Archive for category: Email Security

Improve IT Security with Multifactor Authentication

/5 Comments/in , , , /by

Improve IT Security with Multifactor Authentication

Security breaches are a daily occurrence, making headlines on a regular basis.

Costly incidents are happening more and more frequently across all industries and businesses.

Every business leader is charged with beefing up IT security and protecting both proprietary data and customer information, but network security alone is no longer enough.

Multifactor authentication is one of many new layers of security that businesses must consider, to help thwart additional attacks.

What Is Multifactor Authentication?

Multifactor authentication (MFA), sometimes called two-factor authentication, is a crucial security layer requiring more than one authentication method to verify a user’s identity.

It blocks all access to a device, network, or terminal unless two of three factors are provided: something you have, something you know, or something you are.

These independent identity authorizations include a password, a security token, and often, a biometric verification.

How Multifactor Authentication Works

MFA makes it virtually impossible for someone to hack into a user’s devices, the network, or a database.

Most consumers use multifactor authorization all the time without realizing it. When you use a bank’s ATM machine, you swipe a card and enter a pin.

That is multifactor authorization.

But businesses need to begin recognizing the significance of containing security breaches by implementing MFA as a part of their overall IT security strategy.

The combinations for multifactor authentication are limitless:

Card swipe + pin

  • Username + password + texted access code
  • Card swipe + fingerprint + security question or password

Cyber Attacks Costs Everyone

The average cost of a data breach in Canada is $6 million, and half of all cyber-attacks on Canadian businesses are successful, with more than 51 percent of businesses reporting losses.

Multifactor authentication technology should not replace existing security (firewalls, malware detection, hosted email exchange, offsite backup and recovery).

Instead should be used to augment security, making it far more difficult for anyone other than the intended party to access sensitive information.

Combined with other security measures, such as stronger employee passwords, robust email security, and secure hosted services, multifactor authentication is an essential element of your organization’s overall security efforts.

MFA can prevent hackers from achieving a brute force entry into your network.

It’s much harder to breach a network using a fingerprint or a one-time-use access code texted to a single mobile device than it is to guess an employee’s password that is likely written on a sticky note under their keyboard.

As technology fundamentally changes how we do business, serve customers, and meet compliance standards, business leaders must re-evaluate whether their current IT strategies are meeting their needs.

The ITeam is committed to helping Calgary- and Alberta-based businesses develop proactive IT strategies that keep them competitive. Contact us to learn more.

Closing the Security Gaps: Employee Passwords

/1 Comment/in /by

Closing the Security Gaps: Employee Passwords

In our lives, passwords are the keys to everything we do, from logging in to our personal online banking to paying our bills.

Infоrmаtiоn about our реrѕоnаl lives, buуing hаbitѕ, credit ԛuаlitу аnd lifеstyle are valuable tо those whо саn рrоfit frоm it.

For corporations, that data hаѕ еvеn greater wоrth.

Intangibles such as intеllесtuаl рrореrtу, сliеnt liѕtѕ, mаrkеt ѕtrаtеgiеѕ, pricing and соmреnѕаtiоn, along with copious amounts of personal data on each customer, often account for the majority of the vаluе оf thе mоdеrn enterprise.

Therefore, the passwords we use at work – to access email, data files, and networks, are crucial protection points between us and hackers.

Wеаk оr compromised раѕѕwоrdѕ are the easiest wау fоr hackers to gаin еntrу intо a system.

Simрlе оr short раѕѕwоrdѕ саn bе еаѕilу diѕсоvеrеd through brutе force or “diсtiоnаrу”  attacks which concentrate intense соmрutеr роwеr to break through.

A two letter раѕѕwоrd, fоr еxаmрlе, hаѕ оnlу 676 соmbinаtiоnѕ.

A password with еight lеttеrѕ оffеrѕ mоrе safety with 208,000,000 combinations.

Enterprise Security Starts with Personal Password Requirements

Anyone who accesses your network, whether employee, client, vendor or other stakeholders, should be required to use complicated passwords to access everything from databases to email.

Idеаllу, a password ѕhоuld соnѕiѕt оf 8 or more characters and should be comprised of a mixture of uрреr аnd lower case lеttеrѕ, ѕуmbоlѕ аnd numbеrѕ.

