Multi-factor Authentication: What is it and why should I use it?

Multi-factor authentication (MFA) (which includes two-factor authentication (2FA)), according to Wikipedia, is a login method requiring two or more pieces of the following: knowledge (something only the user knows, like a username/password combination), possession (something only the user has, such as an app on their cell phone or a security token), inherence (something the user is, such as biometric identifiers), and geographics (somewhere the user is, such as only allowing the user to log in while located in the US). Typical scenarios would be logging in to a bank’s website where you enter your username and password, and they text you a code you need to input before allowing you access to your account; or going to the ATM and putting your bank card in the machine along with your PIN number.

So now that you know what MFA is, why would you want to use it? The simple answer is that a password is no longer enough to keep your accounts secure. There are so many different accounts that we all have, coupled with the severity and frequency of data breaches that gather usernames and passwords from all those accounts and put them out in the open for anyone to grab, that it doesn’t take much effort to break into an account. This is where MFA comes in. Let’s say that a malicious actor has your username and password for your bank’s website: without MFA in place, they can log in and have full access to your account; however, if MFA is turned on and set up they wouldn’t be able to log in without also having access to your cell phone to receive the text message code. Another example would be someone stealing your wallet with your bank card: they can go to the ATM and use your card, but without your PIN number they can’t access your account.

You can get really complex with the requirements too. For example, we can lock down a system so that you need to enter your username and password, along with allowing the login attempt through the mobile app on your phone, and then only allow the login attempt to be successful if you’re located in New Jersey. That may seem like overkill but may not be for a system that has extremely sensitive data.

The bottom line is this: if MFA is available, you should use it.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

April Fool’s Phishing: the joke’s not on you

With April Fool’s fast approaching, it seems like a good time to review some phishing email tips so the joke isn’t on you.

Email is still the number one communication method, which makes it the perfect avenue for scammers and other malicious actors looking to get the highest return on their activities. One of the simplest methods for checking an email is called “SLAM”:

  • Sender – look at the sender of the email address by hovering over the From: name. If the email address does not match the name, that is a red flag; also, are you expecting an email from this sender?
  • Links – look at any links in the email by hovering over them. Are they pointing to something different than what the text in the email says? That is another red flag.
  • Attachments – Are there any attachments, and if so, are you expecting this sender to send you a document or file?
  • Message – look at the wording of the message in the email. Does the wording make it seem like a consequence is imminent if you do not act? Is it asking you to do something and not tell anyone else? These are both red flags.

Keep in mind that world events and holidays are often good disguises for malicious actors to send out emails. That link to a funny April Fool’s prank may not be from your friend or coworker and the joke might be on you, so keep an eye out!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Avoiding Tax Time Scams

The IRS started accepting tax filings on February 12, marking the beginning of another tax season (though accountants might argue it never really ends). This is normally a time for an influx of tax-related scams, but with the pandemic still in play it might be worse. Here is some information on what to keep an eye out for, as well as some resources from the IRS regarding tax-related scams.

Phishing email is still the biggest attack avenue, as it is cheap and easy. The usual rules of thumb apply to emails:

  1. Check the sender address
  2. Hover over any links to see if they match the text
  3. Be wary of attachments
  4. Check the body of the message. Red flags are: a sense of urgency, consequences if something isn’t immediately done, or requests for payment in odd forms

The IRS has a webpage dedicated to tax scams and consumer alerts: https://www.irs.gov/newsroom/tax-scams-consumer-alerts. It is a good place to look at about common scams and how to identify them. There is also a page dedicated to helping you determine if the IRS is really on the phone or at your door: https://www.irs.gov/newsroom/how-to-know-its-really-the-irs-calling-or-knocking-on-your-door.

And remember, the IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Ask for credit or debit card numbers over the phone.
  • Call you about an unexpected refund.

(taken from their website: http://bit.ly/2AQf8cF)

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Why Should We Implement Security Awareness Training?

First, what is security awareness training? This is training, usually done on a recurring basis, that helps users understand different threats they might be exposed to during their personal and work lives, typically focusing on the digital realm. The goal of the training is to elevate users’ awareness of these threats so they can recognize them before falling victim to them.

So why should your company implement this training? In short, human nature. Without delving in to the psychological, I’ll highlight a few key points:

  1. humans are creatures of habit
  2. humans have a natural tendency to want to help
  3. humans have a natural fear of the unknown or unexpected

A quick example of each:

  1. reusing passwords across multiple sites/services
  2. a popular voice phishing (vishing) scam is for a malicious actor to call up a grandparent claiming to be a grandchild who desperately needs a bit of cash to get out of a jam
  3. popular phishing scams purporting to be the IRS or the FBI threatening legal action if money is not paid immediately

Implementing a training program that regularly teaches users about threats, tests their knowledge and offers additional training when necessary, and is concise will help your company avoid many common threats that technology alone cannot mitigate while not impacting users’ productivity. This article points out why the “human firewall” is more important than ever now: http://bit.ly/35TQZ4j.

If you have questions about implementing security awareness training in your company, contact us here: https://bit.ly/CBTech-contact

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

An Easy Way to Secure Your Business

Are you drowning in the constant media coverage of data breaches and security incidents? Most of the media news is focused on the breach and how it happened rather than what small businesses can do to protect themselves. Are you looking for some simple steps to take to make your business more secure?

You’re in luck! The Center for Internet Security (CIS) is an organization that has developed guidelines to help businesses be more secure. Their website is https://www.cisecurity.org/. They have many useful resources that can help you with things such as:

  • Setting up and configuring Workstations, Servers, Network devices, etc
  • Applying security settings to those devices
  • Helping with implementation of a better security posture

The CIS Benchmarks are a good place to start. You can download individual Benchmarks for Windows, MAC, and Android. Each Benchmark document contains settings that you can change to make the devices more secure.

There are also other industry organizations that provide similar guidelines, such as the National Institute of Standards and Technology (NIST), SANS Institute, and International Organization for Standardization (ISO). You may need to follow a specific guideline depending on your business/industry, or you may be free to choose one you like.

No matter which guidelines you decide to follow, it is important to regularly check to make sure your device settings are the same today as they were when you first set it up. A good recommendation is to perform these checks each quarter.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Basic Security Tips for Home Computers

Our company focus is on business computers, but we often get asked about home computers. It is just as important to protect your home computers as it is to protect your business computers. In fact, it is almost more important now with all the remote work. Here are a few tips to help secure your home computers.

  • Use a security suite to protect your computer – here is a good comparison of several different products: http://bit.ly/2RZWKbb
  • Do not use the same passwords for multiple websites or logins. This way any password that may get stolen cannot be used to hack other services. It also means changing a stolen password one time at the affected service instead of having to do it for every service.
  • Always install all available Microsoft (or Apple if you have a MAC) updates. This ensures that any known security holes in Windows or OS X are fixed on your computer.
  • Make sure your wireless network is secured with a strong passphrase. Here are some tips for how to setup and manage your wireless router: http://bit.ly/2RwxLwt
  • Check out our tweet from last week for a handy work from home security checklist: https://bit.ly/30VWtsI

Sign up for our monthly Timely Tech Tips: http://bit.ly/CBTech-Tips For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

October is Cybersecurity Month

Next month is Cybersecurity Awareness Month. What is cybersecurity? Google defines cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this”. The technology industry uses it as an umbrella term to cover anything from the anti-virus protection on your home computer to corporate policies that define how to respond to a data breach.

So what can you do? Education is key. The most common way to be affected is through email-based scams called phishing attacks. Here are a few examples of these fake emails: https://bit.ly/2qkHAOU. You can also take advantage of a wealth of information available online such as:

Making sure you are backing up your data, and using multiple layers of security, like firewalls and anti-virus software, are other ways to minimize your risk. You should also make sure all your software is up to date; this includes Microsoft Windows, Microsoft Office, and any Adobe products.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

Help, our summer intern just deleted that really important file!

Dan, our summer intern, just deleted that super important presentation file that he spent a week putting together for our super important salesperson, Marc, for a super important client meeting. What now!?

Backups can help mitigate an issue like this. However, just setting up backups without a plan doesn’t necessarily ensure the files will be there when you need them. You should create a Backup Strategy to ensure you are fully protected. Here are some things to consider when creating your Backup Strategy:

  • Define where critical files are located. Not only on which servers/computers, but also in what drives and folders. And with everyone working remotely, it’s even more critical to determine where that important data is located.
  • Define where you save your backups. A local storage device can increase the speed of backing up and/or restoring data. A cloud location can help in the event the physical location is unavailable.
  • Define how often to run a backup. When determining how often to run backups, you’ll need to consider the performance impact, whether you want to be able to recover a file that was created and deleted during the day, and how much storage is required to save all the backups.

Having a backup strategy in place is only half the battle. Performing periodic test file restores can assure you that the files can be restored when needed. In addition, performing a full system restore, at least annually, can identify the amount of time it will take and the impact to your operation in the event there is a disaster. Evaluating the backup strategy from time to time helps ensure that any new files are included in future backups, and that the strategy meets your current business needs.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

CBTech Tip: buying a computer for school

Can you believe it is almost time for school again?!?! Normally, schools require computers to complete classwork, homework, and research. With everyone attending school remotely to complete this past year, and the uncertainty surrounding in-person classes in the fall, a decent computer is necessary.

When deciding to buy a new computer for school, or for any purpose really, the question you should ask is, what am I going to use it for? Some common answers are:

  1. browsing the internet
  2. email
  3. specific applications
  4. attending class remotely
  5. video conferencing

For 1 and 2, the specifications are not demanding. You can get by with a stock computer from any local computer sales store. However, we would still recommend that the processor be an Intel Core i5 or i7. The RAM (or memory) used for browsing the internet will depend on how many browser tabs or windows you have open at one time. The more tabs or windows you anticipate opening the more RAM you should have in your computer. We would recommend at least 8GB.

A computer used for specific applications will need to meet the requirements of the vendor who made the application. All vendors will list minimum and recommended system requirements. You should review those requirements for each and any application you plan on using before buying the new computer. Just as with browser tabs and windows, the more applications you run at one time the more RAM you should have in the computer.

The last component that should be considered when buying a new computer is the hard drive type and size. You have two choices for type: traditional spinning drives (often referred to as SATA) or Solid State Drives (often referred to as SSD). We almost always recommend SSD drives because the performance is much better versus traditional spinning drives. The size of the hard drive all depends on how much data you plan to save on your computer. If you are using the computer to browse the internet and/or use email, then the size of your hard drive doesn’t need to be large. However, if you are saving images or video (which are the largest file size consumers) then you should get a larger hard drive.

Happy shopping!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n