How Long Would It Really Take To Crack Your “Strong” Password?

How Long Would It Really Take To Crack Your “Strong” Password?

How many @’s, %’s and other crazy symbols are in your password right now? Are they really all that necessary? According to a recent Carnegie Mellon study, the answer is no. The only thing that really influences your password strength is its length! Not whether it has X minimum characters or Y maximum characters. And not whether it has a kazillion combinations of numbers, letters and other doodads that are bound to confuse most of your employees.

Regular Password Changes Decrease Security

In the recent past, regularly scheduled password changes were a common friend of network security. However, with most computer users now requiring upwards of 20-30 passwords between work and home, this whole password security game has gotten a bit out of control. When pressed to change their password regularly, your poor employees start to use “sucky” passwords pretty quickly because they need something that is easy to remember. Or just as bad, they create a good password and then write it on a sticky note to put on their computer monitor so they don’t forget!

How To Choose A Strong Password

You want to choose a password that is hard for anyone to guess. Ideally you would want to use a lengthy string of letters, numbers and odd characters AND still be able to remember it easily. One way to do this is by creating a random phrase and using the first letter of every word, substituting +’s or &’s for the word “and” or numbers like 4 for the word “for” (or any similar tricks that are easy for you to remember). As an example, the phrase “I love my computer guys and they are the best company for me!” would translate to a password of “ilmcg+trtbc4m.” That’s easy to remember and almost impossible to crack. In fact, you can test out your password at http://passfault.appspot.com/password_strength.html to see just how strong it really is. The password we created above would take 1,306,628,104 centuries to crack…. Now that’s a strong password!

Using A Password Management Solution

Even if you have a strong password, you should never use the same password on different websites. Your online banking password should be different than Facebook, which should be different than Gmail, which should be different than your network password at work. A quick and easy way to remember all of these unique strong passwords is to use a “Password Management Solution.” A few of the most popular tools you can test out are KeePass, RoboForm and AnyPassword. These tools allow you to securely keep track of all of your passwords while remembering only one.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

5 Tips for Keeping Your Inbox Empty

5 Tips for Keeping Your Inbox Empty

Does your Inbox always seem to be overflowing with messages? Here are 5 tips for managing your Inbox to keep it empty.

1. DELETE any message after scanning the from and subject line that is not needed or obvious SPAM.

2. DELEGATE any message or task that requires delegation by forwarding the message to the appropriate person.

3. DEFER messages that are not immediately actionable.

4. RESPOND to all messages that will take less than 2 minutes of your time.

5. DO all messages that are left in your Inbox. After you DELETE, DELEGATE, DEFER and RESPOND the only messages left in your Inbox are items that you will work on today.

These tips will help you maintain an empty Inbox. There are applications that can be added to help with the delegating and deferring steps. SaneBox and Getting Things Done are some examples of these types of applications.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

5 Smart Tips For Mobile Devices

5 Smart Tips For Mobile Devices

If you’re planning on heading out of town – or simply to the coffee shop to work – here are a few tips to keep in mind.

1. Protect your devices from thieves. All mobile devices should be passcode-protected and loaded with apps that will help you track and find them in case they get lost or stolen. For iPads and iPhones, there’s the free Find My iPhone. Android users can try Lookout Mobile Security. These apps allow you to remotely wipe the device in case they fall into the wrong hands; you definitely don’t want to expose yourself to identity theft or allow someone access to your company’s network and client data. Also, never leave your device anywhere you wouldn’t leave your wallet.

2. Backup. Mobile devices get lost and destroyed more often than desktop computers because you’re dragging them around from place to place and exposing them to non-gadget friendly environments; therefore, make sure you are backing up all the data to the cloud. All it takes is a spilled cup of coffee to erase those precious family photos and videos; and most people don’t think about backing up their phone.

3. Take caution when connecting to free public Wi-Fi. Hackers with routers and readily available software set up rogue hot spots for spying and serving you fake websites. They often name these hot spots something generic such as “Coffee Shop” or “Linksys” to fool you into thinking they are safe. You think you’re connecting to the coffee shop’s Wi-Fi, but you’re actually accessing the web through their portal. If you are going to use public Wi-Fi, simply use it for general web surfing, not shopping, banking or accessing critical data.

