What to Include in Your Internet Security Policy

policies procedures bindersWhether you’re just launching your new enterprise or you’ve been in business for a while, you’ve probably outlined a set of policies and procedures designed to ensure the safety of employees, foster a welcoming workplace, and ensure efficiency in operations. Now you need to consider that modern business is conducted not only in board rooms and cubicles, but in virtual space as well.

It is therefore imperative to create an internet security policy to complement your other operational policies and procedures. Of course, such policies are still in their relative infancy.  With new threats popping up all the time you may feel some anxiety about your ability to keep up.

The good news is that many other businesses are in the same boat.  A consensus is beginning to form concerning the best ways to develop and implement flexible internet security policies. These strategies are designed to adapt to technological advances and the evolving nature of hackers. Here are just a few key points you’ll want to include in your internet security policy.

Security Strategy

Planning your policy should begin with considering a security strategy. This could include listing your objectives when it comes to implementing and maintaining internet security. It might also cover your ethical and legal responsibilities in terms of privacy laws meant to protect customers and employees.

Your policy should also include the variety of systems you use that operate online. Note how to protect each one with relevant security software and employee usage guidelines. Detailing these points will help you determine the course of your internet security policy. This way you can delve deeper into pertinent issues like which software to purchase, how much to spend, and how to train employees to do their part.

Specific Programs

You may need some professional guidance when it comes to planning your internet security policy.  If your business uses specialized software or equipment, your policy should include proper procedures pertaining to each specific system, network, and program you utilize. Naturally, this portion of your policy may change over time as you implement new software and systems.

It might seem like overkill to list specifications for hardware and software. However, if you expect employees to properly utilize these systems as part of their job, they need to understand potential risk factors so they can behave appropriately and keep your online operations secure.

Authorizations

Compartmentalization is a great way to increase the level of security for confidential data. For example, everyone in the company might need access to an employee directory, but you may limit access to financial records to only your finance and executive team.

While you may want to foster transparency and openness, you don’t necessarily want all of your employees to be privy to executive planning and communications.  You also can’t allow unfettered access to sensitive customer data like credit card or social security numbers. By compartmentalizing and setting up a system of authorizations for different positions, you can help to protect your company and your customers.

Don’t forget to include behavioral information in your policy as well. You need to make it clear that employees are not to share access with one another or with outsiders and that they will face penalties for doing so.

Password and Network Policies

Some of your internet security policy will focus on the technical elements of securing your online operations. The rest will pertain to employee behavior as a means of teaching workers how to behave in a manner that helps to protect the company.

Your employees no doubt have passwords to access computers, accounts, networks, and data. Your password policy should provide clear rules and regulations regarding how to access resources and how password usage works.

It seems almost silly in this day and age to remind employees not to share their login information with anyone, including their coworkers. Yet, it is still necessary to include this in your policies, along with protocols for password creation.

You also need to train employees to operate in a careful manner when it comes to email and other network usage. Some of the most common ways hackers gain access to company data involves employee error. This includes the use of weak passwords and blunders like clicking spammy links, visiting dangerous websites, or downloading files that contain viruses, spyware, or malware.

Expectations and Penalties

Employees need to understand what you expect of them when it comes to internet security. It is also important that they understand the consequences, to the company and to themselves, should they fail to act appropriately. Irresponsible behavior could result in a devastating data breach. Spell out penalties associated with such failures so that workers have ample motivation to follow your internet security policy.

How to Train Employees to Safeguard Against Hackers

employee training puzzle pieceHackers can cause all kinds of problems with a business. In addition to planting viruses, worms, spyware, and more, hackers can steal sensitive customer, employee, and business data.  These criminals will use this information to hijack identities and make a profit.

One of the latest threats many businesses face comes in the form of ransomware. This is when hackers infiltrate a computer or network and take files hostage by encrypting them. Businesses that want to regain their data have to figure out how to break the encryption, which is next to impossible, pay up in the time allotted, or lose access to their information for good.

The worst part about hackers gaining entry to a business’s virtual operation is the damage they leave in their wake. Perhaps just as disconcerting is how often employees are to blame for letting hackers gain access. The best security measures in the world won’t work if employees are holding open the virtual front door for hackers.

