Posts Tagged ‘it services’

Multi-factor Authentication Critical to Protecting Your Information

Chris EdwardsBy Chris Edwards
Manager, IT Services

Today’s digital world can often feel very alarming and insecure. Stories abound of identity theft, hackers stealing information from hundreds or thousands of victims, and email scams to swipe your account passwords.

How can you protect yourself and your organization?

Identity theft and hacked information often stem from circumstances outside your control, but losing your accounts and other access points is something you can protect yourself from with plenty of diligence and a touch of skepticism.

One powerful tool in guarding against hacking is the use of multi-factor authentication (MFA). Simply put, this means requiring more than one step or piece of information to access an account. More and more services and websites are offering this as an option, and it’s something you should definitely take advantage of.

You likely already use MFA in your regular personal banking. If you’ve ever used an ATM, you’ve used multi-factor authentication. Possession of the card and knowledge of your PIN act as two separate ways of verifying your identity to access your accounts. If a thief has your PIN but not your card, or vice-versa, they can’t get into your bank account.

Online banking has long been at the forefront of this, from asking for multiple pieces of information to separate physical tokens like bank cards or even devices which generate a second password.

But now, as our online and social media accounts become more valuable and thus more likely to be attacked, more and more providers are offering similar services to help protect your account. Facebook and Twitter both offer MFA options to help protect your account. Chances are your email provider does as well.

Using these methods to increase the security of your accounts does make them slightly more ponderous to access. It often involves having a temporary access key sent to you via text message in addition to your regular login information. If your bank requires an application on your smartphone to access your online account, you must have a smartphone, and you must have it with you in order to do online banking.

But having a vastly improved layer of security can be well worth the price of adding a few seconds every time you access critical accounts.

There are also quite a few services you can utilize to provide two-factor authentication to your staff and even to your customers, depending on your needs. Some of this would require a dedicated professional to implement, but the additional protection provided by ensuring that it takes more than a username and password to breach your security is worth that expense.

A hacker can potentially obtain an accounts password, but how would they also obtain that user’s cellphone?

When a service provider offers this additional layer of security, you should take advantage of their offer. If you provide online services, either to staff or to clients, it is well worth your time to provide the same offered security to them.

While multi-factor authentication cannot solve all of your digital security issues, it provides an easy-to-use method of determining that a person is who they say they are when they try to access an account online, and blocking nefarious people looking to do you or your organization harm.

If you need to consult with an expert about protecting your company’s information systems, please call Chris Edwards at (317) 613-7855 or email CEdwards@sponselcpagroup.com.

Cybersecurity: Beware of Sophisticated Phishing Attacks

Chris EdwardsBy Chris Edwards
Manager, IT Services

Phishing attacks are nothing new, but lately they’ve reached such a level of sophistication that they have even fooled information technology experts.

Phishing, which is mostly encountered via email, tricks people into clicking on a link that appears legitimate in order to steal confidential data – or even your identity.

How bad is the problem? As many as 100,000 new phishing attacks are reported every month, according to the Anti-Phishing Working Group. The FBI even believes a phishing email is how Russian hackers infiltrated the Democratic National Committee servers, according to Wired.

The most common form of phishing involves convincing you to login to an existing account you already have, such as your bank or email. It might say something like, “You need to update your account” or “Log in to see your benefits.” This is known as the “worm,” i.e. the bait that catches your eye and gets you to strike.

(In phishing, you are the fish!)

Clicking on their link takes you not to the actual website, but a dummy site the phishers have set up to mimic the real one. It can even have the same design and logos of the one you’re used to. Once you put in your username and password, they’ve caught you.

Lately phishing scams have been coming through Dropbox or other popular file-sharing services. We’ve even encountered them on lesser-known paid services like Sharefile.

Earlier in May, there were widespread media reports of a phishing scam that prompted receivers to open a Google Docs file. Since this is such a commonplace activity, many people clicked on the blue “Open in Docs” button without thinking. It would then take them to a site where they were asked to login to their Google account.

Unfortunately, there really isn’t a strong defense against phishing other than warning your team to be vigilant. Spam filters will catch some of them, but since phishers change email addresses so often, many will get through to your inbox.

The simplest defense is to be wary. If something seems wrong about a message, it probably is counterfeit. You may receive an email from someone you know, asking you to open document. But if you weren’t expecting a file from them, be cautious.

This is a good example of using existing technology to bolster another one. If you receive an email from a colleague you suspect is bogus, pick up the phone and ask them if they sent it.

Another option is to use a two-factor authentication when logging into a secure site. This can be an automated phone call or text message to your phone in addition to the login you use on your computer. It’s much more difficult from phishers to infiltrate your identity this way.

Also, be suspicious if a website asks you to login to an account that you’re already automatically logged into when your computer boots up, such as the Google account you may use for Gmail. Take a look at the URL web address at the top of your browser. Or, you can mouse over a web link without clinking on it to obtain a preview of where it will take you.

If the web URL looks strange or doesn’t conform to the normal address you’re used to, that’s a big red flag. Talk to your company’s in-house IT professionals, or whoever your vendor is, if you’re unsure.

They key is not to clink blindly on every web link that shows up in your email inbox or on websites to which you’re directed. The best way to avoid getting phished is to not take the bait.

If you need to consult with an expert about protecting your company’s information systems, please call Chris Edwards at (317) 613-7855 or email CEdwards@sponselcpagroup.com.

Microsoft Ending Support for Windows XP

Chris EdwardsRecently the Indiana CPA Society (INCPAS) sent out an important notice reminding everyone that Microsoft will soon end support services for older operating systems and software. Specifically, on Tuesday, April 8 the software giant will no longer support Windows XP and Office 2003, including technical assistance and automatic updates that help keep your PC protected.

It is estimated that 20 percent of businesses are still using XP, first introduced in 2001. Not surprisingly, Microsoft is urging customers relying on older software to upgrade to Windows 8, the latest operating system (OS).

Without critical updates, a computer running Windows XP could become vulnerable to harmful viruses, spyware and other malicious software that can steal or damage business data and information. Anti-virus software can no longer fully protect computers running XP, and businesses still using it may be exposed to security threats — or even risk breaching compliance standards, depending on their industry.

You essentially have two options: upgrade your old PC to Windows 8.1 (the newest OS version), or buy a new computer already equipped with it. Click here for a tutorial on upgrading. If you don’t know which version of Windows you’re running, follow this link for help.

In addition to the valuable information from INCPAS, Sponsel CPA Group would add the following advice:

  • The cost to pay a professional to upgrade an old computer to Windows 8.1 would likely be the same as buying a new desktop PC.
  • If your computer is more than a few years old, buying a new PC may be a better option since few older computers can run Windows 8 or 8.1.
  • Dell and Hewlett Packard still sell PCs with Windows 7, but it is better to buy a Windows 8.1 PC downgraded to Windows 7, so you can upgrade again later.
  • If you are using software that doesn’t run in Windows 8 or 8.1, you have the legal right to downgrade to Windows 7 if you bought a PC running Windows 8 or 8.1.
  • Once Microsoft support for XP ends, expect an onslaught of attacks from hackers looking to exploit weaknesses.

If you need any guidance about making sure your computer systems are up to date and protected or choosing a new PC, please contact Chris Edwards at (317) 613-7855 or email cedwards@sponselcpagroup.com.

Data Security: What You Need to Know

Chris EdwardsBy Chris Edwards
Manager, IT Services

Lately it seems like every time we look at the news we hear about another major case of data security breach. Just last month we learned that 100 million Target customers may have had their personal information hacked, including credit and debit card records.

If you run a business, especially one that deals with customer’s financial information, data security is a vital concern – both in terms of protecting your own data as well as that of your customers. Here is a brief rundown of things you need to know about whether your data is really secure.

Infiltrators from all across the globe are constantly at work to break into private computer networks to access financial data, both individual hackers and automated programs. They only need to succeed in a tiny fraction of their attempts to reap substantial fraudulent gains.

Companies that process credit/debit card payments should already be familiar with PCI Data Security Standards (PCI DSS). This provides “an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents,” according to the PCI Security Standards Council.

If you’re not already using PCI DSS, head to the council’s website, which includes a self-assessment questionnaire, a list of tools to become PCI DSS-compliant and security requirements for all personal identification number (PIN) terminals.

Encryption of mobile devices that include important data, such as laptop computers, is one of the most significant ways to guard against a security breach. Historically, this has been one of the most common ways for financial data to become exposed.

In addition to encrypting the device against unauthorized login, another option is to not store the data on mobile platforms at all, but have those employees who need to access a central database remotely – again, with standard encryption and password protocols in place.

If your system stores customers’ data, you should limit the number of employees who have access to only those who need it as part of their essential job functions. This is known as application security, and is vital to making sure critical information is only available to those who truly need it – whether it’s client order information or a list of employees’ salaries.

The thing to keep in mind is that data security isn’t something that just happens after you install a firewall and anti-virus software as part of your computer system. It requires time and thought to erect and maintain systems and procedures that make it very hard for thieves to penetrate your defenses.

If you need to consult with an expert about how to protect your company’s data, please call Chris Edwards at (317) 613-7855 or email CEdwards@sponselcpagroup.com.

Popular Tags