Category Archives for "Managed Services"

Sep 19

Cyber Security Compliance is Nothing Without Measurement

By Hana LaRock | IT Best Practices , Managed Services , Security Best Practices

These days, companies need to do whatever they can to make sure their business is cyber security compliant. Being compliant means your company is following certain practices to protect your customers, your network, and most importantly, yourself.

A CIO’s main responsibility is to implement the right cyber security measures for your company. But, another part of their job is guiding you to make the right decisions for your company thereafter. So, here’s how we can all do a better job of taking cyber security just another step further:

Compliance is Important, But It’s Not the Only Factor

One of the main reasons businesses invest in the services of a CIO to begin with is because it’s imperative that they are cyber security compliant. However, many CIOs are only keeping this in mind when setting up the right security infrastructure, and unfortunately, that’s not going to help a business in the long run. All security decisions need to be made with the business mindset, because if the actual risk can’t be understood or evaluated from a business point of view, why would any company leader take interest?

Businesses Should Be Involved in Making Cyber Security Decisions from the Start

Although your CIO is the primary decision maker when it comes to cyber security, it’s likely that they are working with many businesses at once. The needs of your business may be very different from the needs of another, and you want to be absolutely sure that your needs are constantly being kept in mind. Therefore, the best way to go about this is by being involved in cyber security decisions from the start. Be proactive in keeping the conversation open and make sure you’re present when those big decisions are being made. Your CIO is allowed to guide you in making these decisions and they should. After all, one of the reasons you’re hiring them in the first place is because you’re not quite equipped to do these things on your own.

There Should Always Be Consistent Measurement and Evaluation by Businesses

Once a decision has been made, it’s important to recognize that it won’t be the last. Cyber security is an ongoing process, and it’s both your job and the CIO’s job to stay involved at all times. And, once a decision is implemented, the impact of that decision should be consistently monitored, measured, and evaluated for future purpose. This is really to say, can you be certain that your cyber security system has worked, or is it time for a new solution?

Make Sure Your CISO Has a Good Reporting Record

It goes without saying that the Chief Information Securiry Officer (CISO) that your company is working with should have a great track record. The IFS, or Information Security Forum, has reported that many of these CIOs aren’t doing their job when it comes to reporting their findings of KPIs (Key Peformance Indicators) and KRIs (Key Risk Indicators) to their clients. This goes back to a previous point: that decisions need to be made from a business — your business’ — point of view. Of all the things to consider when hiring a CIO, this is a question you don’t want to leave out.

There are many steps to making sure your business is paying the utmost attention to its security situation. Is your CIO helping you be part of the process?

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

CIO
Jul 24

The Role a CIO Can Play for Your Company and Why You Should Hire One Now

By Hana LaRock | CEO Best Practices , IT Best Practices , IT Outsourcing , Managed Services , Security , Security Best Practices

Technology has taken over the business world. Ever since we’ve become more reliant on technology, we’ve been seeing new jobs added to companies to help maintain it all. And, when it comes to that technology, those who will be managing it on your company’s behalf need to have the appropriate skills and expertise to do their job correctly.

You may already have an IT team, or maybe even a CTO. But, you as the CEO need to make sure the right decisions are being made for your company at all times (and at all costs). So, isn’t it about time to outsource a chief information officer?

Why You Need a CIO

While all roles in a company are unique and important, a CIO does a number of tasks that bridge all those roles together. Ultimately, the CIO is responsible for making sure technology is properly integrated throughout the company so that operations can run smoothly. He or she has the final say on how technology is managed so that the business can keep moving forward without any hold ups.

Why Outsourcing is Important

One of the biggest questions that comes up when a company integrates technology into their everyday tasks is the issue of cyber security. Though there are many ways in which a system could potentially be hacked from outside intruders, human error is still one of the main causes of breaches that we commonly see today. Certain protocols need to be followed in order to guarantee a network’s safety. To eliminate any risks of vulnerability or conflicts among high-level decision makers, a CEO should consider outsourcing their CIO. This way, any decisions that are made are unbiased and are therefore solely for the best interest of the company.

Also, don’t forget that one of the perks of hiring any type of managed service means that you have more time to run your business. Any worries you may have will now be dealt with by that service provider.

When is the Best Time To Hire a CIO? 

Most company leaders may think it’s best to wait until a company reaches a certain level before hiring a CIO. Perhaps when a certain number of sales have been made or a certain number of followers has been reached. But, it may be that it’s time to get one sooner than later if you’re noticing some inconsistencies at your company. This could involve anything from repetitive inefficiency, seeing your network has become vulnerable to attacks, disagreements among executives, or too many tasks being handled by a small staff. Whether it’s one of these reasons, a combination of these reasons, or you just feel the need to extend such an important role to someone else, then it might be time to hire a CIO.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

software development background
Jun 26

Does Your Cyber Security Consultant Have the Right Expertise?

By Hana LaRock | CEO Best Practices , Managed Services , Security

When it comes to cyber security, there are a lot of things one needs to know. Ultimately, business leaders choose to invest in the help of a cyber security consultant in order to make sure their network is properly managed by an expert. But, even if your consultant claims to be an ‘expert’ in cyber security, you need to ask yourself, “Do they have the right expertise?”  Often times, it’s not about what this professional has on their list of credentials; it’s about what they don’t have. And, what they don’t have could prove to be very bad news for your security situation.

What’s Their Background When It Comes to Internet Technology?

When you look for your cyber security consultant, it might be overwhelming to see everything they have to offer you. Just like when you buy a new TV or look through a brochure, you see all the beautiful advertising. If it’s done nicely, you would never really ask yourself, “Well, what does this not have?” or “What is it missing?”

Most cyber security professionals will have an IT background, which seems like that should be a given. However, an IT background isn’t all you should be looking for. After all, if that’s all they have, then why not just consult your IT department? Surely, they have all it takes to clean up a security problem, right?

Wrong. Most business leaders know that their IT team has other responsibilities, and not quite the right experience when it comes to specifically handling security concerns. This is why CEOs seek the help of a professional cyber security consultant in the first place.

So, what is it you want to be looking for in your cyber security professional?

Clearly Defined Software Development Expertise

While an IT background is certainly necessary, you want to make sure the consultant you’re looking into working with actually has a software development background.

The biggest reason for this is because hackers generally do their work by using scripts as their main tool to cause damage on the networks of unsuspecting targets. To even recognize something like this, a cyber security professional would have to have experience in software development. But, in addition to being able to recognize this kind of hack, you also want someone who could make sure YOUR software is protected, to begin with. They know exactly what to look out for and are read up all the different types of breaches that exist.

A person with solely IT experience probably won’t be able to see this as well as someone with a software development background.

Generally, although most cyber security consultants with software development experience also have a good IT foundation, those with solid IT experience can’t really say the same for themselves. Again, it’s not about what your potential cyber security has; it’s about what they’re perhaps lacking and how that could impact the quality of their service to you.

The Bottom Line

An avid cyber security approach is important for financial companies that collect the information of their clients or have their own data to store and protect. While there are a lot of great consultants and managed services out there, take your time choosing the one that’s best for your company. And, do yourself a favor and make sure they have experience in both software development and IT. Otherwise, you aren’t really getting what you’re paying for.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

network's security
Jun 20

Do You Have Enough Eyes Looking Out for Your Network’s Security?

By Hana LaRock | Managed Services , Security

When it comes to companies protecting their network from hackers, most business leaders know what to do. Once a company has made the decision to utilize services of a third party in regard to their security, they’ve already made a move in the right direction.

But, how do you know you’re using the right cyber security service for your company? And, does the service you’re using possess the expertise, resources, and manpower to continuously monitor your network? It’s not just about outsourcing your cyber security, although that much is important. Ultimately, it’s about asking yourself whether or not there are enough eyes on your network to make sure your security situation is stable at all times.