4. Turn off sharing. If you use a laptop, you might have it set to share files and folders with other computers at work or home. However, you don’t want those setting “on” when connecting to a public network. When connecting to a public hotspot for the first time, Windows will ask you for a location type; choose “public” and it will automatically reset your settings to turn off sharing.

5. Carry your own connection. If you’re going to access your bank account, go shopping online or need to access critical data when traveling, invest in your own personal Mi-Fi connection. If you don’t have one and you need to make an emergency balance transfer or an immediate purchase to save a significant amount of money, it’s safer to use your cell phone. When banking, use your bank’s official app and sign up for any extra security they offer. For example, Bank of America’s SafePass program sends a text message with a 6-digit code to authorize a transaction. The code expires as soon as you use it.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

5 Steps To Moving From Your iPhone To An Android Phone

5 Steps To Moving From Your iPhone To An Android Phone

Android phones have come a long way in the last few years, and the Apple iPhone may have lost a bit of the pizazz that it had just a few years back as the new phone on the block.

If you’re thinking of making the jump from iPhone to Android, here are 5 critical areas of your phone you need to consider before you move:

1. E-mail, Contacts and Calendars. If you’re using Microsoft Exchange for e-mail, then this step should be a breeze. All of your e-mail, calendars and contacts should be housed on your Exchange server and will populate automatically once you set up your account. If you’re using Google Apps for these services, it will be even more seamless!

2. Apps. Your iOS apps are going to be stuck on your iPhone and not transferable. You’ll certainly find the Android version of these same apps on the other side, but be sure to check this out ahead of time so that you’re not stuck searching for a workaround for a critical work function upon arrival.

3. Music. The easiest way to move your music from iTunes onto your Android phone is by creating a Google Music account on the same computer where iTunes is installed. You can then use Music Manager’s iTunes option during setup. You can even continue to use iTunes and sync any new purchases with your Google Music account automatically.

4. Photos and Videos. Your best option to move photos and videos is to simply download them from your iPhone to your computer and then re-upload whatever you want/need to your new phone. Another option is to use a cloud sharing service such as Dropbox to move these files wirelessly across devices.

5. Text Messages. If you must move text messages, use the free iSMS2droid app. Or use the Samsung Kies software to restore an iPhone backup (if you have a Samsung Android phone).

Finally, if you’re really thinking about moving from your old iPhone to an Android phone, make sure to pick a higher-end Android phone, such as the Samsung Galaxy. To be happy with your decision, you’re going to need to feel like you’ve actually upgraded.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Would You Rather Text Than Talk?

Would You Rather Text Than Talk?
Essential Tips For Business Texting

You use your iPhone or Android for everything else. Your spouse even texts you to grab some milk at the store or to tell you they’ll be gone when you get home. It’s quick, easy and gets the job done. Why not in business too?

If you’re going to text for business purposes, follow these 7 texting tips to keep it professional:

1. Consider if your message is urgent. Your text may interrupt your recipient…be sure there’s a good reason for that interruption.

2. Is e-mail better? Most people prefer business communications via e-mail as it better respects their time and ability to respond appropriately. Text messages are also easily lost if sent at a bad time.

3. Do they only e-mail you? If yes, respond to them in the same way. If they e-mail, send an e-mail. If they call, call them back.

4. DON’T TYPE IN ALL CAPS. DON’T YOU FEEL LIKE SOMEONE IS YELLING AT YOU WHEN THEY TYPE IN ALL CAPS? DON’T SEND E-MAILS OR TEXTS IN ALL CAPS.

5. Proofread your message. Ever hear of “Auto-Correct” in text messages? Some can be downright embarrassing. If you’re taking the time to write the message, take the extra seconds to proofread.

6. No abbreviations! Your recipient shouldn’t have to decipher your text message with a decoder ring. Be as clear as you can with proper grammar and pronunciation. No sense in risking losing a customer who gets fed up with your messages.

7. Include your name in the message. Not everyone knows who you are simply by your cellphone number. Assume that the person doesn’t know who the message is coming from.

If you do text in a business environment, especially with a customer or prospect, follow these 7 tips to ensure that you are perceived as the true business professional that you are!