As a result, you not only need to make sure you have appropriate cyber security in place; you also must take steps to train employees to spot threats, behave in an appropriate manner, and act as a line of defense against hackers. Here are a few things you should include in your training program.

Policies and Procedures

As a business owner you enact any number of policies and procedures designed to maintain a safe, efficient, and productive workplace. Some policies (like sexual harassment or discrimination training) curb offensive employee behavior and limit your liability.

Other policies like NDAs and non-compete clauses help to protect your business from leaks that could compromise confidential data. You also need to develop policies and procedures intended to teach employees how to safeguard against hackers.

You could, for example, enact behavioral policies that spell out how employees should use your network resources. Employees should not open emails from unknown senders or click suspicious links. Above all they should heed the advice of software warnings when they try to access dangerous websites.

Policies and procedures designed to safeguard against hacking could pertain to password protection, network usage, and even sharing information between employees. Taking the time to list your expectations and make employees aware can only help to keep your operation safe from hackers.

Strong Passwords

Cracking passwords is one common way that hackers make their way into your system.  Luckily, there is a lot you can do to ensure greater protections in this area. A good start is to select software that prompts users to create strong passwords (requiring 8-12 characters and a variety of letters, numbers, and symbols) and requires employees to change passwords regularly.

Your software shouldn’t do half of a hacker’s job for them by repopulating fields when the login information entered is incorrect. Instead of leaving the name in place when the password is wrong (alerting hackers that they have the correct name), all fields should be automatically cleared.

You also need to make it clear that there will be serious consequences if employees share passwords, even with fellow coworkers. Compartmentalization of data, authorization for access to different areas, and password protections only work if individual passwords remain confidential.

Recognizing Threats

There are many ways in which hackers can target your employees. They can attach spyware and malware to seemingly innocuous links or downloads thereby piggy-backing on other programs to gain access to your system.

Employees must be trained to spot these scams in order to avoid them. Your security software can go a long way toward protecting your company from hackers, but when employees understand potential threats and how they might contribute to the problem, there’s a much better chance all of your protective components will work together.

Backups

Even with proper training, employees can still make mistakes that open you up to hackers. The best defense is always a good offense.

Having backup protocols in place could help minimize damage if employees slip up and hackers find a way in. A monitoring service is a good place to start, but you should also have system backups in place so that you can shut everything down, lock hackers out, and revert to a recent save point so as to resume business operations post haste.

Web Security 101

web security mouseYou’d have to be living under a rock to remain unaware of the many threats modern companies face due to online operations. Certainly there is a lot to be gained from setting up a business website complete with an online store, not to mention social media accounts, but there are also many risks associated with forays into the virtual world.

Keeping your business secure used to mean installing locks, an alarm system, surveillance cameras, and possibly a robust safe, just in case. While these measures still apply to companies with brick-and-mortar locations, many businesses now have the added worry of protecting a secondary operation in the online arena.

You’ll hear plenty of people say that the worldwide web is a modern Wild West. Although controls are constantly evolving and will continue to advance, the truth is that hackers often seem to be a step ahead. However, this could have something to do with the vast number of businesses that are tremendously under-protected.

Whether you’re just starting your online operation and attempting to learn about web security along the way or you’ve been at it for a while and you’re in need of a refresher, there are several security basics every business should be aware of. Here’s a crash course in web security to get you started.

Technical Controls

There are two main types of controls inherent to web security: technical and operational. Technical controls consist of any measures automatically implemented by your technology, including your hardware, software, and firmware.

There are a broad range of technical controls to consider when planning your security strategy. Most businesses start with firewalls for both their internal systems and their online operations (i.e. web application firewall). The next step is implementing software that recognizes and stops viruses, spyware, malware, and so on.

Technical controls could also include password protection software, encryption software, third-party monitoring and maintenance, and system backups. This last one is technically a recovery feature rather than a security measure, but it’s worth mentioning because without it a hack that results in data loss could halt operations.

Of course, you can’t rely entirely on technical controls to keep your company’s online operations safe. In addition to the many programs designed to protect you from hackers, your users (employees, customers, etc.) also must to behave in a safe and responsible manner in order to ensure the highest level of security. Tools are only as good as their users, and this is where operational controls enter the picture.