Why You Need to Analyze Your Own Business Before Seeking Help

Just because you define your business as a small business, doesn’t mean your need for cyber-security is any less than anyone else’s. In fact, small businesses can actually be more of a target for cyber criminals, as most of the time, hackers assume you’re not taking proper precautions and your network is thus that much easier to hack. 

This means that you need to up your cyber security game as much as possible. Since you can be considered the low-hanging fruit for hackers, you need to be extra cautious of your network’s security, especially when you operate in the financial industry. As a small business, you’re vulnerable in a lot of ways; one of those ways being the reputation you have amongst your customers. When you’re small or just starting out, your customers’ expectations of you are that much higher. If you have a security breach, you may find yourself back at square one with your business.

Therefore, before you seek assistance from a third party managed service provider, have a general idea of what’s important to you security-wise. Even if you don’t know a lot, knowing what your business’ demands are and the value of what you need to protect, is enough to guide you in the right direction.

One Pair of Eyes is Never Enough

Before the technology era, how did people protect their businesses? Think about it. They locked and chained their doors. They installed alarms. They added security cameras. Many hired security guards to keep watch overnight. Already, that’s a lot of eyes watching that business.

In the Internet age, the concept is much the same. However, hackers don’t have to dress up in black and plan a heist to break in; it’s often much easier to breach your network. And, since a lot of security breaches can happen because of human error, it’s so important you have enough people looking out for you.

When someone writes a book, they have editors read over their work again and again. Don’t you want your network treated better than a bestseller? We think so. That alone is enough incentive to make sure there are enough eyes on your network. Therefore, when you seek out a company to take care of your cyber-security, figure out what their staff numbers look like and how many people will be on your case.

But, It’s Not Just About Eyes

When you’re working in the financial industry, you have a lot of responsibility when it comes to your customers. If you’re collecting sensitive information from your clients, such as credit card numbers, SSNs and home addresses, the stakes are higher for you than other companies. That means it’s not just about HOW MANY people are monitoring your network, but HOW they are monitoring it (and how often).

Before you buy the services of a third party provider, read their testimonials. See what they offer, what their guarantees are, and read up to make sure they haven’t made headlines for anything negative.

This is YOUR company and it’s your priority. Is your managed service provider making your security their priority? You better hope so. 

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

auditors
Jun 06

Three Categories Regulators Expect Your Risk Assessment To Fall Under

By Hana LaRock | CEO Best Practices , Managed Services , Security

Up until now, when auditors and regulators of cyber-security came to companies, most of the time they would just ask to see whether an assessment was done. It was even less likely that they would have asked the details of that assessment. But, now, that’s starting to change.

Some companies these days have gotten into trouble with auditors and regulators because even though they had done an assessment, the assessment was either not as comprehensive as it should have been or the company didn’t act on the risks that the assessment reported.

If you want to make sure your risk assessment is done correctly, then you must make sure it falls under one of these three categories:

1) Standardized:

There are many different kinds of risk assessments out there, and what you use will depend on a lot of factors. First of all, it depends on what kind of business you’re in and how much a hack could affect the lives of your customers and employees. Of course, there are some businesses that are held up to higher standards than others when it comes to an auditor’s discretion. That being said, you should always set the security bar high for yourself no matter what, this way you know you’ll be safe.

Whatever route you decide to go with your risk assessment, you should ask the organization that’s doing it whether or not the test they choose to perform is standardized; meaning if the test were repeated again at your business or another, it would produce (more or less) the same results. At the very least, the assessment should yield the same, specific kind of information across the board.

2) Relevant:

As mentioned before, a test that’s done for one company may not work for another. If your third-party is running the same assessment on your small e-commerce site that’s it’s doing on a multi-million dollar health insurance company, that could very well be a red flag.

Some of the assessments you may have heard of include, but are not limited to, FAIR, OCTAVE, FMEA, etc. Some fall into the category of qualitative assessments, while others fall into the category of quantitative. This means that some assessments will look at data and other factors over a long period of time, while others are simply based on an expert’s opinion. The results of these assessments can be expressed in different ways, usually referring to the various direct or indirect costs.

When the assessment is done, it should be able to answer key questions that are relative to your business. What vulnerabilities do you have in your system? What could be causing the threat? What kind of damage are you looking at if these threats take hold? And, of course, how to fix it.

3) Explicit:

So, if auditors and regulators are starting to ask more questions, don’t you want to be ready with more answers? If you happen to have an auditor come knocking on your door that wants to know much more than whether or not you’ve simply done on an assessment, then you need to be prepared. What we’re trying to say is, your assessment shouldn’t merely report the date you had it done, when you’re due for a next one, and by whom was it administered.

Instead, your assessment needs to have explicit information and data on it that will be satisfactory to the potential auditor. If you want to get a heads up about what an auditor might look for, speak to the organization that will be conducting your assessment.

Remember, even if you go through all this work to have the right assessment done for your company in the eyes of the auditors, it won’t mean much if you’ve left that assessment report in a pile of papers on your desk. In addition to making sure your assessment falls into one of these three categories, you also need to address anything that assessment uncovers; immediately. Also, make sure you continue to get assessments done regularly in order to stay on top of your security.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Apr 18

Here’s a Secret: How To Save on Your Cyber Insurance Premium

By Hana LaRock | CEO Best Practices , IT Best Practices , Managed Services , Security

For company leaders that are already investing in cyber security, you don’t need a reminder of why it’s so important. You’re probably well aware of the seriousness and frequencies of data breaches these days, and you, therefore, want to make sure you’re protected at all costs. But, for those who still haven’t taken that budget leap, know that a cyber insurance plan can help offset major costs associated with any type of data breach.

Is that still not enough of a reason to allocate your budget to insurance? Then consider this. What if you could save money on your cyber insurance premium, just by being proactive? Would that be enough to push you to make the right decision for your company?

We’ll tell you more:

The Costs of Cyber Insurance

Cyber insurance isn’t cheap per se, but it can be affordable. And, when you consider how much it would cost to make “repairs” after a data breach, (often thousands upon thousands of dollars, depending on the size of your company and the extent of the damage) it’s definitely worth the price.

Like any other type of insurance, you pay a premium every month, and you can be covered for A LOT. This can be anything from privacy liability to lawyers, plaintiff lawsuits, forensic investigations, PR, penalties and fines, etc. Does that sound expensive already? We’re only scratching the surface. But, what if you could clear all the anxiety about the “what ifs” just by paying a premium every month?

Cyber insurance policies can be customized to your needs. You can go based on the size of your company, what industry you’re in, and ultimately what the stakes would be. No two policies are the same. Some premiums can be as low as $1,000 per year, while others can be as high as $50,000. But, don’t worry. It’s typical that the premium you pay is relative to what your company earns.

Still, that’s a lot of money, especially for a start-up. 

This is usually the biggest factor that deters people from taking out cyber insurance in the first place. They just don’t see that it makes sense to add something onto the budget that hasn’t even happened yet.

IT companies who specialize in cyber security understand this. So, we’ll let you in on a little secret. One that only professionals know about.

You can actually save a huge amount of money on your policy premium if you just take a few steps, first. We’re talking around 60%. Here’s how:

How to Save on Your Cyber Insurance Premium

For company leaders like you who understand the importance of cyber security, but still want to save, there’s a way to have the best of both worlds.

All you have to do is be proactive. How do you do that? It’s easy. Get yourself a network assessment from an unbiased third-party. These professionals will analyze and evaluate your system for any vulnerabilities. If they find something that makes your security weaker than it should be, they’ll let you know and fix it up for you. Then, they’ll issue you a document proving you’ve done the assessment. This document will say that you’ve taken all the precautions you can on your end to make sure your system is as secure as possible.

Of course, even if you take those steps, hackers can still find a way in. That’s why it’s important to have cyber insurance, so you’re covered no matter what. However, we can understand how frustrating it can be to spend money on an assessment that’s supposed to clear you, but then having to spend more money on insurance, anyway.

So, here’s how you save. Just bring that assessment to wherever you’re purchasing your cyber insurance plan from. Show them the measures you’ve taken (again, all explained in that assessment overview). More often than not, you can get a huge discount on your policy premium just with that paper. If they’re not eager to offer you that discount, then tell them what you now know!

After all, the law favors those who make an effort from the get go. Also, the more you do now will be less for the insurance provider to have to worry about when they cover you.

We want to help you save money on your cyber insurance premium. To get you started, take our RiskAware™ Cyber Security Scan & Report.

Nov 11

Here’s Why Those Service Level Agreements Are Important

By Hana LaRock | CEO Best Practices , IT Best Practices , Managed Services

When it comes to contracts in the digital world, there are none quite as important as service level agreements, or SLAs. Service level agreements are the agreements outlined between a service provider and the user. It discusses what the user expects to receive from the service provider, and in turn, what the service provider will provide to the user. A strong SLA should erase any gray areas between the user and the service provider, clearly outlining what the relationship entails.

You do have a say in your SLA

Though the service provider should be the one to present the service level agreement, as the user, you do have a say in what you want it to include. If there’s an aspect of the job that you want to be covered but the service provider didn’t mention in the SLA, you can have them add it in. An SLA is certainly not one-sided.

An SLA provides targets for measuring performance

Whichever sector the service provider is in will determine the type of contractual agreements that are laid out in the SLA. Whether a service provider is providing an internet service, managed services, cyber security, of a combination of these services, the service level agreement should have observable and measurable objectives that are obtainable. If you, as the user, want to be clear about what you’re paying your service provider for, take a look at that SLA.

It explicitly outlines the “what happens when…?”

A good SLA should answer all the questions you didn’t know you had or perhaps the ones you don’t want to ask. Even if we trust our service providers to give us what they say they will, we still want to know “what happens when…” The SLA makes things more transparent, so you can be confident in your decision.

An SLA encourages responsibility and protection for both parties

Anytime we invest money as a user, we need to make sure we’re protected. Likewise, a service provider needs to look out for themselves, too. So, while an SLA can protect you from losing any money, it also protects the service provider from being held responsible for something that may not be their fault. Why would either party want to take a risk?

They can be continuously reviewed and updated

As technology continues to grow and more companies are moving over to the cloud, there’s no predicting what the cyber world holds for us in five years, or even one year, from now. The good news is, an SLA isn’t technically set in stone. While nothing should be changed without both parties’ consent, there is always the opportunity to sit down together and adjust the terms as things may change.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Sep 26

Will You Be Prepared When a Downtime Event Strikes? [CHART]

By Scott Smeester | CEO Best Practices , Infected Computer , Leveraging the Cloud , Managed Services , Ransomware , Security

Did you know that 50% of small- and medium-sized businesses (SMBs) have no backup or disaster recovery plan in place? With all the risks that come with severe data loss and extended downtime, it’s surprising that IT decision makers aren’t doing more to safeguard their business.

SMBs should not have to experience downtime if they simply implement a business disaster and recovery solution before downtime occurs, so that they can restore essential data quickly and painlessly, and resume normal business operations. Consider CloudEndure’s 2016 Disaster Recovery Survey.

will-you-be-prepared-when-a-downtime-event-strikes

Here are four things to know about downtime:

  1. Downtime can happen more often than you think. This chart shows that 57 percent of companies have experienced a downtime event within the past three months or earlier! With a reliable backup and disaster recovery (BDR) solution in place, you can mitigate the damage when problems do arise. Make sure your BDR is able to provide a quick recovery and optimal recovery point, with troubleshooting on the issues to prevent them from occurring again.
  2. Not only does downtime happen more frequently than you think, it’s also one of the biggest IT expenses a business can face.
  3. A well-known fact of modern business is that backups fail – and when they do, you are unable to access any file changes or data created after the last successful backup. That can be very problematic for your business, especially if you rely on critical data in your daily operations. Your BDR solution needs to be backed by round-the-clock support. As such, you need regular backups – and verify their viability through backup tests – as frequently as your business or organization demands. As a result, you can focus on growing your business without worrying if you’ll be able to access critical files, or if you’ll have data in its most recent form.
  4. Only 6 percent of businesses have never experienced a downtime event. As a business owner, you don’t necessarily have time to worry about when downtime will strike or the safety of your network – nor should you have to. That’s why you should seek 24x7x365 support for complete peace of mind with a reliable BDR solution. Get business continuity solution to act as your safety net so that if you’re a part of the 94 percent who do experience downtime, you won’t have to worry about it having negative, long-term effects on your business.

How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Aug 26

Can Managed Services Bridge the IT Skills Gap?

By Scott Smeester | CEO Best Practices , IT Outsourcing , Managed Services , Security

The IT skills gap phenomenon isn’t a new concept, but it has become increasingly evident in the past several years. Most small- and medium-sized businesses (SMBs) have the same IT needs as larger organizations, but unfortunately lack the necessary internal bandwidth and resources. With new IT rules being written every day, complicated by the internet of Things (IoT) and an increasingly mobile workforce, IT professionals need to stay up-to-date and receive the latest certifications to cover their bases. As conditions continue to evolve, how can SMBs deal with the widening skills gap?

Did you know that 83 percent of organizations have voiced concern about their ability to find workers with the right IT skills and experience? These organizations need but don’t have a team of skilled IT specialists, who are dedicated to providing them with peace of mind and the expertise they need to grow profitability.

Closing the IT skills gap remains an on-going challenge for most SMBs because it can have a significant impact on the operations and effectiveness of their business. Due to the expertise that is now required to keep a company’s IT department up and running, it’s becoming more beneficial to outsource low-value, time-consuming tasks to a managed service provider (MSP). According to a 2012 study, businesses are seeking help. CompTIA’s International Technology Adoption and Workforce Trends Study shows the trends.

Can_Managed_Services_Bridge_the_IT_Skills_Gap_for_SMBs-Chart

Mar 13

Improve Your Password Security

By Scott Smeester | Cyber Scams , IT Best Practices , Managed Services , Microsoft Windows , Security

Many red opened locks around one closed blue lock

Sometimes it is the simplest or most obvious things that can be easily overlooked or taken for granted in life. The IT space is no different and many of the most basic elements, like password management, can often times be overlooked. While it’s not the sexiest of topics, passwords are something we use everyday and should be at the forefront of any security plan.

Passwords are the first line of defense against malicious activities in the digital space. We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess. However, the actual execution of these recommended practices is often lacking. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. As a managed services provider, it is imperative to ensure that your clients are employing some simple, yet highly effective tactics to keep the bad guys out of their information and IT systems.

Hackers’ Tricks

Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these folks use to crack the password code and get the proverbial “keys to the kingdom.”

  1. Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
  2. Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
  3. Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
  4. Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing.
  5. Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a gas station (debit card PINs are vulnerable).

Password Security Tips

So what is the MSP or client company to do? Educate employees on strong password practices. There is simply no-way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.

Some best practices to be teaching customers and employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’

Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. Here are some of the web’s most common passwords – and what they say about you as a person.

What else can be done? Here are some “do’s” and “don’ts” for password safety.

Do:

  1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
  2. Keep corporate and personal passwords separate.
  3. Change your passwords often (ideally every month)
  4. Always log off your computer or lock it when you leave it for any period of time

Now some don’ts:

  1. Don’t write passwords down or store then in the office
  2. Don’t store passwords on any device
  3. Don’t give passwords in emails or IMs
  4. Don’t give your manager your password
  5. Don’t discuss passwords with others
  6. Don’t use remember password function in applications
  7. Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed

After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilizing these recommended practices and you may not even know what data may currently be exposed or at risk. Changing your passwords and using the above techniques can help protect you and your clients from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your clients.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!