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

What You Need To Know About The New Security Breach Notification Laws

What You Need To Know About The New Security Breach Notification Laws

It’s Monday morning and one of your employees notifies you that they lost their laptop at a Starbucks over the weekend, apologizing profusely. Aside from the cost and inconvenience of buying a new laptop, could you be on the hook for bigger costs, and should you notify all your clients? Maybe, depending on where you live and what type of data you had stored on that laptop.

An Emerging Trend In Business Law

Since companies are storing more and more data on their employees and clients, most states are starting to aggressively enforce data breach and security laws that set out the responsibilities for businesses capturing and storing personal data. What do most states consider confidential or sensitive data? Definitely medical and financial records such as credit card numbers, credit scores and bank account numbers, but also addresses and phone numbers, social security numbers, birthdays and in some cases purchase history—information that almost every single company normally keeps on their clients.

“We Did Our Best” Is No Longer An Acceptable Answer

With millions of cyber criminals working daily to hack systems, and with employees accessing more and more confidential client data, there is no known way to absolutely, positively guarantee you won’t have a data breach. However, your efforts to put in place good, solid best practices in security will go a long way to help you avoid hefty fines. Here are some basic things to look at to avoid being labeled irresponsible:

-Managing access. Who can access the confidential information you store in your business? Is this information easily accessible by everyone in your company? What is your policy about taking data out of the office on mobile devices?

-IT security and passwords. The more sensitive the data, the higher the level of security you need to keep on it. Are your passwords easy to crack? Is the data encrypted? Secured behind a strong firewall? If not, why?

-Training. One of the biggest causes for data breaches is the human element: employees who accidentally download viruses and malware that allow hackers easy access. Do you have a data security policy? A password policy? Do you have training to help employees understand how to use e-mail and the Internet responsibly?

-Physical security. It’s becoming more common for thieves to break into offices and steal servers, laptops and other digital devices. Additionally, paper contracts and other physical documents containing sensitive information should be locked up or scanned and encrypted.

The bottom line is this: Data security is something that EVERY business is now responsible for, and not addressing this important issue has consequences that go beyond the legal aspect; it can seriously harm your reputation with clients. So be smart about this. Talk to your attorney about your legal responsibility.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

Top 4 Threats Attacking Your Network And What To Do About Them

Top 4 Threats Attacking Your Network
And What To Do About Them

#1 Overconfidence

User overconfidence in security products is the top threat to your network. Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords. Surveys promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!

#2 Social Networking Sites

Social networking sites like Facebook are exploding in popularity. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable. Defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies. We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.

#3 Attacks On Mobile Devices

Everyone is going mobile these days not just the “road warriors.” Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

#4 Cloud Computing

“The Cloud,” in its most simple form, involves using the Internet to access and store your data. When you access email using a web browser, you are working in “the cloud.” Using the cloud for automated off site backup is rapidly gaining popularity and is just the beginning. Companies like Microsoft, IBM and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet. You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , , , , | Leave a comment

5 Steps to Protect Your Business from Cyber Crime

5 Steps to Protect Your Business from Cyber Crime

A Seattle company was recently broken into and a stash of old laptops was stolen. Just a typical everyday crime by typical everyday thieves. These laptops weren’t even being used by anyone in the company. The crime turned out to be anything but ordinary when those same thieves (cyber-criminals) used data from the laptops to obtain information and siphon money out of the company via fraudulent payroll transactions. On top of stealing money, they also managed to steal employee identities.

Another small company was hacked by another “company” that shared the same high-rise office building with them. Management only became aware of the theft once they started seeing unusual financial transactions in their bank accounts. Even then, they didn’t know if there was internal embezzlement or external cybertheft. It turned out to be cybertheft. The thief in this case drove a Mercedes and wore a Rolex watch…and looked like anyone else walking in and out of their building. Welcome to the age of cybercrime.

You Are Their Favorite Target

One of the biggest issues facing small businesses in the fight against cybercrime is the lack of a cyber-security plan. While 83% lack a formal plan, over 69% lack even an informal one. Half of small business owners believe that cybercrime will never affect them. In fact, small businesses are a cybercriminal’s favorite target! Why? Small businesses are not prepared and they make it easier on criminals.

The result? Cyber-attacks cost SMBs an average of $188,242 each incident and nearly two-thirds of the businesses affected are out of business within 6 months (2011 Symantec/NCSA Study). A separate study by Verizon showed that over 80% of small business cybercrime victims were due to insufficient network security (wireless and password issues ranked highest). With insecure networks and no formal plan to combat them, we make it easy on the criminals.

