Technology Advisor Blog

The Psychology of Passwords - Are your Passwords Secure?

Posted by Ann Westerheim on 6/26/20 11:49 AM

Password Psychology

We all know what we "should" do about passwords, but reality is quite a bit different as a recent report by LogMeIn shows, in collaboration with the National Cybersecurity Alliance.  At Ekaru we're on a mission to help Small Businesses stay strong in the face of cyber threats.  The more you know about the threats you face, the better your chances of keeping your data safe an your name out of the headlines.

As more and more people work and socialize exclusively online, protecting your digital identity is more important than ever. Most people believe they are knowledgeable about the risks of poor password security; however, they're not using that knowledge to protect themselves from cyber threats.  Good password hygiene is one of the most important steps you can take to secure your data.  

Gerald Beuchalt of LogMeIn and Dan Eliot of the National Cybersecurity Alliance put together a great program this week on the Psychology of Passwords and here are some of the key take away's.  Many in our community will recognize Dan from our in-person lunch and learn event several months ago.

  • 91% of computer users know that using the same or variation of a password is a risk, but 66% do it anyway.
  • 54% of computer users try to keep track of passwords by memorizing them and its not working.  24% of them need to reset passwords monthly after forgetting.
  • The old advice of 8 characters for a strong password is out of date - the longer the better and eight is not enough.
  • 52% of computer users haven't changed their password in a year even after learning of a breach!
  • Don't re-use passwords.  Keep in mind that hackers can use "credential stuffing" to try to use your password at all the other sites you may use it.  Don't re-use passwords.  With automated tools, now starting to be powered by AI, this is a quick task!
  • Use MFA - Multi Factor Authentication - whenever available.  Yes, it can be an inconvenience, but you will drastically increase your security with this simple step.

One question we hear a lot came up during the presentation. Is it okay to store passwords on paper stored in a secure location?  It is possible to very safely store the paper, but it's important to consider Protection vs Availability.  When we see users doing this, typically they end up keeping the paper with them, making it a lot less secure.

Also, the typical 90-day forced password reset policy actually can make passwords less secure.  Why?  Users will fear forgetting their password and will quickly take on some other bad habits like writing them down, re-using passwords, or creating passwords that are too simple.  The current advice is to keep a password that's strong until you have reason to change it (like a publicized breach). 

What can you do?  Educate your team.  Talk about security during your staff meetings and make sure everyone is on board.  Help create a culture of security in your organization.  You can get fancier with a formal training program, but even just a conversation will help.   Using a password manager like LastPass helps solve a lot of problems around keeping passwords strong and secure, but daily behavior improvements can go a long way.

Contact us at 978-692-4200 if you'd like a demo of LastPass or want to learn more

Also, here's a link to the video, report, and infographic from the National Cybersecurity Alliance:   View the Video and Get the Report

Subscribe to the Ekaru Technology Advisor Blog for more SMB technology advice by entering your email in the sign up box on the upper right of this page.

Tags: small business, password, cybersecurity, work from home

Reopening the Workplace After COVID-19:  A Checklist for Businesses

Posted by Ann Westerheim on 6/15/20 3:52 PM

Reopening the Workplace after COVID-19

As countries, states, and cities begin to ease lock-down restrictions, this checklist for reopening businesses can help you jump-start your return.

You and your employees have been quarantined for the past few months at this point, and now authorities are looking to lift restrictions and open up.  Here is Massachusetts we're already on "Phase 2".  With no vaccine, universally effective treatment, or significant immunity, we will still face nervous times, but things are starting to be a bit more "normal".

Now is the time to prepare.  There are so many areas to consider:  people, workplace, technology, and your customers.  With proper preparation, you can alleviate many concerns for your employees enabling them to focus on work, not the global crisis. 

Here are a few highlights, and at the bottom of the page you can download the entire checklist.

People:

  • Over communicate to your staff about returning to the workplace.  Make sure they understand what precautions you have taken and assure them they can return safely.
  • Establish an ongoing Work From Home (WFH) policy.  This will help the workplace from getting too crowded, and will accommodate those who can't quickly return.  

Workplace:

  • Establish guidelines for any visitors for entering your establishment.  Post the guidelines to ensure visitors understand and comply
  • Remind your employees of the recommended social distancing guidelines.  Place posters in your workplace to remind employees to stay diligent.  It's human nature to want to be connected with co-workers, but don't get complacent to safety guidelines.

Technology:

  • Schedule a meeting with your IT team.  Schedule a time to review all IT related matters and cybersecurity.  Cybersecurity threats increased dramatically over the past few months as workers were displaced.  It takes just one bad click to potentially put a business out of business.  
  • Evaluate any new technology deployed during the crisis.  What worked?  What didn't work?  What do you want to permanently deploy?

Your Customers:

  • Maintain an open line of communication with your customers.  Create a stream of communications to ensure you address their questions, comments, and concerns.  
  • Survey your customers.  Survey your customers about what worked, what didn't work, and what changes they would like to see.

The abrupt change to work from home left many businesses scrambling.  As they say, necessity is the mother of invention and we've entered an age of technology dependence at this point. Many changes are here to stay, but the return to the office, or a change to "work from anywhere" will require ongoing, focused planning.  

DOWNLOAD NOW!

 

Tags: small business, work from home

Cybersecurity During the Pandemic and Stay at Home Orders Impact on Small Business.

Posted by Ann Westerheim on 5/13/20 2:14 PM

Cybersecurity and the Impact of Work from Home on Small Business

For those fortunate enough to be able to make the move to work from home during the pandemic, the rapid change has been a lot to handle.  Cybersecurity threats increased sharply while users are adjusting to a new way of work.  Last week we hosted security expert Jay Ryerse, CISSP, of Connectwise to speak to our community about the impact on small business.  Ekaru wants the cybersecurity culture of our community to transcend the office walls to protect you, your family, and your business.

Here are a few of the key take-aways from his presentation, and the full video is linked below.

  • Prior to COVID-19, remote workers make up only 3.2% of the entire workforce and 44% of companies had policies that don't allow remote work.  All of that changed overnight!  The current pandemic is unprecedented.
  • Malware is round on 45% of home office networks
  • Cyberattacks now cost small businesses $200,000 on average, putting many out of business.
  • A new ransomware attack occurs every 14 seconds
  • 46% of SMBs have been targeted by ransomware
  • In cybersecurity, what you don't know will hurt you
  • Trust your team, but verify!

The return to the "new normal" will be just as challenging for businesses.  Some states are already re-opening, and it will be a long time before we get some semblance of normalcy. 

Work from home is likely to be a big part of our future.  Many affordable and secure solutions are available for smaller businesses to make the shift, and Ekaru is here to help.

Contact us to schedule a risk assessment to better understand the impact of COVID-19 and cyber threats to your business.

The full recording of the webinar is now available:

 

Tags: small business, cybersecurity, work from home

Get a Custom Zoom Background in 3 Easy Steps

Posted by Ann Westerheim on 5/7/20 11:50 AM

Zoom - With Custom Background - Beach-3Zoom meetings have become so popular these days that the word has become a verb!  There are many great collaboration tools (GoToMeeting, Microsoft Teams, etc), and Zoom has emerged as a crowd favorite with huge growth resulting from their popular free version.  

If you've been on a call, you've probably seen someone with a fancy custom background - a scene from a beach, a view from space, or some other fun background (or maybe a serious one like a company logo).  If you'd like to give custom background a try, it's easy!

Zoom - Start VideoFirst, a couple of notes on using video in meetings.  When you start your Zoom meeting, you'll see that video is "muted" by default.  Just click on the video icon in the lower left to turn on the video. 

Ekaru-Webcam CoverI like to use a web cam cover on my laptop so my camera is also physically covered when not in use.   Your laptop may already have a built in cover.  I like the extra peace of mind that I can control camera access.

As for custom backgrounds, If you've got a working webcam, getting a custom background is easy!

1.  Choose Virtual Background - Zoom - Choose Virtual BackgroundClick on the little arrow to the right of the video camera icon, then select "Choose Virtual Background"

2.  Upload Your Background Image - Zoom - Select the Virtual BackgroundClick on the "+" icon to add an image or video  (I have a few already loaded).  You can pick your favorite vacation photo, your company logo, or go on line to find some images.  

3.  Select the Virtual Background - pick the one you'd like to use for the current meeting.  Also, a heads up that that will be the default image for your next meeting, so if you're going on a virtual happy hour, you may want to change back at the end of the meeting so it doesn't load by default during your management meeting the next morning.

A few tips on video image quality - The Zoom virtual backgrounds work quite well even without a green screen.  For best results, a solid color wall behind you works best and don't wear colors that are in the virtual background image.  Why?  A lot of computing is needed to subtract your real background and display the virtual one.  If you match the image, your computer will get confused.  We received a help desk call this week from a user who reported a "fuzzy" image - she was actually blending into the background.  Test drive different images for the best results.

For more advanced troubleshooting, Zoom has some detailed info on technical requirements - https://support.zoom.us/hc/en-us/articles/210707503-Virtual-Background

A few tips on Security - Security is always on our minds.  Zoom has been in the news for security issues.  A few notes on security to stay safe on line:

  • Use unique meeting codes for all meetings
  • Set a password
  • Use the Green Room function to know who's online
  • Don't record meetings unless you have some important reason to do so.
  • If you're the host, know how to mute users and end the meeting quickly if you need to.

One of the nice features of Zoom is that virtual background are "native" to the application.  You don't need any extra software.  For example, if you want to try this with GoToMeeting, you'll need an add on like ManyCam to do the same thing.  Its easy, but it requires an extra step.

Have some fun on your next meeting!   

 

Tags: cybersecurity, work from home, Zoom Meeting

Beware!  COVID-19 Safety emails Deliver Malware Instead

Posted by Ann Westerheim on 5/6/20 5:13 PM

Safety Measures Deliver Malware InsteadCyber criminals are working overtime to take advantage of the disruption and confusion caused by the pandemic.  The FBI reports a four fold increase in cyber threats recently and its more important than ever to stay alert, and talk to your team about cybersecurity.  The most common attack vector these days is eMail, and an unknowing employee may click on the wrong link thinking they're getting important safety information.  Think before you click!

Check out the infographic for more information on what to look out for, and please share with your team.

20 Seconds to better email hygiene:

  1. Watch for overly generic content and greetings - Cyber criminals will send a large batch of emails. Look for examples like “Dear valued customer.”
  2. Examine the entire "from" address - The first part of the email address may be legitimate but the last part might be off by letter or may include a number in the usual domain.
  3. Look for urgency or demanding actions - “You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.”
  4. Carefully check all links - Mouse over the link and see if the destination matches where the email implies you will be taken.  (But keep in mind some advanced hackers have ways even to hide the true destinations!)
  5. Notice misspellings, incorrect grammar, and odd phrasing - This might be a deliberate attempt to try to bypass spam filters.
  6. Check for secure websites - Any webpage where you enter personal information should have a url with https://. The “s” stands for secure. (But keep in mind some advanced hackers can hide behind encrypted sites!)  
  7. Don't click on attachments right away - Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.”

It takes just ONE employee to click on a bad email to cause a lot of potential harm to your business.  Ask us about affordable ongoing cybersecurity training, testing, and simulated phishing tests to help keep your organization safe!

Tags: Cybersecurity, email scams, cybersecurity, work from home

Work From Home - Stay Safe On-line with Strong and Unique Passwords

Posted by Ann Westerheim on 4/24/20 4:59 PM

PW-Manager-EkaruCybercrime instances appear to have jumped sharply since the beginning of the coronavirus pandemic, according to the FBI. The bureau’s Internet Crime Complaint Center (IC3) reported last week that it’s now receiving between 3,000 and 4,000 cybersecurity complaints each day, up from the average 1,000 complaints per day the center saw before the pandemic. 

There are many types of threats, and many ways to stay more secure, but one simple thing is to use strong and unique passwords, facilitated by a password manager.

Can you memorize 50-80 different passwords?  The average person may use 50-80 applications that require passwords (or more!).  Each password should be strong and unique.  A strong password contains uppercase and lowercase letters, with numbers, and symbols.  The longer the password, the better.  In addition, a different password should be used for every site you visit (banking, business applications, social media, etc).  The problem is that the average person simply can't remember that much information, and what ends up happening is corners are cut.  If one site gets breached and your password ends up on the Dark Web, if you use that same password ten different places, hackers can do "credential stuffing" to gain access to other accounts.

Beware of Social Media quizzes on line.  Answering fun questions about your high school mascot, year of graduation, etc can also be used by hackers.  If you rely on dates and places to compose your passwords, they may easily be cracked.

Get a Password Manager.  With so much change pushed upon us suddenly, one simple thing you can do to gain control is to use a password manager.  A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand. This makes it easy to store passwords securely, and you'll be able to change passwords and "remember" them.  

 

Tags: cybersecurity, remote work, work from home

Is Work From Home Causing You Back Pain?

Posted by Ann Westerheim on 4/22/20 10:13 AM

Work from Home - Ergonomics - EkaruWith the current pandemic, so many workplaces have been disrupted.  For those of us fortunate enough to have jobs that we can work from home, the hasty move to a home office has typically resulted in a less than ideal work environment.  For a week or two, we can all manage with working from the kitchen counter, but with longer shutdowns, it's time to pay more attention to a proper work set up.   

Over time, an improper work environment can result in:

  • back pain
  • neck pain
  • shoulder pain
  • eye strain
  • wrist pain - carpal tunnel syndrome can be caused by repetitive motions like typing, and can become severe enough to require surgery.  
How you sit matters!

If you've ever worked at a large corporation, you've probably gone through some ergonomics training.  At a small business, you probably didn't get formal training. 

Workplace ergonomics aims to reduce risk factors that lead to musculoskeletal injuries and allow for improved human performance and productivity.

Things to think about:

  • Your monitor should be at eye level directly in front of you.  
  • Arrange your lighting to limit glare.
  • Your chair height should be adjusted so that your knees bend at about a 90 degree angle and your feet can rest of the floor or a foot stand.
  • Your keyboard height should be adjusted so that your lower arms are approximately parallel to the floor when typing.   Your shoulders should be relaxed.

Some of the other things we recommend:

  • Set up a second monitor if you can.  Staring at a 14 inch laptop all day is not ideal for your eyes, and two monitors will greatly enhance your productivity.
  • Attach a real keyboard to your laptop.  It will be a lot easier to type all day.
  • Get up and walk around every 25 minutes, and do some stretches. Your body needs movement.
  • Consider a table top converter from VariDesk to create a stand-up work environment.  This will enable you to raise and lower your desk throughout the day.  I've been doing this for years, and I've noticed improved back health.  

Looks like work from home will be the new normal for a while.  Take some time to pay attention to your work environment to stay as productive and healthy as possible.

For more work from home tips including security and technology recommendations, visit www.ekaru.com.  

Tags: small business technology, remote work, work from home

Subscribe by Email

    Most Popular Posts

    Browse by Tag

    See all tags...

    Connect With Us

    Older Blog Posts

    For older Ekaru blog posts, go to ekaru.blogspot.com.