Operational Controls

Operational security measures include any actions performed by people, as opposed to machines, but these two systems of control often work hand-in-hand. For example, you no doubt have a login system that includes username and password requirements.

The system itself is a form of technical control, but users are responsible for making and using passwords appropriately. If employees allow others to access their passwords and accounts, they could be responsible for breaches that your technical controls would otherwise have protected against.

Another example of technical and operational controls working together would be software that warns users when they’re about to access dangerous websites (those that contain potentially harmful code). If users are properly trained, they should navigate away instead of putting your network at risk.

Of course, this marriage of technical and operational control relies on a tertiary system: management control. The policies and procedures you create have an impact on how well these systems all work together to protect your online operations.

With comprehensive training and implementation of security systems you can ensure that both technical and operational controls work toward the common goal of keeping your company secure against breaches.

Risk Management

Proper internet security begins by assessing your website from the hacker’s point of view. What are the weaknesses hackers are most likely to exploit? Perhaps your password protocols aren’t very robust or your antivirus software is out of date.

Maybe your employees have a penchant for visiting dangerous websites, opening suspicious emails, or clicking dubious links. Maybe you don’t take advantage of monitoring services that could provide you with early warning of breaches.

Risk management revolves around understanding the threats you’re facing and performing an honest assessment of your vulnerabilities. When you do this you have the information needed to implement suitable security controls.

How Page Content Monitoring Can Improve Your Site Security

security-265130_1280Business owners can’t exactly spend all day checking in with their website to ensure that it is performing as it should. The good news is that there are all kinds of monitoring programs and services to do the heavy lifting for you.

What do these monitoring platforms provide? There are any number of things the average business might want to track. For example, site uptime is a major concern for many business owners who want to make sure unscheduled downtime isn’t preventing customers (and prospective customers) from accessing their content.

The right monitoring service can alert a business when its website is experiencing downtime or even extended loading delays, just for example. Monitoring software and services could also be used to track network activity, error messages, customer logins, traffic, shopping carts, links, email, and more, including the content on your website.

Pretty much anything you want to monitor when it comes to your website performance can be tracked using appropriate software or monitoring services. What you may not realize is that such measures can do double duty by increasing your security, as well.

How can monitoring services, and content monitoring in particular, bump up your security? Here are just a few ways in which choosing appropriate software or service providers can keep you apprised of potential problems with your website and increase security in the process.

Deal with Downtime

There are obvious reasons to avoid website downtime. Some amount of downtime is, of course, unavoidable. Eventually you’re going to have to perform maintenance and upgrades to your site, and your web host will have scheduled downtime, as well.

What you really want to avoid is unscheduled downtime that stops visitors from reaching your site. When this happens, you risk losing both loyal customers and new visitors.

However, you gain more than just a window into what your visitors are encountering on your website when you hire a service to monitor downtime. You could also discover hacking or other attacks that disable your site.

Monitoring services will send you notifications when your site is experiencing unexpected downtime, allowing you to fix the problem post haste. This might actually allow you to stop a hack in progress and protect your network and data from breach.

What if hacking activities don’t result in downtime, though? Suppose someone is tampering with your content? In this case, having content monitoring services in addition to uptime monitoring could help you to spot unusual activity and stop hackers before they cause too much damage.

Spot Unusual Network Use

Some monitoring and management services provide a variety of network solutions for your business, including options to perform backups and keep an eye on network usage. Some even provide added security for your network in the process.

Regardless, the information these monitoring services provide can help to keep your business and your data safe. Network monitoring can provide you with clues to a number of different potential security threats.

When you receive alerts from your monitoring service showing unusual activity on your network, it could be a clue that employees are using your resources inappropriately, potentially creating security risks in the process. Or it could indicate that your network is under attack or that a breach is already underway.

Receiving such notifications allows you the opportunity to curb potentially harmful behavior by employees and stop hackers in their tracks, especially if your monitoring service also provides management and security.

Unfortunately, some threats come from inside your organization. Here, too, content monitoring could serve security purposes by alerting you to suspicious activities such as malicious tampering with your website content by disgruntled current or former employees.

Identify Who is Accessing the Network

With appropriate monitoring and management software or services in place, you increase your ability to determine who is responsible for breaches. Whether an employee has inadvertently allowed access to your network by clicking a spammy link, visiting a dangerous website, or sharing a password or you’ve come under attack by industrious hackers, the right monitoring program can help to trace the source of the breach.

This information can be invaluable when it comes to finding those responsible and setting up better protections in the future. Strengthening network security starts with understanding weaknesses, which monitoring methods can make you aware of.

Before you can address a problem you must first realize that something is wrong. Whether your network usage is high, your site is experiencing unscheduled downtime, or something hinky is happening with your content, the right monitoring software can alert you that there is a problem.

Derail Suspicious Email Usage

In addition to monitoring your website and your network usage, you should also keep tabs on email and messaging. For example, monitoring email could alert you to the transfer of confidential data or unusually large files, signaling inappropriate activity that goes against your security protocols.

You can also analyze log files after the fact to check for threats like viruses, quarantining as needed and tracking the sources of these threats. Regardless of the monitoring software or services you choose, you should know that you not only stand to gain valuable insight into and control over digital operations, but you could also increase security in the process.

What Can You Learn From the Panama Papers Leak?

panama papersWhen it comes to cyber security breaches, there have been some real doozies. In fact, there have been some appalling breaches in just the past couple of years. Just look at the 2014 hit on Sony that resulted in the broadcast of executive emails and the resignation of key executives (following the 2011 attack on Sony’s PlayStation Network that reportedly cost the company over $170 million dollars).

How about the 2015 attacks on health insurance providers (Anthem, Blue Cross), banking institutions (JPMorgan Chase and Co.), dating website Ashley Madison (which you’d think would have abundant security considering the secretive nature of its adulterous clientele), and even the government (Federal Office of Personnel Management, or OPM)? That’s not even mentioning the many data breaches on mega-corporations like Target and Home Depot.

The point is that no one, not even the largest, richest, and most powerful organizations in the world, is exempt from attempted (and probably successful) hacking. However, the Panama Papers incident has been cited as exceeding all of these breaches in scope.

The data breach (of which The Guardian news outlet provided a handy primer here), which resulted in the theft and subsequent publication of 11.5 million files from the databases of Panamanian legal firm Mossack Fonseca (the fourth largest offshore firm in the world), exposed the firm’s wealthy clientele, including a variety of world leaders. Included in the revelations was evidence implicating Russian President Vladimir Putin, Pakistani Prime Minister Nawaz Sharif, and Icelandic Prime Minister David Gunnlaugsson (among others) in shady and potentially illegal offshore activities.

Is there any good to be gleaned from this incident? If your business is the type to learn from the mistakes of others, the answer is yes. Perhaps the nature of the Panama Papers incident can serve as a warning. Here are a few things you could learn from this historic data breach.

The Attack was Simple

Since the Panama Papers leak, the method of the attack has come to light, and apparently the breach exploited a well-known weakness so simple that it could have been perpetrated by a child, much less a hacker of some skill.

This prompts the question: what are you doing to protect your website and network? Firewalls, antivirus programs, password protection, encryption, and monitoring are all great, but you need to stay up-to-date with known issues if you want the best chance to bolster your security and fight off intrusion. If you’re like most companies, you’re not even taking some of these common steps.

Valuable Data was Up for Grabs

As a business owner you know that some types of data are more valuable than others. For example, client names might not be as valuable as their social security numbers or credit card numbers.

Unfortunately, Mossack Fonseca failed spectacularly to adequately protect any of their client’s data, regardless of the relative value or need for privacy and confidentiality. In fact, it was discovered in the aftermath that sensitive data was regularly transferred via unsecured email, which would make it all too easy to get a hold of, even in the absence of the scope of hacking that occurred.

Additionally, data of a more sensitive nature was not compartmentalized and stored behind extra layers of security. Hackers had no trouble accessing and stealing everything, including the most private client data.

No One Noticed Unusual Activity

Simple network monitoring software or services could have easily spotted the enormous data transfer that occurred during the hack on Mossack Fonseca (amounting to 2.6 TB of data). This size of transfer is astronomical, and it should have immediately set off alarms and notification – if only proper monitoring had been in place.

Everyone Suffers

It’s no surprise that the Panama Papers leak had consequences for both the company and its clients. For example, David Gunnlaugsson stepped down as Prime Minister of Iceland following the leak, which revealed conflicts of interest in deals brokered after the financial crisis.

Other prominent world leaders were also revealed to have practiced unethical or even illegal activities relating to Mossack Fonseca, the least of which revolved around tax avoidance while the worst offenders appear to have stolen money from the very countries and people they represent. This, of course, is a worst-case scenario for any business, but the lesson is clear.

A company that allows such a data breach will lose clients, one way or another. Whether they leave due to lack of confidence or they find themselves so personally compromised by leaked data that they can no longer continue to function professionally, the company that allowed the breach is likely to be compromised beyond repair.

Free and Easy Network Security Tips for Every Office

Let’s be clear up front: every business is going to have to spend some money on network security. Not only do you need to put proper protections in place to ensure you’re not an easy target for hackers, but you also have to comply with federal and state laws pertaining to privacy. If a data breach compromises private data for employees, clients, and so on, you could find yourself in serious legal hot water.

However, once you have a firewall, antivirus/antispyware software, password protection software, and extras like VPN or FTPs in place to protect your network and your data, you’ll find that there are a number of free and easy ways to ensure that the protections you paid for continue to perform as intended. Here are just a few free and easy network security tips that will benefit every business.

Go Paperless

This might not sound like a network security tip, but if documents containing sensitive information like user names and passwords get into the wrong hands, a network breach could result. Even better, going paperless actually saves you money.

If you’re not able to go completely paperless, at least make sure to shred and recycle documents appropriately, taking every precaution to ensure that data isn’t readily available to industrious dumpster divers.

Perform Updates

Software and firmware need to be updated regularly if you want to protect your network from outside threats. Most of your hardware and software will have options in the settings to automatically check for and install updates, making the process easy for you, but if you have IT staff on hand, you may want to perform these updates manually or at least get notifications when new updates are available so you can decide if you want to allow them or not.

All of the hardware that supports your network, including computers, servers, modems, routers, and so on will need firmware and driver updates to continue functioning properly and communicating with other devices on your network. Relevant software updates can ensure that you’re protected against the latest threats. Both can help to keep you protected, but only if you check regularly and perform updates as needed.

Schedule Regular Scans

With proper updates your antivirus/anti-spyware software should protect your network from viruses and other malicious code. However, it’s a good idea to schedule regular system scans to ensure that nothing suspicious has slipped through the cracks and infiltrated your network.

Require Strong Passwords

Password protection is an excellent way to keep unwanted visitors out of your network, but only if the passwords used are strong enough that hackers can’t crack them. You should therefor require employees and online users to create strong passwords.

These days passwords should have a minimum of 8-12 characters, with combinations of capital and lowercase letters, numbers, and symbols. In addition, users should make sure not to use personal information like pet names, birth dates, addresses, and so on.

One good option is to use an easy-to-remember acronym that looks like gibberish to anyone else. For example, the phrase “My 2 dogs-Fido and Spot-are 9 and 13” would become “M2d-FaS-a9a13”.

Change Passwords Frequently

It’s not enough to create strong passwords; you should also prompt users to change them on a regular basis. This will help to stop the potential threat arising from either employees that share passwords or hackers working on gaining entry to your system.

Policies and Training

All the protections in the world can’t keep you safe from ignorance and stupidity. You must therefore set clear policies for appropriate behavior when using the network and then train all employees accordingly.

These policies could include common sense activities like keeping passwords private (i.e. not sharing them with coworkers, supervisors, outsiders, or anyone else), as well as behaving in a safe and responsible manner when using company resources. Employees should be trained to avoid email from unknown senders, steer clear of dangerous websites, and avoid clicking suspicion links, just for example.

Having such policies in place and training employees to behave properly might seem like a waste of time, but it only takes one mistake and you might as well throw the doors wide open and invite hackers in. With proper hardware, software, policies, and training procedures in place, your business has the best chance of avoiding a data breach and the resulting fallout.

The Rise of Scamware

You might not think you’ve heard of scamware, but the truth is you’ve probably come across it without even knowing. Just as so many people have seen the potential for good in the growth of the internet, with increased learning and communication opportunities, there have also been a number of unscrupulous parties looking to use the internet to perpetrate criminal acts for personal gain.

The emails calling for personal information in order to claim your Nigerian or UK lottery winnings have by now become a joke, but remember when they first appeared and people were sending their personal, private information in the hopes of receiving money? Like everyone else, scammers adapt, and scamware is the new Nigerian lottery.

Snake oil salesman are nothing new, and scamware is nothing so much as a bottle of venom disguised as a cure-all. It’s software that purports to be useful and legitimate, when in fact it’s just malware – a means of collecting personal data and stealing money and identities.

It’s designed to make users think they need it in order to create the fear or anxiety that will cause people to buy into its hype and deliver the goods, so to speak. Unfortunately, such tactics are on the rise, and many people have been duped, to their great detriment.

How Does Scamware Work?

Some of the most popular scamware on the internet poses as antivirus software. Users receive a popup or email posing as a source that appears legitimate, like Microsoft, for example. It offers a free scan to look for viruses, which it naturally finds (whether there are viruses or not).

Then it urges users to purchase the paid version of the software. What do users get when they download the software? If they’re lucky, nothing – they only lose the money used to purchase the software.

Those that are not so lucky may have their credit card number or other personal information stolen, and worse, the software they download could scan their computer and steal further information, infect the computer with a virus, or even hold the computer hostage until further funds are sent.

This last insidious feature is becoming more popular. In fact, a purchase isn’t even required – sometimes all you have to do is click a link or open a legitimate-looking email for this malware to install.

Once it is in your system, the software freezes your computer and locks you out, revealing a pop-up that tells you to send money within a certain amount of time or your files will be corrupted or deleted. There are other types of scamware, as well. Some appear to be coupons or legitimately useful apps for mobile devices, but the one-click, fix-all scamware is easily the most popular grift.

How Can I Identify Scamware?

By its very nature, scamware is difficult to identify. Unlike other viruses and malware, it can’t necessarily be caught by a computer program, at least not until it’s too late. Although many antivirus/anti-malware software is designed to identify and warn you of threats (like suspicious websites or untrusted email), no software has yet been designed to differentiate between false and legitimate advertising.

The only real way to identify scamware is to be smart and wary. There are two good rules to follow. First, if it looks too good to be true, it probably is. Second, do your homework – check out the company before downloading their software.

How Can I Avoid Getting Caught in the Trap?

What you want to avoid is a knee-jerk reaction. You should always be suspicious of companies that approach you via pop-ups or email, even if they seem to be from a legitimate source like Microsoft of Mac. Do not click links or download anything.

If you’re actually worried about dire proclamations of viruses or you’re interested in the services offered (PC tune-ups, system care, etc.), exercise due diligence. Look for a company website and user reviews. If they don’t exist, it’s probably scamware.

Of course, even this isn’t entirely trustworthy. In the past, scammers have used SEO practices to put their websites at the top of Google search pages. Still, there are steps you can take.

If you’ve never heard of a software and the purveyor approaches you, simply look for well-known alternatives that you have heard of or ask around. In terms of antivirus software, plenty of people use Norton, McAfee, or AVG, just for example. Trust what you know and steer clear of solicitation.

5 Tips for Creating a Secure Password

Remember when you created your first AOL account and you could use your real name (without a slew of numbers behind it) and create a simple password that was a mere four or five characters longs? Nowadays, you’re John_Smith260548 and your password is some crazy combination of letters and numbers you can’t possibly remember.

This is all for your own protection, of course. Not only do we have to contend with data breaches on massive scales, but if your passwords aren’t secure, you can look forward to diligent hackers slicing through your defenses like tissue paper and stealing your sensitive personal data in the process.

In other words, you need to be your own best advocate by creating passwords strong enough to protect your online accounts, including your email, any clubs you join, and e-commerce sites that save data such as your credit card number. Plus, it hardly needs to be said that you’d be in real trouble if hackers accessed any accounts containing your social security number.

So how can you create a password that’s hack-proof? Such a thing may not exist, but you can definitely make secure passwords that will have would-be hackers heading for greener pastures, so to speak. Here are some tips to get you started.

1. Number and Type of Characters

The standard number of characters recommended for secure passwords is a minimum of eight, although some forward-thinking websites are starting to demand twelve. You password should also include different types of characters.

These characters may be uppercase letters, lowercase letters, numbers, and symbols and/or spaces. The best passwords will employ a combination of all of these elements. In addition, you should try not to use recognizable words at all, opting instead for a random combination that cannot be guessed once a few of the letters are revealed.

Such passwords may be more difficult to remember than your passwords of old, but if you’re keen to keep hackers out of your accounts, this is the best way.

2. Avoid Personal Data

We get it – you want to create a password that has some kind of personal meaning to make it easier to remember. However, this is a mistake that hackers will find ways to exploit.

Think about how much information about your private life is available on the internet, especially via social media. All you have to do is tweet about your dog or post a photo that shows your street sign and you’ve potentially given hackers a substantial part of common passwords.

Don’t use your name, nicknames, street names, pet names, dates like birthdays or anniversaries, or any other personal information that hackers could glean with a little digging online.

What you can use to help you remember a seemingly random assortment of characters is an anagram. Make up a sentence you can remember that includes letters, numbers, and symbols and then turn it into an acronym by using only the first letter of every word. “My first dog was Fido! He died at 13 in January of 2002” could become MfdwF!_Hda13in0102, just for example.

In this way you can create incredibly secure passwords that you’ll actually be able to remember when you login.

3. Different Passwords for Every Account

This can be a hard sell considering the dozens of accounts that most people use frequently, not to mention the handful used daily. However, there is a solution.

With a password manager you can enter all the passwords for your various accounts and all you have to do is remember the password that logs you into the password manager. Just make sure that password is really secure.

4. Never Repeat Passwords

Many websites will prompt you to change passwords periodically. When this happens, resist the urge to repurpose old passwords.

Once you’ve used a password, don’t recycle it. Create a new one every time for the best chances to avoid redundancy and the potential for hacking.

5. No Sharing

This should go without saying, but considering how many people make the mistake of sharing their ATM pins, it’s not really that surprising that passwords get shared with spouses, friends, and other seemingly trustworthy parties. Do not fall into this obvious trap!

The most secure password is absolutely useless if you share it with someone else. Not only could that person access your account, but they might not be as diligent as you at protecting it, potentially letting your private information fall into the hands of others willing to exploit it.

It’s one thing to trust your partner, your family members, or your friends, but the security of your online accounts relies on secrecy. You might trust your loved ones to keep this secret – the problem is if you can’t keep it.

Will 2-Step Verification Make My System More Secure?

IT security is a growing field precisely because so many businesses lack suitable digital security. If news headlines are to be believed, no one is safe from the long arm of the hacking community. Even institutions that are supposed to employ the height of security (medical organizations, banks, and government entities, for example) have been subject to data breaches, and that’s just in the last year alone. What is the average business to do in light of such overwhelming odds? How can small and mid-size companies protect themselves from security breaches, data loss, and identity theft (not to mention the major fallout after a breach) when bigger, better-funded entities can’t fend off hackers?

In truth, there is no shortage of steps businesses can take to protect themselves and their clients from data theft. Simple steps like installing appropriate firewalls and encryption programs are a good start, as is hiring professional help like document shredding services, monitoring websites, and even managed services providers. The problem for many smaller businesses, however, is not a lack of motivation to upgrade security, but a lack of capital to devote to the project. Enlisting the aid of a managed services provider, for example, can cost a pretty penny.

One good option for many businesses looking to implement a major change without spending a ton of money is to institute a 2-step verification process for user logins for company systems. You may already have password protections in place for both employees and customers. If you’re smart, you’ve already taken steps to make this login process as secure as possible. Perhaps you require strong passwords, such as those that are eight characters or longer and that must use letters, numbers, and symbols. You may prompt users to change their passwords frequently. Maybe you even use a program that doesn’t allow users to save information and that won’t repopulate fields when any portion of the login data is incorrect.

This type of diligence is both wise and secure. However, 2-step verification can take your login process to the next level in terms of security. As you may know, offering 2-step verification means adding another step to the login process, and there are a couple of ways to go about it. You could, for example, require users to answer a security question (i.e. “what is your maternal grandmother’s name” or “where were you born”). This creates an extra layer of security by requiring additional, unique information from every user.

The other form of 2-step verification is even more secure. You could also require users to enter an authentication code after entering a username and password. This can be accomplished when users download an app that generates unique codes and refreshes after a short time frame (say one minute), providing a new code. Or you could simply send out unique codes to user phones for them to enter when they’re trying to log in to your system. It is this type of 2-step verification that most companies are leaning toward these days as a means of stopping hackers from breaking in by figuring out user login data.

Will this truly make your system more secure, though? Unfortunately, 2-step verification isn’t entirely foolproof. It definitely adds an extra layer of security, and will therefor stymie a certain segment of the hacking population, which will likely move on to easier targets. However, there are some flaws in the system that data thieves have learned to exploit.

The main problem can be account recovery. Suppose a user loses data and cannot access an account, commencing the process of account recovery. Businesses don’t want users to lose their accounts and the data they’ve generated, so most simply bypass the verification system or disable it in order to allow users to create new login information. With minimal data, hackers can exploit this process to gain access to user accounts, thus nullifying 2-step verification.

The hope, of course, is that users will be smart with their own data management, creating unique passwords and optimal protections for all of their accounts so that hackers can’t gain access to recovery data. However, this is not always the case. In the meantime, 2-step verification is just one more way to add protection. For companies looking for relatively affordable ways to increase security, it’s a great option to explore.

Is Password Management Software Really That Secure?

At this point there doesn’t seem to be any question that virtually any network, server, or website can be hacked. After all, if hackers can breach corporate entities, health insurance providers, and even the government, what’s to stop them from hacking your business?

In some ways, small and mid-size businesses are lucky – they don’t have the same target on their backs that larger competitors do. Unfortunately, many smaller businesses are also forced to compromise when it comes to security due to a limited budget. Even though you may not face the same threats as better-known entities, you might be at greater risk.

In order to protect yourself, you need to make sure the components of your security system are up to the task. While password management software is certainly handy in this day and age, what with the onus to create unique passwords for every online account, you need to know if it’s safe to use. How secure is it?

Password management software has become a popular option for anyone looking to cut back on the amount of time spent trying to remember usernames and passwords for their many online accounts. With this type of program, all you have to do is log in to one master account, remember just one set of login information, and you can access every online account, despite the fact that they all have unique username and password combinations.

This is handy for business owners and clients alike, but it may not be entirely safe. If someone is able to hack the master password, they could immediately gain access to absolutely every account, putting your identity and the identities of others at risk. It seems like a pretty big risk, but if you rely on such a program to manage your passwords, don’t despair. They’ve taken steps to ensure the safety of their users.

Just look at the hack of popular password management company LastPass a few months ago. Users were terrified to discover that the site had been hacked, compromising email addresses, passwords, password hints, and other information related to the security of user accounts. LastPass, however, seemed unconcerned with the breach.

Although hackers accessed security data, the company claimed that user identities were not actually compromised, per se. This, they claimed, was because they had taken aggressive steps to protect their data, so that even if it was stolen, it could never be accessed. LastPass stated that their encryption was so robust that even if hackers stole their user data, there was no chance they would be able to crack it. The only chance that information could be accessed would be due to the user error of creating too simple a password.

In light of the breach, the company asked users to change their password information. The situation raised an interesting point, though. Are services for password management secure enough that you would trust your personal data (or client information) to them? If LastPass and others are to be believed, their software is more secure than what the average person could come up with alone. Their stance seems to be that breaches are bound to occur – and they’re ready.

Many such companies do not store user information on their own servers, so even if breaches occur, there is little chance data will be stolen. In addition, the level of encryption used to secure sensitive data is so high that even the best hackers will be stymied should they manage to steal anything. All users have to do is create a master password complex enough that hackers won’t figure it out – so don’t use your birth date or the name of your first pet.

In truth, using a password manager is likely much safer than going the other route and trying to remember a laundry list of unique username and password combinations for every online account. For one thing, you can’t store them all in your head. This means you’re likely to write them down, store them in your phone, or otherwise allow for easy access.

With password management software you need only create and memorize one strong password in order to protect all of your online accounts. If it is discovered, you will definitely be in trouble, but if you use it appropriately, the odds of failure are much smaller than the alternative. This means greater protection for your own online accounts, and potentially the accounts of other users, as well.