How They Attack

The #1 money-generating technique these “bad guys” use is to infect your systems with malware so that whenever you (or your employees) visit a website and enter a password (Facebook, bank, payroll, etc.), the malware programs harvest that data and send it off to the bad guys to do their evil stuff.
They can get to you through physical office break-ins, “wardriving” (compromising defenseless wireless networks) or e-mail phishing scams and harmful web sites. Cyber-criminals are relentless in their efforts, and no one is immune to their tricks.

5 Steps to Protect Your Business

-Get Educated. Find out the risks and educate your staff.

-Do a Threat Assessment. Examine your firewall, anti-virus protection and anything connected to your network. What data is sensitive or subject to data-breach laws?

-Create a Cyber-Security Action Plan. Your plan should include both education and a “fire drill.”

-Monitor Consistently. Security is never a one-time activity. Monitoring 24/7 is critical.

-Re-Assess Regularly. New threats emerge all the time and are always changing. You can only win by staying ahead!

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

Apple Picking?

Apple Picking?

Apples are picked on crowded subways, in quiet parks, on busy street corners, in loud bars. Apples are picked while people are talking on the phone, the picker dashing past and doing the deed in midstride.

I’m not talking about Red Delicious apples. I’m referring to the Apple iPhone. Many major cities have seen an increase in the crime rate because of the Apple iPhone. In New York City alone in 2012 there were 16,000 Apple “pickings”, or 14% of all crimes.

Here are 5 simple things you can do to take the “drama” out of your life and maybe avoid having your phone stolen.

Be Aware – When texting or listening to music you may “zone” out of your recent reality. You become unaware of your surroundings. That makes you a perfect target.

Get Insurance – If you live in an urban area or travel a lot, consider getting “specialized device insurance.” You may also be able to add it through your renters or homeowners for a small yearly cost.

Install Device Recovery Applications – There are several available for Android phones and Apple’s “Find My iPhone” app is pre-installed. You can track it, and as a last resort “wipe” all of your personal data, but cannot render the phone unusable.

Back Up Your Device – While the phone may have monetary value, it also contains much personal information such as your contacts, and photos. So back it up.

Don’t Argue, Give The Thief The Phone! – You can buy a new phone. You, on the other hand, are irreplaceable.

Posted in Uncategorized | Tagged , , , , , , , , , , , | Leave a comment

Tips For Handling, Storing, and Disposing Of Confidential Documents

Tips For Handling, Storing, and Disposing Of Confidential Documents

In the past 10 years, over 10,000 new regulations have been placed on the books by local, state and federal agencies pertaining to the handling, storage, and disposal of confidential client, patient, and employee documents.
A few examples are:

• SEC Rule 17a-4 Electronic Storage of Broker Dealer Records Graham-Leach-Bliley Act
• Financial Services Modernization Act
• Sarbanes-Oxley Act
• DOD 5015.2 Department of Defense
• Health Insurance Portability and Accountability Act (HIPAA)
• Fair Labor Standards Act
• Occupational Safety and Health Administration (OSHA) Act
• Payment Card Industry Data Security (PCI DSS)

No matter how small your business is, you are surely going to be affected by one or more of these new government regulations. Naturally some industries are more regulated, such as financial or medical, but all companies that hold information such as employee social security numbers, credit cards, financial statements (credit applications, bank statements, order forms) fall under these new regulations.
While we cannot cover every single aspect of protecting your company, here are a few tips that will go a long way in making sure you don’t end up fined, sued, or with a bad reputation for not securing your clients information:

• Seek professional help. If you think you are holding confidential information that should be secured, ask a qualified attorney who specializes in data confidentiality in your industry about what you must do to meet new government regulations.
• Shred all documents that contain confidential information. A good shredder should do a cross cut or diamond cut versus a simple strip shredder to make it more difficult for someone to piece together a shredded document.
• If you have to keep a copy of contracts or other documents that contain confidential information, contact a high-security document storage facility and they will store your documents in a high-security location.
• Keep a fire-proof safe with a lock and key for employee documents you need to keep onsite.
• Make sure your offsite backups have 32-bit encryption (ask your provider). Also make sure the facility where the information is stored is under lock and key with security camera and access-controlled security.

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment