Posts tagged "passwords"

No more passwords in 2017?

December 8th, 2016 Posted by Best Practices, Data, Devices, Hosted Services, Internet, Newsletters, Security, Services 0 thoughts on “No more passwords in 2017?”
Yahoo!’s disclosure that hackers might have vacuumed up the passwords of as many as half a billion users lit the floodlights on two gaping issues in IT:

  1. Passwords run out of steam well before they cross the goal line of today’s security needs
  2. Sometimes you don’t even know they’re gone, which means you’re vulnerable without realizing it

Wakefield Research recently surveyed IT decision makers and found out that 69% will probably do away with passwords completely in the next five years.

The finding of the report wasn’t surprising, nor were the insights that IT professionals are despairing of evergreen problems:

  • Users “securing” their accounts with passwords a child could guess, let alone a script kiddie driving any of a dozen tools available for free download
  • Users recycling the same password for different accounts so that one crack exposes many systems. And it’s especially galling for IT when the breach of its system is the result of a breakdown of a system beyond its control, such as all the systems now at risk because Yahoo! customers used the same password for Yahoo! as for their work access.

Time and place a user is requesting access and deciding if it’s in keeping with that person’s usual behavior

(more…)

CYBER ATTACK: HOW DO YOU RESPOND?

March 4th, 2015 Posted by Best Practices, Internet, Security, Whitepapers 0 thoughts on “CYBER ATTACK: HOW DO YOU RESPOND?”

 

By: Alicia Hernandez, Think Technical Writer.

With all of these massive data breaches happening within some of the largest companies in the world, I cannot help but think it is only a matter of time before something happens within my company. I’m sure you have the same fear too…and if you don’t, you should! Think about it. Those large companies have all the money in the world at their disposal to throw at a secure, compliant, over-the-top infrastructure to protect their customer’s data. And yet, they still get breached. Maybe there’s no easy answer as to what to do to avoid an attack, but here’s some tips on surviving an attack.

Now-a-days with mobility being a driving factor in the success of our business, it is also opening up more holes for the bad guys to get in. Cisco refers to this as the “any-to-any challenge [in which] people work inside and outside the network on any device, accessing any application and in multiple clouds” (p. 2, 2014). Attackers are exploiting every vulnerability possible, and are far more patient than we would expect. The recent Anthem breach reportedly happened over the course of 6+ months, until finally the attacker was able to compromise the account of a Database Administrator for the company which gave them the keys to the kingdom.

Your reaction and response to a breach can be the difference between closing your business doors for good or saving your reputation and being able to continue on with your customer’s trust. For a more thorough guide, I recommend the Online Trust Alliance 2015 Data Protection & Breach Readiness Guide, along with more great information on their website https://otalliance.org.

 

Response

Whatever you do, don’t try to cover up your breach! Communicate promptly and truthfully with your customers – if you know the extent of the breach or if you are still investigating, tell them. Then, implement your incident response plan – if you don’t have one, you need one.

Contain your problem! Clean up the systems and cut the access of the attacker. DO NOT DESTROY ANY EVIDENCE!

Fix your problem! Take your time and do it right the first time. There is nothing worse than trying to rush back into being open for business and finding that you are still compromised.

Recover! Utilizing your disaster recovery plans (that you now have after reading our December article on DR), restore your systems and data and reopen for business.

 

Utilize Your Resources

Vendors, security consultants, and tools are out there to help you. Be willing to spend the money in order to save your business! It will not be cheap, but it will be worth it. They will also help you identify the necessary facts, documentation, and event logs that will be crucial to the investigation.

 

Lawyer Up

There is no way around it, there will be legal implications following a data breach. According to Network World, lawyers will help with notice issues, working with law enforcement agencies, investigations, and other policies and procedures for reporting the incident that are governed by either the state or the industry.

 

Insurance

Notify your insurance agent immediately. Remember that documentation will be vital to your investigation and your claim, including documentation on the cost of the remediation.

 

Do not be fooled. Be prepared. The size of your business does not exclude you from the masterful hands of the attackers. Data – anyone’s data – has a hefty price tag attached to it. Your secured systems are always at risk and sometimes there’s no stopping the bad guys, so the best thing you can do is be prepared for a breach.

 

 

CONTACT US

888.98.THINK
970.247.1885
3067 Main Ave. Durango, CO

JOIN OUR TEAM

Join our team of hard-working, fun-loving, technology experts.

View Careers

© 2018 Think Network Technologies, LLC. All rights reserved.