Ransomware attacks are devastating to a business and often impact all areas of its operations. But as we’ve seen from the recent May 7th attack on Colonial Pipeline, a ransomware attack can also have far-reaching consequences beyond the victim. [Read more…]
Ninety percent of internet users are worried about having their passwords compromised, and they have a good reason. Password theft has risen to be the number one goal of phishing attacks and it’s responsible for a large percentage of cloud account data breaches.
Without proper cybersecurity protections in place, a hacker can wreak havoc if they compromise a user password. And one password breach often leads to more than one account being in jeopardy.
44% of people admit to reusing passwords across multiple work and personal accounts, so a breach of one account means all accounts using the password can also be accessed until it’s changed.
Unfortunately, we’re not usually aware right away when a password has been compromised. It can be months, for example, before you’d be aware that your password was involved in a major data breach. It takes time for the breach to be discovered and even more time for a notification plan to be carried out.
Even if you have strong security measures in place like encryption, if an attacker has a legitimate password, they can bypass safeguards designed to keep them out. Unless multi-factor authentication (MFA) has been put in place.
Using MFA with your logins can stop 99.9% of all fraudulent sign-in attempts. Even if a hacker has a password, it’s very unlikely they’ll also have the device that receives the code needed to gain account access.
Implementing MFA for all company logins is one of the best things you can do to boost IT security, and it’s important to understand the difference between the three main types of MFA.
When you enable multi-factor authentication, you’re setting up a system that sends a one-time, time-limited code to a specific device at login. Only after the user enters both the username/password combination and the code can they gain access to the account.
There are three different ways to receive the MFA code, and while all greatly improve security overall, there are some that are more secure than others.
We’ll go through each of the three types below and explain the key differences. For the security details, we referenced a Google study on multi-factor authentication that looked at the effectiveness of all three methods against three different types of cyberattacks.
The least secure of the three methods is receiving the MFA code by SMS/text message. This is the most common method to use and is often the default method of website accounts and cloud tools when setting up MFA.
In the Google Study, SMS performed as follows:
One vulnerability that using SMS to receive the code has is that SIM cards can be cloned by hackers. One phishing text that a user clicks on can unleash malware that clones the SIM card and send the details back to the hacker. They can then see all the text messages sent to that phone.
On the plus side, SMS is one of the most convenient methods for users.
The next most popular method and one that holds the middle position for security is receiving the code through an app and on-device prompt. A popular app for MFA is Google Authenticator. This method is also commonly used on iPhones through a built-in feature when signing into iCloud.
In the Google study, here’s how the on-device prompt did:
This method is also fairly convenient for users, but it does take a little more setup if using a universal app, like Google Authenticator, because accounts have to be set up to use it.
The most secure method and the most expensive is using a security key to receive the MFA code. The other two methods are typically free, but you need to purchase a security key device from a vendor such as Yubico or Thetis.
Security keys are small, generally smaller than a USB flash drive, and are physically plugged into a computer or mobile device to authenticate the MFA code.
The additional cost pays off in a higher level of security. Here is how the security did in the Google study:
Besides having to purchase the keys, one downside is that users must carry around the key, and if it’s lost, they’ll need to jump through a few hoops to get a replacement and could be locked out of accounts until then.
Pro Tech Guy can help your Framingham business put an effective cybersecurity plan in place. We’ll help ensure passwords are protected with a system that balances convenience, cost, and security to meet your needs.
Contact us today to learn more. Call 508-364-8189 or reach us online.
The Internet of Things (IoT) has gone from one of those “space-age” concepts to something we see in our homes and offices every day. Smart speakers are now used widely and have begun heading into the office along with many other IoT devices. [Read more…]
Most business owners understand the need to keep the operating systems and applications on their computers updated and patched to prevent a data breach. Without being updated regularly for newly found vulnerabilities, devices can be susceptible to ransomware, viruses, malware, and other attacks. [Read more…]
Are your employees still using one-monitor workflows? If so, your business could be missing out on a simple approach that significantly improves productivity.
Email is a vital part of any company’s workflow, and most could not conduct business without it. 86% ofbusiness professionals prefer email as their main form of work communications. [Read more…]
This year, a lot of small and large businesses alike are taking a long, hard look at their cybersecurity measures. The pandemic brought an onslaught of attacks as hackers took advantage of all the disruptions caused by the pandemic.
One of the popular business technologies for communication and video during the pandemic has been Microsoft Teams. The application went from 20 million daily active users in November 2019 to 115 million byOctober of 2020. (a 475% increase!). [Read more…]
The internet has become just as indispensable as electricity. 81% of the U.S. population goes online daily, and most businesses couldn’t function without email, cloud tools, and other online systems. [Read more…]
2020 saw significant rises in all types of cyberattacks. Attackers took advantage of the disruption of the pandemic, remote worker networks, and the fears surrounding COVID. [Read more…]
