Menu

All Posts by Hana LaRock

About the Author

Hello! My name is Hana and I am the content writer for Smeester & Associates. I was born in raised in Long Island, New York, but I have lived abroad and traveled many places over the last four years. I currently reside in Mexico City.

It’s been an exciting challenge to write about topics associated with the importance of cyber security in small business. Every day, I myself am learning more about this industry and what it can do for small business owners around the country.

I have years of content writing experience and I have been published on both print and web. Any topics you want to see discussed here? Shoot me an email at info@smeester.com.

Dec 08

What Companies Do After Data Breaches That’s Causing More Harm

By Hana LaRock | CEO Best Practices , Security , Security Best Practices

Data breaches can happen to any company. No matter what industry you work in, there’s always a threat out there. While companies can be doing a lot to stop a breach before it happens, they sometimes have to learn the hard way that they’ve made an error somewhere along the line.

But, it’s not always what companies do before a breach happens that’s a problem. Sometimes, it’s what they do afterward that results in more serious problems long-term. However, if companies can be aware of what mistakes they can make following a data breach, then they can do a better job of cleaning up the mess and getting back on their feet.

Of course, if you ignore this advice, then you could be making things much worse:

Trying to Keep it Quiet

When a breach happens, there’s no doubt that it’s embarrassing. You’re well aware of what people will say about your company, and that some customers may decide to stop buying your products and services altogether. But, it’s always important to remember that honesty is the best policy. And, in today’s world, if you fail to be honest, people will eventually find out anyway, and wonder why you didn’t come forward in the first place.

We’ve seen it in the headlines with major companies. Equifax, Target, Yahoo…all of these companies waited quite some time before reporting the breach to the news. Uber failed to say anything at all. But, often times, the public beat them to it, leaving customers asking, “Why?”

If consumers know about the breach, they have time to call their banks, change their passwords, and secure their information. Most people are also understanding that breaches happen. What they can’t understand is why the company would waste any time in helping them their consumers protect their data.

If your company experiences a data breach, inform relevant parties ASAP. If you’re still waiting for information, you can let your customers know that you will give them more details as soon as possible. Of course, having a protocol in place to deal with this is very important.

Not Giving Correct Information

Perhaps what’s worse than trying to cover up a breach is giving the wrong information about it. While you should give a press release as soon as you can, it’s never okay to jump to conclusions and then report those conclusions to consumers. Instead, you can say “We’re waiting for more information at this time,” instead of flooding the media with information that isn’t necessarily true. Many major companies have done things like this on various occasions, leading to more confusion and questions that could have been avoided.

Trying to Protect Your Reputation and Taking it Too Far

In addition to keeping a breach “hush-hush,” companies also make the mistake about fretting over their reputation too much. And, as we’ve all learned, sometimes putting in too much effort in anything has the opposite effect.

For instance, back when the Yahoo breach happened, CEO Marissa Meyer did not inform users to reset their passwords. She was too concerned that this would “annoy” customers when instead, it could have protected them. Additionally, when the Equifax breach occurred, the company profited off of consumers by giving them the opportunity to freeze their report for a price. Before that, they told consumers that they’d get a year of free credit score reports if they waived their right to sue the company.

If you experience a breach, there are always going to be consumers who have something negative to say about it. But, as long as you follow protocol, the consumers that are loyal to you will appreciate your cooperation and not let the breach ruin the relationship they have with you.

 Not Owning Up to Your Role in Causing the Breach

Although we know a breach can happen to anyone, the truth of the matter is that most companies can prevent a breach – or, at least minimize the magnitude of that breach – if they really wanted to. It’s also important to recognize that many breaches are a result of human error within the company and not external threats. Company leaders who fail to come clean and give a public apology for the breach, regardless of whether or not they actually had a role in the matter, are causing more damage long-term.

So, bite your tongue, apologize, and make sure whoever or whatever is responsible for the breach is held accountable, only after you’ve said your “sorry.”

If you can avoid these mistakes after a breach occurs, you will be better off.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

secure holiday season
Nov 23

Are You Keeping Your Information Secure this Holiday Season?

By Hana LaRock | Cyber Scams , Security Best Practices

With Black Friday and Cyber Monday around the corner, as well as a whole month of holiday shopping, people are using their debit cards, credit cards, and other accounts — like Paypal — to make purchases. But, because of all the transactions being made via the Internet, companies need to work hard to make sure they’re keeping themselves and their customers secure. Hackers will be looking for every opportunity possible to get their hands on some valuable information. Remember, a data breach of any kind can cause you or your company long-term problems.

Do your best to prepare yourself and your company against these threats this holiday season.

Here’s how:

Make Sure Compliance Practices are Up to Date

The best way to make sure you protect yourself this season is by making sure your compliance practices are up to date. If you’re keeping up with compliance laws, then you’re significantly lowering your risk of experiencing a data breach. Speak with your managed service provider to ask them if you’re doing everything you’re supposed to be doing, and if there are any new threats you need to be aware of.

Stay Away from Public WiFi Networks

It’s a no-brainer that shopping online while you’re in a public place, connected to a public Wi-Fi network, can seriously put you at risk. This holiday, whether your company is buying from suppliers online, or you’re shopping online for friends and family, don’t make the mistake of shopping at a new place. Shop from the safety of your secured home or office network, so you don’t risk prying eyes stealing sensitive data.

Add Additional Security

Whenever there is the increased risk of threat, it doesn’t hurt to add additional security to combat that. This might be a good time to change some passwords, avoid logging in from other devices, and checking on who has access to what. Keep a sharp eye and make sure there’s no funny or phishy” business going on.

Don’t Trust Strange Links or URLs

If you’re browsing online and add things to your various online shopping carts, you can anticipate a lot of e-mails reminding you to complete your purchase. Hackers will use this as a way of getting into your network. What might seem like an obvious link leading back to your shopping cart, could be Malware waiting to be easily installed on your device.

Stay Up to Date on Your Bank Statement

Last but not least, this time a year is a good time to constantly check on your banking activity. With all the purchases being made, a hacker can use your credit card information to make small purchases without you even noticing. It goes without saying that you should pay attention to what you buy, and if you work at a company, what purchases are being made. This way, if you notice any inconsistencies, you’ll be able to address them quickly

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

password managing software
Nov 09

How Secure is Password Managing Software Like Dashlane?

By Hana LaRock | Security , Security Best Practices

Any individual or company who wants to follow best security practices understands how important it is to make sure any passwords used are strong and hard to break. In addition to that, people try to utilize two-factor authentication whenever possible and are starting to stray away from sites that don’t offer this. However, as people are taking their passwords more and more seriously, it’s getting more difficult to remember all those passwords.

Password managing software, like Dashlane, has helped to find a solution to the “forgot my password” problem. At first, many people are skeptical about using it, and we don’t blame them. With all your passwords stored in one location, doesn’t that make it riskier?

If you’re considering using a password managing software, it’s good to know what you’re getting yourself into. So, here are some basic facts and how we feel you should move forward.

How Do Password Managers Work?

Websites like Dashlane have a variety of different features that keep it secure. First of all, your master password doesn’t get stored on the servers. That master password is the only key to your closet of passwords. Beyond that, each individual password you have on there is encrypted, so if a hacker really wanted to know your information, they’d have to decode each one separately – and that would take a really long time. Therefore, there’s no possible way for all of the passwords you have stored to be decoded – at least, not all at once.

Additionally, companies like Dashlane use some of the most reliable servers, such as AWS, which scatters data in a lot of different places. This means that if you were to visualize where your passwords are sitting in cyberspace, they aren’t in a room that’s labeled “John’s Passwords.” They are split up with other users’ information, too.

Lastly, these companies are generally working with cybersecurity providers on a constant basis so that security is consistently being audited.

How Can I Be Absolutely Sure My Master Password is Safe?

Unlike other websites, your master password for a site like Dashlane is unique. As mentioned before, it’s not stored on their servers. There are no password hints given, and once you create a master password, it can’t be reset if you forget it. This is to keep tricky hackers out there from easily resetting your password so they can then have access to everything else. Of course, these password managers also ask you to create a very secure password using a combination of letters, numbers, symbols, etc. – and, generally, won’t approve your account until the password is strong enough.

Is it Worth It?

There are a lot of proactive individuals and companies needing to utilize password managing software but are worried that the consequences of a hack are much worse than if just one password happened to be revealed. That being said, it seems as though that these managers are doing everything in their power to keep your information as secure as possible.

Does that mean it could still get hacked? Well, these days, it’s not impossible. But, it seems very, very unlikely.

If you’re still hesitant, one of the best ways to keep your passwords safe is the old – fashioned way; in a notebook, locked in a safe. Still, it’s also important to practice safe password protocol, and if you do use a notebook, make sure absolutely nobody untrustworthy has access to it!

There’s no clear answer about how secure password managing software is, so, at the end of the day, it’s up to your discretion. And, best security practices are constantly changing, so just make sure you stay up to date.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

 

 

VPN
Oct 26

This is Why You Need a VPN – Even at Home

By Hana LaRock | Security , Security Best Practices

When people want to feel safe in their home, they take security very seriously. They move to a safe neighborhood, get some kind of security system set-up, and maybe even get an additional form of self-protection, whatever that may be.

But, in today’s world, there are other ways for bad people to infiltrate well beyond your household walls – and it’s all done through the Internet. Your Internet security is just as important as your physical home security, because you need to be protected from the dangers that lurk in cyberspace – as silly as that may sound.

One of the easiest and most effective ways to do this is by downloading a VPN on your network. It may seem as though a VPN is only necessary for businesses or people traveling abroad, but that’s not the case. If you use WiFi in your home, you’re just as much as a target as a major company – if not more.

Keep yourself safe, and consider utilizing a VPN for your remote access network.

What is a VPN?

VPN stands for “Virtual Private Network.” It’s a way to access the Internet through a private, secure connection, and it’s also a way to share information over the Internet while remaining protected. You could think of it as a firewall that protects you while you’re online, and stops hackers and viruses from getting in and taking your information.

If you need a little help visualizing how it works, it’s nice to think of a VPN as a “tunnel” – a tunnel that leads you right to where you’re intended destination is, without risking any detours, leaks, traffic jams, or accidents (hacks) along the way.

There are plenty of VPNs you can get for free online. However, some of those can slow down your connection and, in general, aren’t as useful or reliable as paid VPNs.

Why Everyone Should Use a VPN

Nowadays, people need to protect their business online just as much as they protect their physical, household possessions. The Internet can reveal a lot about an individual, and when that information gets into the wrong hands, you can find yourself in a lot of trouble.

As it is, people could be doing more to protect themselves online, like practicing better password strategies or staying away from harmful URLs. Adding a VPN is another layer of protection on top of all that.

Whether it’s to guard your private messaging conversations, hide your location from those who don’t need to know it, or even streaming your favorite TV shows at top speeds, everyone can find a good reason to use a VPN.

When and Where to Use a VPN

There are really no rules when it comes to when and where a VPN should be utilized. As we mentioned before, it certainly won’t hurt you to use a VPN at home when you’re accessing the Internet over WiFi. However, one could argue that a VPN is best utilized when you’re accessing a public WiFi network that is not trusted (perhaps at an airport or a cafe).

Additional Benefits of Using a VPN

One of the most important benefits of using a VPN is that you can do what you need to do online without having to worry. Whether you want to access your online banking, book a trip or make a purchase, apply for a mortgage, or stream a live event, a VPN lets you do all of this as safely as possible.

But, besides security reasons, using a VPN also has other benefits. For one, it helps you access certain websites from abroad, especially if those sites are unavailable in your location. For instance, if you’re traveling in a country where a website like Paypal or an app like Venmo isn’t yet available, a VPN can help you access it without any issues.

So, based on all this information, why NOT get a VPN?!

Want to go with the most trusted VPN out there? Then take a look at ExpressVPN!

disaster recovery
Oct 19

Is Your IT-Team Prepared for Disaster Recovery? Ask Them These Questions to Find Out

By Hana LaRock | IT Best Practices

When it comes to managing your company’s data and cybersecurity, there are a lot of different people involved. Whether your outsourced CIO is making the decisions or your company leader is calling the shots, the IT team needs to be in the loop of what’s going on. And, although your IT team should never be substituted for an unbiased, outsourced professional, they are the ones staying on top of the systems from day to day so that business can run smoothly.

Therefore, if your IT team isn’t prepared for a disaster if and when it strikes, your business is going to suffer. If you want to make sure they’re ready, then hold a meeting and ask these questions:

“Where Exactly is the Data Being Stored?”

As a business, every single piece of data you have now or have collected over the years has played an important role in the growth of your business. It could be archives of your various web designs or brand logos, an extensive email list of your customers and leads, or even the sensitive information belonging to your clients.

So, with all that in mind, where is this information being stored? Can your IT team tell you exactly where it is on your network? How secure it is? Is it encrypted? Who has access? Where the servers are located, etc.?

“Do We have a Disaster Recovery Process and Procedure Documented?”

Unfortunately, no company is invincible to cyber attacks. They can happen any business, no matter how big or how small. That being said, you shouldn’t have any reason to worry — as long as your whole team has a specific protocol to follow. If a cyber attack or blackout does occur, the entire IT team should have a clear document outlining the process and procedure to reach recovery and get back up and running again, without losing any data. These procedures should be in print, of course, and easily accessible in the case of an emergency. Also, as a C-level leader,  it’s important to make sure any new staff you hire is aware of these procedures right from their first day

“Do We Frequently Test Restorations?”

There’s no question that companies should be backing up their data as frequently as possible. But, don’t assume that just because you think it’s being backed up, it actually is being backed up. Sometimes, there are problems with the hardware or someone just forgets to click a button. Whatever it is, these back-ups need to be checked consistently and disaster recovery restorations need to be tested on a regular basis. IT teams don’t want to catch a mistake in the disaster recovery process in real-time; better to do a few drills and know the system is ready to go.

“How Far Can We Go Back if It’s Urgent to Retrieve Data?”

This is a big question that might not be the first thing C-levels think of. But, here’s why it’s important. In general, we know how to restore important information — or, rather, what we think is important at the time.

Think about it.

If you were asked to pick out the five most crucial pieces of data that if lost, would pose a huge threat to your business, you could probably think of them very quickly. But, if the time actually comes when your company is a victim of a cyber attack or power outage, you might realize right then and there that you forgot to add something to that list. Something so important, but didn’t occur to you because the last time you checked the file was more than a year ago.

You don’t necessarily need to think about those items now. But, what you do need to think about is asking your IT team how far back they can retrieve data if the worst case scenario happens.

“In the Case of a Natural Disaster or Outage, How Long Until You’re Up and Running Again?”

And, last but not least, there are disasters that happen and they aren’t due to any hacker or any human errors. It’s simply Mother Nature. The power goes out. A local computer burns out. A snowstorm is coming. Any of these things can happen, and it can sometimes put business to a complete halt. Therefore, you need to know how long it will take your IT team to get things up and running again. And, if it might take a while, be aware of how much each minute down can cost your business.

You have the right to know your IT team is prepared. As long as they can answer these questions without hesitation, your business should be in good shape for a disaster recovery.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Oct 10

How Cybersecurity Can Be Used for Client Acquisition

By Hana LaRock | CEO Best Practices

By now, most business leaders are well aware of how important it is to practice cybersecurity in their company. Companies who don’t implement strong and consistent security strategies are putting themselves at a huge risk. The slightest breach can leak your most sensitive information and the information of your customers. Depending on what kind of business you’re running, failing to follow cybersecurity compliance laws can give you much more trouble than just losing the trust of your customers; although that’s, of course, enough of a reason to make it a top priority.

But, if that alone isn’t quite enough incentive to convince you of the need for cybersecurity, what if we told you that investing in it could seriously increase your client acquisition? Would you reconsider it then?

Here are a few of the ways that using cybersecurity can help you actually bring in more leads:

Hacks are Becoming More Prevalent, and Businesses are Vulnerable

As technology has become more advanced, so have the types of hacks we see and the frequency of them occurring. Whether it’s ransomware, malware, a phishing scam, or any other type of hack, there are so many ways it can be executed. If businesses aren’t staying on top of what’s out there and how to take preventative actions against hackers, the potential results could be devastating. The more developed hackers become with their methods, the more vulnerable businesses become, since it’s not really possible to know everything that’s out there. That being said, businesses who are trying their absolute best to combat these hackers are going to be seen as more reliable. This in itself can lead to more customers.

Consumers Don’t Know All the Different Ways a Hack Can Be Disguised

As much as you don’t know all the kind of hacks that are out there (which is why, of course, you hire a CIO to help you), your clients may know even less. For example, if they see an email that looks like it came from your business, but it’s actually a hack, they might not think twice before clicking on it. If you take the time as a company to really be proactive about your cybersecurity, stay on top of anything fishy that’s happening, and keep your prospective clients in the loop, they’ll love to join you.

Proof of Cybersecurity = Trust

These days, the average consumer knows about the risk of companies getting hacked and their information getting exposed to people it doesn’t belong to. Even the most well-known companies: Yahoo!, Bank of America, and most recently Equifax, have fallen victim to significant cybersecurity breaches. Whether you were personally a victim or not, it will definitely make you think twice before signing up to use the services provided by any of these companies.

If you have a good history of solid security and can ensure your customers that you’re taking as many precautions as possible to protect them, they are going to be more inclined to do business with your company over a similar competitor that’s not putting as much attention on their cybersecurity situation. As you can see, cybersecurity leads to trust with your potential clients.

Any company is more likely to gain more clients if they are attentive to their cybersecurity and transparent with their current and potential clients about what they offer. Of course, if you hire a managed service provider who acts as your CIO, you’re going to have a much easier time with this.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Sep 19

Cyber Security Compliance is Nothing Without Measurement

By Hana LaRock | IT Best Practices , Managed Services , Security Best Practices

These days, companies need to do whatever they can to make sure their business is cyber security compliant. Being compliant means your company is following certain practices to protect your customers, your network, and most importantly, yourself.

A CIO’s main responsibility is to implement the right cyber security measures for your company. But, another part of their job is guiding you to make the right decisions for your company thereafter. So, here’s how we can all do a better job of taking cyber security just another step further:

Compliance is Important, But It’s Not the Only Factor

One of the main reasons businesses invest in the services of a CIO to begin with is because it’s imperative that they are cyber security compliant. However, many CIOs are only keeping this in mind when setting up the right security infrastructure, and unfortunately, that’s not going to help a business in the long run. All security decisions need to be made with the business mindset, because if the actual risk can’t be understood or evaluated from a business point of view, why would any company leader take interest?

Businesses Should Be Involved in Making Cyber Security Decisions from the Start

Although your CIO is the primary decision maker when it comes to cyber security, it’s likely that they are working with many businesses at once. The needs of your business may be very different from the needs of another, and you want to be absolutely sure that your needs are constantly being kept in mind. Therefore, the best way to go about this is by being involved in cyber security decisions from the start. Be proactive in keeping the conversation open and make sure you’re present when those big decisions are being made. Your CIO is allowed to guide you in making these decisions and they should. After all, one of the reasons you’re hiring them in the first place is because you’re not quite equipped to do these things on your own.

There Should Always Be Consistent Measurement and Evaluation by Businesses

Once a decision has been made, it’s important to recognize that it won’t be the last. Cyber security is an ongoing process, and it’s both your job and the CIO’s job to stay involved at all times. And, once a decision is implemented, the impact of that decision should be consistently monitored, measured, and evaluated for future purpose. This is really to say, can you be certain that your cyber security system has worked, or is it time for a new solution?

Make Sure Your CISO Has a Good Reporting Record

It goes without saying that the Chief Information Securiry Officer (CISO) that your company is working with should have a great track record. The IFS, or Information Security Forum, has reported that many of these CIOs aren’t doing their job when it comes to reporting their findings of KPIs (Key Peformance Indicators) and KRIs (Key Risk Indicators) to their clients. This goes back to a previous point: that decisions need to be made from a business — your business’ — point of view. Of all the things to consider when hiring a CIO, this is a question you don’t want to leave out.

There are many steps to making sure your business is paying the utmost attention to its security situation. Is your CIO helping you be part of the process?

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

human error
Sep 05

Are Your Employees Hiding the Truth About Your Recent Security Breach?

By Hana LaRock | CEO Best Practices , IT Outsourcing , Security , Security Best Practices

Though company leaders would like to believe that their own employees wouldn’t do anything to put the company’s security at risk, sometimes, these employees are actually the most likely suspects. Though we tend to think data breaches are only caused by malicious hackers, usually, those aren’t the people you need to worry about. That’s because most of the potential problems are being caused by the people sitting right in front of you every day.

