Small to medium-sized businesses often struggle with identity management because they lack the resources of big companies to implement enterprise solutions, but something as simple as two-factor authentication can help keep your company secure.
Two-factor authentication simply means that after entering your password, you need to do something else like enter a code that gets texted or emailed to you, or confirm the change with an authentication service.
Of course, you want the individual’s identity to be secure, but at the same time you don’t want to be overly complex. I’ve worked for a large organization that signs me out every couple of weeks, then forces me through a burdensome process that starts with sending a code to my phone.
After I enter the code, I need to come up with a new 20-character password, which can’t be like any of my previous passwords. Then, I have to enter the password twice and make them match. Once I’m able to make that work, which usually takes a couple of shots at least because getting 20-character passwords to match takes some doing, I need to approve the change on my smartphone.
If that sounds like a bit of an ordeal, I can tell that it absolutely is, and it’s probably a cycle you want to avoid putting your employees through.
The password conundrum
Complex passwords are good, but often force silly work-arounds like writing them down. If you have your passwords written on post-it notes in your drawer (or worse, attached to your monitor), this isn’t the most secure approach, is it?
On the other hand, people can be amazingly simplistic, when it comes to creating passwords. The worst password lists have 12345 and password (yes, the word password) topping the lists every year. You don’t have to be a hacker genius to figure that one out, do you?
Many people end up using the same passwords over and over across the internet for simplicity’s sake, and with each breach, those passwords get leaked. It means your regular password is probably floating around the internet somewhere, just waiting for someone with nefarious intent to pick it up and enter your company network using the stolen credentials.
By bringing in that second factor, you can limit the harm done by stolen credentials. If you are using an approve/disapprove service, you should train your employees to change passwords immediately if someone is trying to make a change that’s not them. You could even have a protocol to force this to happen.
Two-factor isn’t foolproof of course, but it does offer you a simple way to protect against stolen (or guessed) credentials without putting an undue burden on your users.
TWO-FACTOR AUTHENTICATION SIMPLY MEANS THAT AFTER ENTERING YOUR PASSWORD, YOU NEED TO DO SOMETHING ELSE LIKE ENTER A CODE THAT GETS TEXTED OR EMAILED TO YOU, OR CONFIRM THE CHANGE WITH AN AUTHENTICATION SERVICE.
Article by Ron Miller
PARTNERSHIP @ WORK
You know, we’ve been doing this a while. And by this we mean I.T. Now here’s the thing, at CITON we truly believe that we are only as good as the last problem we solved. We work hard to design a solution that is creative to the point where it solves not one, but many challenges at the same time. Yeah, we love tech but we love it because of what it can do for our clients.
Success in I.T. requires us to evolve. In our 24 years we have had to re-invent our company many times over. Why? Because, for us to remain relevant, we have to continually adapt our offerings and our skill set. This allows us to provide real solutions that work and provide real value to our clients.
But how do we do this? Who “trains the trainer?” For us at CITON we have found that partnering with our vendors and distributors is the fastest way to educate our entire team on the latest methods available to use technology to build business. We are fiercely loyal to our business and technology partners. The reciprocal loyalty, tenure and strength of these partnerships creates a level of understanding, access and consistency which empowers CITON to solve problems more quickly, more creatively and more conclusively than our peers
One example of this is our long term partnership with Hewlett Packard Enterprise or HPE. Their blend of hardware and software provide the best possible experience for our customers. It’s incredible how devoted HPE is to designing technologically superior products. HPE’s line of storage, the “Nimble and Simplivity” line of products, provides both CITON and our customers with the best-in-class storage experience along with a sense of peace of mind that our all-important data will be available quickly and securely whenever and wherever we need it. Want further proof? Well, CITON just installed a brand new Nimble storage array in our data center. If you are one of our many hosted customers you probably didn’t even know that. And, that’s just the point. We migrated all data, across platforms in the dead of night, seamlessly. That’s how partnerships work. For you and for us.
HPE’s NIMBLE STORAGE DIVISION
HPE Nimble Storage is a predictive flash storage technology developed by Nimble Storage that was based in San Jose, California founded in early 2008. Nimble Storage produced hardware and software products for data storage, specifically data storage arrays that use the iSCSI and Fibre Channel protocols and includes data backup and data protectionfeatures. Nimble is a subsidiary of Hewlett Packard Enterprise.
It’s a messy place, but it’s our messy place!
LETS PROTECT OUR PROPERTY
We get it. We are all somewhat numb to these threats. Like your Mom said “drive carefully, you could get into an accident on your way home from work.” It could happen, but its unlikely. This isn’t the same. It is not a question of “if” but “when” you get hacked. At Citon we agree with Travelers that there are steps every business needs to take to strengthen their business from these prevalent attacks.
Call our security experts for advice on how to protect your small, medium or large enterprise.
IF YOU THINK THE THREAT LANDSCAPE IS
IMPROVING? THINK AGAIN
Threat Landscape: Virtually no firm is immune from severe exploits
Of the 103,786 vulnerabilities published on the CVE List since it began, 5,898 (5.7%) were exploited in the wild according to research from our recently released Threat Landscape Report. With over 100,000 known exploits, most organizations cannot patch vulnerabilities fast enough to keep up. This indicates that cybercriminals are not only developing new technologies and strategies to exploit potential victims, but they are also becoming more selective in the way they leverage those exploits, focusing on those that will generate the biggest bang for the buck.
Such information can be extremely valuable when it comes to prioritizing patching vulnerabilities. If criminals aren’t exploiting the vast majority of vulnerabilities, then fixing everything—beyond being impossible—is not the right approach. Instead, it is essential to incorporate the knowledge of what they are exploiting through threat intelligence services such as the ones provided by FortiGuard Labs into the decision-making process. Organizations can then couple such threat intelligence with Security Rating Services that provide real-time insights on security preparedness across all security elements to take a much more proactive and strategic approach to vulnerability remediation.
This conclusion is just one of the highlights taken from the latest Fortinet Threat Landscape Report. The FortiGuard Labs team processes over 65 trillion security events per year using advanced techniques and patented technologies—including one of the most advanced self-learning systems in the world—to extract timely and relevant threat intelligence, seek out avenues of attack and discover emerging threats. Fortinet then collects and publishes those finding quarterly, highlighting critical takeaways for organizations of all sizes and industries.
At Citon we understand the threat landscape. We have spent almost a quarter of a century working to enhance security. Our roster of partners are knowledgeable, smart and fast. If you are in a crisis or want to tighten your security before a breach, we can help.
Thanks to our friends over at Fortinet for the research into the current threat landscape.
Hint: These guys are good!