Core IT’s Blog

Password Hygiene Best Practices

Mind Matrix · May 16, 2023 ·

Password Hygiene Best Practices

According to a report by Verizon, 80% of data breaches are caused by weak or stolen passwords. In addition, the report found that 60% of users reuse the same password across multiple accounts, making it easier for hackers to access multiple accounts with a single stolen password.

Maintaining good password hygiene is essential to protect against these threats and keep your accounts secure.

Weak or compromised passwords can be easily cracked, allowing cybercriminals to gain access to our data and steal our information. Here are a few password hygiene best practices to consider,

Use Strong Passwords

Using strong passwords is one of the most crucial steps in maintaining good password hygiene. A strong password is one that is long and complex, using a combination of letters, numbers, and symbols. Avoid using easily guessable passwords, such as “password” or “123456,” and avoid using personal information, such as birth dates or names.

Update passwords or revoke access when employees leave the organization

Changing passwords regularly is another essential step in maintaining good password hygiene. It is recommended to change passwords every 90 days or sooner, depending on the level of security required. Passwords need to be updated regularly and access to data has to be revoked when employees are no longer authorized to access it. However, this important step is often overlooked. This is especially an issue in SMBs where the staff is pretty busy and turnover is high. They are too busy to remember to change the passwords once a staff member quits, leaving their data vulnerable. So, next time the new intern finishes their stint with you, make sure you change the password and revoke their access.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your accounts. It requires you to provide a second form of identification, such as a code sent to your phone, in addition to your password. Two-factor authentication makes it harder for hackers to gain access to your accounts, even if they have your password.

Don’t Reuse Passwords

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. Using the same password for multiple accounts is a common mistake that can compromise the security of all your accounts. If one account is compromised, all accounts using the same password are also at risk. Using a unique password for each account decreases the amount of damage that can be inflicted in the event that one password is compromised.

Avoid Writing Down Passwords

Writing down passwords is a risky practice. It is easy to misplace or lose the paper where you wrote down your passwords. Avoid writing down passwords, and if you must write them down, keep them in a secure place, such as a locked cabinet. This applies primarily to an office environment, where desks, files and notepads are in open view and available to all.

Don’t share your passwords

Never share your password. If you need to give data access to multiple people, make sure each one of them has their own access credentials. This creates an audit trail and helps trace the data breach back to its origin if it occurs.

Be Wary of Phishing Scams

Phishing scams are a common way for hackers to gain access to passwords. Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine

Password Management Tools: An overview

Mind Matrix · May 9, 2023 ·

Password Management Tools: An overview

Effective password management is an essential aspect of cybersecurity. With the increasing number of online accounts and services, remembering all those passwords can be a daunting task. Password management tools provide an effective solution to this problem. This blog discusses the benefits of using password management tools and some password management best practices to be followed.

Some of the key benefits of deploying password management tools are:

Enhanced Security

The primary benefit of password management tools is enhanced security. Password managers store passwords in an encrypted format, making them less susceptible to hacking and phishing attacks. These tools also allow businesses to generate and store complex passwords for their employees. As a result, businesses can ensure that their employees use strong and unique passwords for every account, reducing the risk of a breach.

Easy Password Access and Management

Password management tools offer an easy way to access and manage passwords. Rather than manually entering passwords every time an employee logs into an account, password managers automatically fill in the necessary information. This feature not only saves time but also eliminates the risk of human error.

However, there are a few things to consider before you invest in a password management tool.

One of the things to consider is a security breach. Password managers are third party platforms. If your password management experiences a security breach, it can put all of the stored passwords at risk. Additionally, if the tool goes down, you may not be able to access your accounts.

Secondly, while password management tools reduce the risk of human error, they are not foolproof. Employees may still make mistakes, such as sharing their passwords or writing them down, which can compromise security. Additionally, if an employee forgets the password to their password manager account, it can cause problems. Hence it is important to ensure that you have good password hygiene in place.

Password hygiene refers to the practice of creating and maintaining strong passwords and protecting them from being compromised. It involves using unique and complex passwords for each account, changing passwords regularly, and storing the passwords securely so it isn’t accessible to unauthorized entities.

Website cloning: Don’t fall for that trap!

Mind Matrix · January 19, 2023 ·

Website cloning: Don’t fall for that trap!

Have you watched one of those horror movies where the something impersonates the protagonist only to wreak havoc later? Well, website cloning does the same thing–to your business–in real life. Website cloning is one of the most popular methods among scammers to fleece you of your money.

As the name suggests, the cybercriminal first creates a ‘clone’ site of the original one. There can be a clone of any website, though retail shopping sites, travel booking sites and banks are the favorites of cybercriminals. The clone site looks exactly like the original one, barring a very miniscule change in the url.

Next, they will create a trap intended to get unsuspecting victims to visit the clone site. This is usually done via links shared through emails, SMS messages or social media posts asking them to click on a link to the clone site. The message urges the recipient to take an action. For example, a message that presents itself as though it is from the IRS, asking the recipient to pay pending taxes by clicking on a specific link to avoid a fine or business shutdown, or an SMS about a time-bound discount on iPads. Sometimes, they go straight for the target and masquerade as a message from your bank asking you to authenticate your credentials by logging into your banking portal–the only glitch, the banking portal will be a clone.

Staying safe

So, how do you identify a clone website and a dubious message?

Does the email sound too good to be true? Well, then it probably is. Nike giving away free shoes? Emirates Airlines giving you free tickets to Europe? Apple iPhone X for just $20? All of these scream SCAM!
Even if the message sounds genuine, such as an email from your bank asking you to authenticate your login credentials, check the email header to see if the sender’s email domain matches your bank’s. For example, if your bank is Bank of America, the sender’s email ID should have that in the domain. Something like customercare@bankofamerica.com could be genuine, whereas, customercare@bankofamerica.net is suspicious.
Check the final URL before you enter any information to make sure it is the actual one. Most shopping/banking websites, where payments are made and other personal details are shared are secure (HTTPS)and will have a lock symbol at the beginning of the URL. Also, check the domain. For example, something like- www.customerauthentication.com/bankofamerica is not

Identifying a cloned website is tricky, but it is not something you can afford to ignore.Giving away your personal and financial information to a fraudster can cause a lot of harm to you and your business.

3 things your Managed Services Provider (MSP) wants you know

Mind Matrix · November 17, 2022 ·

3 things your Managed Services Provider (MSP) wants you know

Are you considering bringing a MSP on board? Or perhaps you already have one. Either way, for you to truly benefit from your relationship with a MSP, you need to build a solid bond with them. As a MSP who has been in this business for long, I can tell you the 3 important steps that will help you get there.

Share, share, share

Your MSP is your IT doctor. Just as you would share everything about your health with your doctor, you need to share everything related to your business that impacts your IT, with your MSP. Give us an overview of your business and answer questions such as

What you do exactly as a business
Who are your key clients
Which industry verticals do you serve
What are your peak and lull seasons, if you have them
What are the core regulatory codes that apply to you based on the industries you work for
What are your business expansion plans for the near future and in the long run

Sometimes clients shy away from discussing all these things because they don’t trust the MSP enough. There is a fear of the MSP sharing business plans and other confidential information with their competitors. As a MSP, I can tell you that we work best with clients who trust us. When you are trusting us with the lifeblood of your business–your IT infrastructure, you should be able to trust us with your plans for your business.

Let’s talk often

While it’s great that you outsource your IT completely to us, it is still important that we meet and talk. Your business needs may change over time and we don’t want to be caught off-guard. We know you are busy, but set some time aside every month or even every quarter to catch up with us and discuss your IT challenges and needs.

Take us seriously

Your IT is our business, and we take our business very seriously. So, when we tell you something, such as–to implement strong password policies, limit data access, upgrade antivirus, etc., please take notice!

Teamwork forms the core of any successful relationship. Same holds true for your relationship with your MSP. Trust us, pay attention to us and hear us out. We’d love that…and we’d love to work with you!

Don’t make these IT mistakes as you grow!

Mind Matrix · November 10, 2022 ·

Don’t make these IT mistakes as you grow!

During the course of IT consultancy, we come across a lot of clients who are not happy with the way their IT shaped up over the years. They feel their IT investments never really yielded the kind of returns they expected and come to us looking to change the trend. When analyzing the reasons for the failure of their IT investment, here’s what we come across most often.

Not prioritizing IT

This is the #1 mistake SMBs make. When focusing on growing their business, most SMBs think marketing, sales and inventory, but very few consider allocating resources–monetary or otherwise towards IT. IT is seen as a cost-center, rarely prioritized and any investment in IT is made begrudgingly.

Going for the fastest, latest or even the ‘best’ technology–which may not be the best for you

This is in contrast to the issue discussed above. Many SMBs realize the key role that IT plays in their business success. But they tend to get carried away and invest in the latest IT trends without considering whether it fits their business needs well, or if they really need it. Sometimes it is just a case of keeping up with the Joneses. But, why spend on the fastest computers or largest hard drives when you get only incremental productivity benefits?

Your team is not with you

When you bring in new technology or even new IT policies, it is your team that needs to work on it on a daily basis. If your staff is not on the same page with you, your IT investment is unlikely to succeed. So, before you make that transition from local desktops to the cloud, or from Windows to iOs or roll out that new BYOD policy, make sure you have your staff on your side.

You are not sure how to put it to good use

The lure of new technology is like a shiny, new toy. Investing in something popular and then not using it to its maximum is commonplace. Make sure you make the most of your investment in IT by providing your staff with adequate training on how to use it.

IT can seem challenging to navigate when you have to do it all by yourself. It entails steep costs when taken care of in-house. Add to that the complex task of deciding what IT investment you will benefit the most from and then training your team to use it…all of this is pretty daunting when you have to do it all by yourself. A MSP has the experience and expertise needed to be your trusted partner and guide in these challenges, helping you make the most of your IT investment.