybersecurity threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of a data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses around the world – and hackers are relentless. They will use your own employees against you if given the chance.

Your best move is to get your team trained up and educated about current threats facing your business. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and to avoid everything we’ve talked about in this article. Education is a powerful tool and, when used right, it can protect your business and your employees.

By admin
May 27, 2021

Are You Following These Password Best Practices?

Passwords are probably the most important part of keeping accounts secure. That’s why it is so important to follow industry best practices when creating them. Today, we’ll take a look at the standards outlined by the National Institute of Standards and Technology (NIST) in creating the best and most secure passwords.

What Is NIST?

For years, NIST has been the predominant organization in the establishment of password creation standards. They continuously change their advised practices to meet with the current cybersecurity demands. They recently updated their guidelines so we thought we would go over what strategies they suggest, to give you an idea of what makes a secure password. 

New Guidelines

Many corporations are currently using the NIST guidelines and all Federal agencies are expected to utilize them. Let’s go through their newest password guidelines step by step. 

#1 – Longer Passwords are Better than More Complicated Ones

For years, it was preached that the more complicated the password, the more secure the account. Today’s guidelines refute that notion. NIST suggests that the longer the password, the harder it is to decrypt. What’s more, they suggest that organizations that require new passwords meet certain criteria of complexity (letters, symbols, changes of case) actually make passwords less secure. 

The reasoning behind this is two-fold. First, most users, in an attempt to complicate their passwords will either make them too complicated (and forget them) or they will take the cursory step of adding a one or an exclamation point to the end of a password, which doesn’t complicate the password as much, if at all. Secondly, the more complex a user makes a password, the more apt they are to use the same password for multiple accounts, which of course, is not a great idea.

#2 – Get Rid of the Resets

Many organizations like to have their staff reset their password every month or few months. This strategy is designed to give them the peace of mind that if a password were compromised that the replacement password would lock unauthorized users out after a defined set of time. What NIST suggests is that it actually works against your authentication security. 

The reason for this is that if people have to set passwords up every few weeks or months, they will take less time and care on creating a password that will work to keep unwanted people out of the business’ network. Moreover, when people do change their passwords, they typically keep a pattern to help them remember them. If a previous password has been compromised, there is a pretty good chance that the next password will be similar, giving the attacker a solid chance of guessing it quickly. 

#3 – Don’t Hurt Security by Eliminating Ease of Use

One fallacy many network administrators have is that if they remove ease of use options like showing a password while a user types it or allowing for copy and pasting in the password box that it is more likely that the password will be compromised. In fact, the opposite is true. Giving people options that make it easier for them to properly authenticate works to keep unauthorized users out of an account. 

#4 – Stop Using Password Hints

One popular way systems were set up was to allow them to answer questions to get into an account. This very system is a reason why many organizations have been infiltrated. People share more today than ever before and if all a hacker needs to do is know a little personal information about a person to gain access to an account, they can come across that information online; often for free.

#5 – Limit Password Attempts

If you lock users out after numerous attempts of entering the wrong credentials, you are doing yourself a service. Most times people will remember a password, and if they don’t they typically have it stored somewhere. Locking users out of an account, at least for a short period of time is a good deterrent from hackers that use substitution codes to try and guess a user’s credentials. 

#6 – Use Multi-factor Authentication

At Net Activity, we urge our clients to use multi-factor or two-factor authentication on every account that allows them to. According to NIST they want users to be able to demonstrate at least two of three authentication measures before a successful login. They are:

“Something you know” (like a password)

“Something you have” (like a mobile device)

“Something you are” (like a face or a fingerprint)

It stands to reason that if you can provide two out of three of those criteria, that you belong accessing the system or data that is password protected. 

Security has to be a priority for your business, and password creation has to be right up there with the skills everyone should have. If you would like to talk to one of our IT experts about password management and how we can help your business improve its authentication security, give us a call today at 216-503-5150.

By admin

Special Year End Pricing !!

Microsoft Teams Rooms Systems For Small/Medium Meeting Room

Get Special Pricing
Menu