With the holidays just around the corner, most people are turning their attention to turkey, presents, and long drives to visit friends and family. As a cybersecurity professional, I always see this as the Season of Spoofing, where bad guys send you convincing emails about packages left on your doorstep, and gift card balances you’ve left behind, all with the goal of stealing your credentials, like some overseas Grinch who doesn’t want you to get any presents.
So, in the spirit of giving, I’d like to kick off this holiday season by giving you three easy steps that you can take towards avoiding the Grinch this year.
Step 1: Better Passwords
I’m sure we’ve all heard the speech: Password must be 8+ characters in length, contain a letter, number, special character, and must be changed every 90 days. But did you know that even those are often easily guessed? And even worse, they’re often used on multiple accounts, creating a domino effect. If one is compromised, they’re all compromised.
So, consider using a password manager such as LastPass or RoboForm to generate secure passwords, that are unique to every website. This will make your passwords significantly more secure.
Step 2: Security Awareness Training
Now that we have better passwords, let’s make sure we keep them to ourselves! We can do that by training employees how to spot malicious emails, and what to do when they’re found. And more importantly, put that training to the test! A system that sends harmless emails to your employees to trick them into clicking a suspicious link will let you know who “gets it”, and who needs a little extra help.
Step 3: Multi-Factor Authentication (MFA)
I saved the best for last. Sometimes referred to as “two factor authentication”, MFA is a fantastic strategy for keeping your data secure. Every time there’s a login from an unexpected computer or location, you’ll be notified and prompted to either allow or deny the login, from an app on your phone (which is also protected by a passcode, right?).
If you’re using Office 365 for your email, you already have the ability to turn on MFA. It does take a little work to get up and running, but once configured, we’ve found that folks love the peace of mind that comes with this level of security.
Now, it wouldn’t be Thanksgiving if I didn’t give you something, right? So, here’s my gift for you, to help you get started with Step 1. Complete the contact form on the sidebar during the month of November and we will provide you with a Weak Password Report, for free! This will show you any weak or non-expiring passwords that are used on your network and start you on the path to better security.
I’m fortunate enough to have not one, but two personal assistants. Alexa, my first assistant, is fantastic. She’s my personal DJ. She tells me the weather. She even adjusts the thermostat in my house. Google, my second assistant, is also fantastic. He’s my navigator. He knows all the traffic spots to avoid. He even gets people on the phone for me. But recently, I was introduced to a third personal assistant that I didn’t even know I needed: Cortana
Cortana is Microsoft’s artificial intelligence (AI) built into Windows 10. A late comer to an already crowded space, Cortana often gets overlooked because of her lack of integration into other ecosystems, such as Amazon and mobile devices. But Cortana has two very strong points in her favor:
- She is deeply integrated into the Microsoft ecosystem
- She has a monitor to show me things
As a working professional, I rely heavily on Microsoft’s services. My corporate data is stored in Office 365. I use Outlook to check my email. My computers are Windows 10. And because Cortana is built in, she can help me manage it all.
“Hey Cortana, what’s on my calendar?”
Because Cortana *is* Windows 10, she uses the built-in Calendar app to retrieve this information, which takes a little setup at first. She can read this information out to me, but she can also display it on the screen.
“Hey Cortana, launch Outlook”
Yes, I could’ve reached for the mouse and done this myself, but this way is much cooler AND I didn’t have to put my coffee down!
“Hey Cortana, what time is my flight?”
When I booked my flight, the airline sent me a confirmation via email. Cortana is able to locate and provide me this flight information, even though I didn’t put it on my calendar.
“Hey Cortana, how long will it take to get to BWI airport?”
Sure, I could’ve asked Google. But my phone is in the other room. Cortana can provide that information immediately, and I can get back to work.
Some of the best things, she does without me needing to ask. Yesterday, I emailed a client promising to send them a report in the morning. This morning, Cortana popped up to make sure I remembered to send that report. If I have an appointment out of the office, she lets me know when it’s time to leave.
Alexa’s and Google’s jobs are safe. What they do to enrich my life cannot be replaced. But when it comes to staying focused and getting work done, Cortana is my right hand!
The saga continues! IIABNY recently learned that NY is requiring that all license holders file their exemption status on the Department’s website. This means that each individual that has a producer license must go to the NY DFS portal, and submit their exemption status by September 27th. You can read more about IIABNY’s efforts HERE.
Thankfully, the process is quick and painless, once you know where to go. To help your folks stay compliant, we’ve put together the following instructions:
- Browse to the NY DFS website: https://myportal.dfs.ny.gov/web/cybersecurity/
- Click “Create Account”, and put in your name and email address. Then, click “Save.” DFS will email you a temporary password.
- The link in the email that you receive will not work, so please note the password and refer back to these instructions for the proper website link. Once you enter your credentials, you’ll be prompted to enter a permanent password.
- Once logged in, you’ll click the “Submit Cybersecurity Notice of Exemption” button on the left.
- Type your Entity ID in the field. Your Entity ID is the same as your license number. The rest will prefill for you. Click “Next”
- For your Exemption Reason, you’ll want to choose 500.19(b). 19(b) is an exemption for employees and agents that work under the Cybersecurity Program of another Covered Entity. Click “Next”
- Enter in your personal contact details and check the box to swear/affirm. Click “Submit”.
Once submitted, you should receive a confirmation via email. Please forward a copy to your licensing manager, and keep a copy for your own records.