So, are your employees ignoring security measures deliberately? Probably not. But, they could be avoiding telling you about a cyber-security incident, that could ultimately result in a major loss for your company.

So, if it’s just a little mistake, why are these employees not saying anything? And, as a leader of your company, how can you get them to speak up so you can stop the problem in its tracks?

 5 Reasons Employees are Causing Data Breaches and Not Saying Anything

Typically, one of the biggest reasons an employee won’t tell you about a data breach is the same reason no human likes to admit he or she is wrong. After all, why bring attention to something when it might not be a big deal after all? This mentality, along with other things, is putting companies at major risk, resulting in huge losses that could have otherwise been avoided.

Besides that, there are other reasons why employees don’t say anything.

1) They’re scared of losing their job.

These days, companies have strict rules in place when it comes to their employees correctly managing the equipment. If employees are held accountable for a data breach, it’s certainly not the kind of news an employer wants to hear. Therefore, employees are under a lot of pressure and thus afraid of losing their job if they put the blame on themselves.

2) Policies are too loose and employees are taking advantage.

If your company has a BYOD policy or you have a lot of remote workers accessing the system from all over the world, you’re already at risk. If that device is not solely for work and thus lacks the proper security on it, you’re at risk of a data breach whenever that person uses their device at home, at a cafe, or while traveling. Don’t let your employees take advantage of your leniency, because once a BYOD policy is implemented, it’s very difficult to supervise.

3) They were uninformed or unaware that they even did something.

Perhaps an employee made a security error, but they didn’t even know they did. With technology being so advanced, even the best and most skilled employees may not be too read up in the IT department. In many cases when there’s a data breach, it’s very likely the person who is at fault isn’t even aware that they are. All employees need to have basic knowledge when it comes to protecting your company’s security.

4) They were actually careless.

While in most instances we want to believe that a potential cyber breach was really just an accident, we know that’s not always the case. There are employees who don’t follow guidelines and are quite careless. And, if that is what happened, that’s not something an employee is going to be so willing to admit.

5) They were doing it intentionally.

It’s hard to trust any one 100%, and when that one untrustworthy person has access to your company’s most sensitive data, there’s always a chance that you’ll receive an unfortunate surprise; that someone you hired has been intentionally stealing your company’s data or hacking your systems to their own benefit. As scary and unlikely as this may seem, it has happened before, and will continue to happen if employers aren’t more diligent.

How to Prevent Employees from Causing Serious Breaches

The first step in making sure your employees don’t cause a data breach is by screening employees before they start working for your company. It may seem obvious, but you don’t want any suspected hackers slipping through the cracks.

If your employees are all deemed trustworthy but you still want to prevent them from accidentally causing a breach, start by implementing strict security standards in the office. Make sure new employees are aware of how to use the systems securely and update current staff regularly. Secondly, make sure your employees feel comfortable letting you know that they may have made some kind of error. If they feel worried about losing their job, they aren’t going to be willing to talk. But, encouraging them to speak up and assuring them that it’s the right thing to do, will save your company from any serious breaches and leave your employees feeling secure in their job.

Additionally, it’s your job as a company leader to make sure you implement specific instructions given to you from your outsourced CIO. For example, if your CIO strongly advises you against using a BYOD policy, then listen. Most of all, make sure your CIO is doing their job of keeping your company’s security safe above everything else, and it will be much easier to prevent problems from happening altogether.

Don’t have time to worry about your employees making an expensive mistake? Your CIO will take care of that.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

passwords
Aug 17

You Can’t Protect Your Network Without Knowing This About Passwords

By Hana LaRock | CEO Best Practices , Security , Security Best Practices

When it comes to protecting a network from data breaches, there are many things a company can do to help secure themselves as best as possible. But, most of the time, it’s not what companies are doing, but what they’re not doing correctly that puts them at risk.

One of the most basic yet most important things that companies need to pay attention to is their passwords. There have been many reports over the years on what qualifies as a “good password.” However, according to recent reports, it seems that what we think we know about passwords is very, very wrong.

If company leaders don’t stay up to date on the latest security news, then they could be making big mistakes in their overall Internet security plan.

So, here’s the advice you need to update your passwords and upgrade your security.

Complicated Passwords are Hard for Humans, Easy for Computers

For a long time, the creator of the NIST Memo back in 2003, Bill Burr, suggested that the best passwords were those that used a combination of letters, numbers, and symbols. He also encouraged users to make passwords that were not obvious keywords in their lives, but maybe used the first letter of each word from their favorite quote.

This is why, nowadays, when you create a password, you’re asked to write a password that falls between 8-12 characters and includes different letter cases, numbers, and symbols.

Well, that’s a lot to remember. And, when we’re also encouraged to keep changing out passwords frequently, we forget. After all, how many times have you forgotten a password?

See, we might try our best to re-create fancy passwords every other month. But, the fact of the matter is, hackers using the right technology are able to figure out those kinds of passwords easily. In fact, it wouldn’t be a surprise if A.I. could guess your password faster than you can remember it.

So, what’s the new solution?

Longer Passwords

That’s right, folks. According to new reports, the current methods you’re using to create passwords aren’t exactly helping you stay secure. If you really want to protect your network, you should continue to be vigilant. Use two-step notifications, use different passwords for each of your programs, and make your passwords longer. Computers are less likely to guess longer passwords than the type of passwords we’ve been encouraged to use for years.

Only One Problem

Making longer passwords is no problem, right? Wrong. Because of what we know to be the “best” way to guard ourselves against hackers, most websites don’t even give you the option of creating longer passwords. As with most things, the status quo takes time to catch up to what we actually know to be true. Therefore, it might be quite a while before you’re even allowed to create longer passwords, and by then, maybe we won’t be using passwords much at all anymore.

So, How Can I Help My Company Stay Secure?

When you have the opportunity to create a longer password, go for it! But, in the meantime, you’ll have to continue to practice tight security measures for your company’s network. One way to do this is of course by staying on top of the news. See what current threats are out there, and what experts are saying you can do to protect yourself further.

And, speaking of experts, you don’t need to go at this alone. All the conversation surrounding appropriate security measures can be rather overwhelming. To combat it, seek the help of an outsourced expert in cyber security and risk management. This way, you can always be sure you’re doing everything you can to take your company’s network security seriously; whether that’s creating the right password or implementing other smart security tactics along the way.

Technology
Aug 07

Always Get Your Technology Approved Before Implementing It

By Hana LaRock | CEO Best Practices

Businesses who want to be successful need to find ways to incorporate technology into their offices. The right technology can help your business grow and aid in getting work done more efficiently. Why technology certainly has a lot of benefits, it takes a professional to know which technology is right for your business, and how to properly implement it. After all, if it’s not handled with care, your company could be at risk for a data breach or network slowdowns. Having an unbiased professional, typically an outsourced CIO, can help you make the right decisions regarding the technology you’ll want to use.

Get the Right Connections

Part of having the right technology is knowing where to find it. Technology is ever-changing, and you don’t want to be stuck with something that’s outdated or essentially useless for your business. Therefore, it’s important you have good connections. Knowing excellent IT providers can help guarantee you are working with only the best products out there. Don’t know any IT providers yourself? Luckily, an outsourced CIO probably does.

No Need to Rely Solely on Your IT Department

Your IT department (or your IT guy) have important roles at your company, there’s no doubt about that. But, their roles are also very specific, and the more things you expect out of them, the more you might complicate things. Officially, an IT departments’ role is to design, maintain, and support an organization’s information technology infrastructure. But, before anything can be maintained and supported, it needs to be discovered and implemented. This is where a CIO comes in.

Don’t Miss Out on the Best Technology

Even if you’re well read up on what’s out there and what’s the best solution for your company, no one expects you to be the expert in everything. You’re busy running your company, and you can’t waste any time worrying about things that aren’t really under your jurisdiction. An outsourced CIO knows what’s out there, what’s coming, and what’s a good match for your business.

Always Have an Expert Keeping an Eye on Things

While your IT team will certainly be occupied managing that technology, such complex software and products require a lot of human support. And, because a majority of data breaches can occur because of human error within the office, it doesn’t hurt to have an extra hand. Especially from someone who’s not working internally. Not only should you get your technology approved by an unbiased CIO before deciding on it, you should have it reviewed by this same professional for the long run.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

1 2 3 5