Are Passwords Passé? Not Quite Yet.

We've been seeing significant changes in the way we are all working with passwords. Some say passwords will be a thing of the past in a few years. A number of Computing Center clients as well as ourselves are using multi-factor authentications and biometrics to access our most important information. 

Is my password still enough, or do I need more?

Without question, security is critical these days. Whether it’s device, online, or mobile security, the need for protection is obvious, and the risk can’t be ignored. For years, that protection has centered on a login…and a password. But has that changed?

Oh, that password. We’ve been reminded us for years not to write it down. Not to keep it anywhere that someone could find it. Which has made more than a few people prone to forgetting it. Show of hands, anyone?


Secure Remote Access to Your Network

Remote access to your network and your data. Everyone wants it and we install a lot of it. Access is one thing, securing that access is something else. This is a good article that describes in general terms the security requirements of remote access. We can talk about the specific products and services to get the job done.

Ask a business person where their office is located and the likely answer is “everywhere.” They’re working from home, staying in the loop while traveling, and catching up on email between sales calls. For productivity’s sake, many companies give their employees – and perhaps clients or service providers – remote access to their networks. Are you taking steps to ensure those outside entryways into your systems are sensibly defended?

If your business wants to start with security, it’s important to secure remote access to your network. Here are some examples based on FTC investigations, law enforcement actions, and questions that businesses have asked us.


Fraud Alert, Freeze, or Lock after Equifax

The Equifax data breach was made public in September 2017. Unlike other breaches, this one is major and still in the news. We made some recommendations back then. Here are some more from the FTC.

After the Equifax breach, your customers, clients, and employees may be coming to you with questions. Some people are considering placing a fraud alert on their credit file. Others are thinking about freezing or locking their credit files to help prevent identity thieves from opening new accounts in their name. Here are some FAQs to help you help them think through their options.

Fraud Alert

  • What is it? A fraud alert requires companies to verify your identity before extending new credit. Usually that means calling you to check if you’re really trying to open a new account.
  • How does it work? The process is easy – you contact any one of the three nationwide credit reporting agencies (Equifax, Experian, TransUnion) and that one must notify the other two.
  • How long does it last? An initial fraud alerts last 90 days. After 90 days, you can renew your alert for an additional 90 days, as many times as you want. Military who deploy can get an active duty alert that lasts one year, renewable for the period of deployment. Identity theft victims (whose information has been misused, not just exposed in a breach) are entitled to an extended fraud alert, which lasts seven years.
  • How much does it cost? Fraud alerts are free.
  • Is this for me? With a fraud alert, you keep access to your credit and federal law protects you. But an initial fraud alert lasts only 90 days and then you’ll need to remind yourself to renew it every 90 days.


Oh "!*&^" Our Website Just Got Hacked!

About once a month, we get the call - "Something or someone has hacked our website, email, desktop, or server."  The calls rarely come from regular Computing Center clients but it does happen. We are there to help and have a lot of experience in recovering and restoring and getting systems going again. This article from HP descrbes the major steps that are taken to deal with hacks. You can do-it-yourself, but as we tell our clients - we do this work all the time and isn't your time better spend doing what you do?

What do you need to do to get your site back online? Three steps to recovery.

After the initial panic subsides, your mind starts racing and you find yourself asking the question, “What do I (or my IT folks), need to do to get our site back online?” Read on for more...

What are the first few things you do when the alarm goes off on Monday morning? If you're anything like me, your morning ritual includes a bold coffee blend and a quick perusal of social media before settling down at your desk for the day.


Researchers Discover a bug in WiFi Encryption

Nearly everyone with a laptop, "pad" or smartphone regularly uses public and private Wi-Fi access points. Many have what's called WPA2 Security on them. We all dutifully setup a relatively complex password to get on these WiFi systems. Once done, our machines automatically connect to these networks when we're in range.  Perfect, easy, and secure - well not quite.

Several months ago, a vulnerability in WPA2 was discovered. Most of the big guys (Microsoft, Apple, etc.) quicly patched their operating systems, some even before the WiFi access point manufacturers. If your systems were automatically updated, you were likely fine. The non-technical press recently caught on to what's been going on and the articles started flowing and so did the phone calls and emails to us about the condition of clients WiFi systems. 

This article from the FTC does a good job of reviewing the issue in a non-technical fashion. Be cautious as always about how you access WiFi networks, particularly public ones.

You’ve read recent news stories about a vulnerability discovered in the WPA2 encryption standard. (Some reports refer to it as KRACK – Key Reinstallation Attack.) Should this be of concern to your business? Yes. Does it warrant further action at your company? Absolutely.

If you or anyone at your business uses a smartphone, laptop, or IoT device connected to a Wi-Fi network, the information sent over that network could be at risk. Researchers have found a bug that lets attackers “break” WPA2 – the encryption that protects most wireless networks – leaving data you send exposed.

The bad news is that this isn’t just a problem with a specific device or manufacturer. It’s a problem with the encryption standard nearly all Wi-Fi devices on the market use to scramble communications, prevent eavesdropping, and deter tampering. The upshot is that if anyone at your business uses a device to connect to a wireless network at work, at home, or on the road, this bug means they can’t rely on that connection being secure.


More Entries