No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

IT Security

Protect Yourself Against Cyber Theft

Have you ever wondered how someone could steal from your company over the Internet? Cyber theft is an ever more prevalent problem faced by small businesses just like yours. Here we explain what cyber theft is, how the computer hackers come to gain access and, most importantly, how you can improve your IT security to keep you, your company, your customers and your assets safe.

Firstly, cyber theft is defined as the act of stealing personal and/or financial information from computers to be used illegally. This can include your bank details themselves as well as your passwords, security answers and other information which can then be use to hack into your account. The people who breach your IT security systems to gain access to this information are called computer hackers and most sell on this data to third parties who can further exploit this information. Large scale examples of cyber theft include Target (70 million customers’ card details), Ebay (145 million users’ login details), Yahoo (1 billion users’ data including passwords and security information) and Anthem (80 million records hacked into at the USA’s biggest health care insurers).

Computer hackers gain access to confidential records and sensitive data in a variety of ways. Most can penetrate your systems remotely but sometimes a physical act is used to hack a computer. Leaving your computer unattended in a public space offers a computer hacker the opportunity to plug in an infected USB stick and embed malicious software (malware) on the machine. Old school, malicious and opportunistic but effective. Alternatively, an infected email as part of a phishing scam could contain a link to a malicious website or begin a download with malware embedded within it. And then there’s the good old fashioned hacking whereby simple passwords can be guessed, leaving your accounts open to tampering and exploitation.

As a business, you have a responsibility to keep the information of customers safe which is why you need to be vigilant when it comes to IT security. Make sure you run regular training sessions with all of your employees to ensure they are aware of the risks and dangers which come with working online. As well as using more complex passwords, be sure to regularly change them (once every month or two is recommended) so computer hackers can’t repeatedly abuse your systems. It is also worth investing in cloud data protection. This ensures all of your files and data are backed up in a far more impenetrable system than a physical hard drive. Finally, install anti-virus software and, most importantly, keep it up to date. Regularly released updates are not there to annoy you. They are there to patch weaknesses and vulnerabilities in the existing version. Computer hackers like easy targets and computers running an old version of software is something they specifically search for.

It’s a dangerous world out there and IT security should be a top priority for any small business. While multinational corporations such as Yahoo and Google have suffered breaches in the past, day to day computer hackers typically target smaller companies because their IT security systems are weaker and easier to bypass but they often have healthy bank balances and large reams of customer data which really deserve better protection. Don’t make yourself a target for cyber threat and invest in your IT security to protect not only your own finances but those customers who entrusted their private details to you.

IT Security