Miсrоѕоft security hаѕ еnсоurаgеd the concept оf thе “Pаѕѕ Phrase” as аn аltеrnаtivе.

A рhrаѕе such as,”TheLastGoodBookUBoughtCost$25!” hаѕ all of thе needed еlеmеntѕ but is also еаѕу tо rеmеmbеr, since being able to remember the password is the key reason employees tend to create simple passwords.

Human Failsafes

Policies should be in place to govern passwords used to access company data of any kind that prevent:

  • Sharing passwords
  • Writing them down
  • Storing them on a computer or phone

It might seem like it would be common sense, but having a policy in place that spells it out is worth the effort.

People are the biggest security risk.

We are wired to respond to phishing attempts to gain access that play on our fears and worries.

We also are busy, forced to remember many passwords, and tend to use the same ones again and again. We’re also trusting and apt to share a password.

Layered Security

To mitigate the risk, lеаding firms аrе аdорting a dеfеnѕе strategy utilizing thrее еlеmеntѕ tо bеttеr ѕаfеguаrd thеir infоrmаtiоn.

Thе thrее lауеrѕ оf аuthеntiсаtiоn consist оf:

  • A strong password or passphrase
  • A crypto-key, smartcard, or token
  • Biometrics (fingerprint, etc.)

Protecting data is a never-ending battle as hackers become more and more sophisticated.

Companies must take strong stances on every point of entry that might create risk, including employee passwords.

Employee password security policies are essential to business continuity.

Phishing and Spoofed Emails Threaten Corporate Email Security

/2 Comments/in /by

Phishing and Spoofed Emails Threaten Corporate Email Security

Twenty years ago, corporate email security was not an issue that business leaders had to contend with.

Today, phishing and spoofed emails account for nearly half of all emails sent – and that’s a 12-year low!

As technology becomes more prevalent in every part of our business and personal lives, cybercriminals have become more and more creative in finding ways to con employees into clicking on links or taking actions that put companies at risk.

This has collectively cost businesses in Canada more than $19 million in 2014.

Email Security Threats Become More Sophisticated

A new wave of spear phishing – highly targeted, researched emails that are even more likely to deceive your employees because they look so legitimate – has been targeting Canadian companies.

Alberta businesses are not immune.

Last fall, 75,000 members of the Alberta APEGA were the victims of a spear phishing scheme.

The ITeam recommends that every organization take immediate steps to improve email security, including these steps:

1. Provide Ongoing Training to Employees 

According to the 2015 Verizon Data Breach Report, employees are one of the biggest risks, with 23 percent of recipients opening phishing messages and 11 percent of those clicking on the links.

Ongoing training, reminders, and even phishing email tests can help educate your employees on how to better resist the deceptions.

As business leaders and industry professionals, we must provide constant reminders about being more cautious.

Institute policies that govern what actions can be taken from an email.

Encourage employees to verify with the sender (in person or over the phone) if they were really the ones to send the email before opening attachments, wiring money, or clicking on links.

2. Implement Multi-Layer Security 

To prevent some of these targeted emails from getting through, you must implement tough, layered security protocols.

Every organization should have firewall protection, virus protection, and malware detection software.

In addition, email encryption solutions can protect data and limit access, and additional policy-based email security can be implemented to detect keywords that are likely phishing triggers, such as “credit card,” “wire,” “bank transfer,” and others.

3. Establish Robust BDR, MDM, and BYOD Protocols 

To mitigate risk, in case the worst does happen and an employee clicks on a link that leads to malware or ransomware infection, be sure you have stringent Backup and Disaster Recovery (BDR) protocols in place to protect your data.

It’s necessary to ensure that every device being used by employees is protected. Develop Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policies that require the devices to have protection and allow you the ability to remotely delete them from your network.

4. Adopt Sender Policy Framework (SPF) Best Practices 

To prevent even more spear phishing attempts, implement Sender Policy Framework (SPF).

Sender policy framework is an easy-to-implement email validation tool.

The SPF communicates with email providers and tells them that the email is coming from an approved domain (the company website, newsletter service, or approved third-party sender).

The ITeam will work with your Alberta business to customize a cost-effective solution. We offer a comprehensive email security plan that will protect you against email security threats. Contact us for a free consultation.

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK