Tip of the Week: Leveraging Two-Factor Authentication on Facebook

If you’re like its over 2.19 billion other active users, Facebook has quite a bit of your personal information stored in it, and the risks that this implies only grow if your business is also represented on the social network. If your account isn’t protected as much as it could be, you could find yourself at risk of identity theft or other crimes. This is why we recommend activating two-factor authentication on Facebook.

Two-factor authentication (or 2FA) has actually been available on Facebook for quite some time. However, before a few much-needed changes were made recently, there were a few drawbacks to using it. First and foremost, the user needed to provide Facebook with their phone number, which many people didn’t really want to do. This wasn’t helped by the fact that, just a few months before the changes were made, Facebook announced that their previous 2FA system had a bug. This bug caused any replies to mobile Facebook notifications from 362-65 (the 2FA number Facebook would use) to post on the user’s profile page.

Now, Facebook plays nice with applications like Google Authenticator and Duo Security, and has made the setup process much more utilizable for the average user. The timing on this change couldn’t be better, either, as quite a few two-factor authentication hacks have surfaced from the weaker SMS-based 2FA – meaning that your best move is to avoid using texts to enable your 2FA permissions. Admittedly, an extra layer of security isn’t a bad thing to have, but there’s evidence that hackers have the capability to snatch your 2FA codes to access your accounts.

Setting up 2FA for Facebook is pretty straightforward:

  • Access Settings
  • Navigate to Security and Login
  • Select Use two-factor authentication
  • Choose the account you want to use as your authenticator.

2FA is just an extra piece of security to keep your information safe.

 

How to Identify If an Email is a Security Risk

There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?

It all starts by being aware of the issue at hand and staying vigilant of any potential threats. You should actively look for reasons not to click on links in suspicious emails. You can never be too careful, especially when there is so much on the line. Here are three warning signs that you can look for to avoid a malware attack via email.

Spelling and Grammar Errors
Nobody has perfect spelling and grammar, and it’s forgivable if they make a mistake here or there, but when an email is filled with errors that make it hard to believe its authenticity, perhaps you’re staring a red flag in the face. Professional messages will at least contain passable grammar that makes them easy to understand, but a malicious message might be filled with all sorts of nonsense that urges you to click on a link or download an attachment. Sometimes you might encounter a phishing email that’s very discreet, but this is more of an exception than the norm.

Links Leading to Suspicious or Unfamiliar Targets
Let’s say that you receive a message from your bank. When you hover over a link in the message, it shows that the link doesn’t lead to any site you’re familiar with. This is a clear indicator that you might be looking at a very well-orchestrated phishing scam. Before clicking on any link, just hover your cursor over it without clicking on it. In a bar at the bottom of your browser, you’ll see the target of the link. If it looks suspicious, you can easily disregard it or report it to IT.

Messages from Unknown Senders
Who did you receive the message from? If you know who sent the message, then perhaps the message is legitimate. However, it’s easy for hackers to spoof an email address and make it appear that someone else is sending a message. Remember, suspicion is better than falling into a trap. In a worst-case scenario, even a CEO or upper-level employee could have their account spoofed in a phishing or whaling scheme. If you suspect that this has happened, notify your IT department immediately so that measures can be taken against these efforts.

Thankfully, with a little bit of thought and caution, you can avoid most fraudulent emails, but it would be nicer if you didn’t have to worry about seeing these messages in the first place. An enterprise-level spam filter can keep fraudulent and spam messages at bay. To learn more, reach out to us at 855-290-KITE.

 

More Victims of the Equifax Breach Discovered

The 2017 Equifax leak was a disastrous scenario, but recent revelations have discovered that even more victims were affected than was previously thought. Nobody ever wants to hear this kind of news, but there is an upside to this that shouldn’t be ignored – learning from the mistake. We’ll start with a refresher on what happened exactly, and what these new developments mean for your organization.

The Breach of 2017
Equifax is one of the three major credit reporting organizations, and it suffered a major data breach in 2017. Over 143 million users were affected by this breach and potentially had their personal information stolen or provided to hackers. For those who are curious, this is about 44 percent of the United States total population. It’s pretty wild to think about. In October 2017, an investigation yielded more information that showed about 2.5 million more users were exposed than the original numbers let on. Thus, the total number of victims reached a staggering 145.5 million, or nearly one half of the entire U.S. population. If anything, this new development showcases that this number is not set in stone and that it could potentially increase over time.

For example, Equifax has discovered even more victims; 2.4 million more who have had their names and partial driver’s license numbers stolen. Unlike other information that holds greater value, a hacker can only do so much with this data, but it’s still problematic.

Lessons from the Breach
One of the most important lessons that you can learn from a data breach is that there is always going to be another data breach. Businesses just hold onto too much valuable data, and too many people are looking to steal it, for there to be any other outcome. The fact that so much information is shared and distributed all over just makes it more likely that information will be breached. Therefore, measures must be taken to ensure that your company doesn’t suffer the same fate as Equifax.

You have to understand that your data will be potentially stolen or exposed, and not because of you. It could be the fault of any company that holds your information. Just like Equifax, any companies that work with your data could potentially lose track of, and expose it, too dangerous entities. Even if you do nothing wrong, it could happen. You need to take measures to both protect yourself and prevent attempts at identity theft due to the negligence of others. You can start with credit freezes, locks, and alerts.

The next step is to be careful of who specifically you share this information with. If you share information and it’s compromised in any way, you could find yourself at odds with your clients and customers. Therefore, it makes sense that you take measures to limit this risk as much as possible.

Don’t let a data breach that your business suffers from be the reason why your organization implements security. Call us today at 855-290-KITE and learn about the proactive measures you should be taking for protecting your organization.

 

Take These Steps to Make IT Security Top of Mind

Here’s the thing about IT security: it requires a little more than a decent firewall and a reasonably-strong password. We talk a lot about how to ensure that your business’ network stays a top priority, and the best way to do that is to implement what we call a Unified Threat Management (UTM) solution. An enterprise security system like a UTM can provide a considerable improvement for the way you protect your organization, but even something as simple as a little bit of user error could bypass these protocols.

Hackers and cyber criminals have a lot of tricks up their sleeves, and it’s easy to forget that they can be extremely crafty with how they use threats like malware and phishing scams. The past few years have shown that hackers are doing much more than just infecting computers with threats. Instead, they are turning to social engineering and phishing tactics that are designed to weasel their way past even the most experienced workers. They know how to look legitimate and genuinely fool someone into handing over everything they need to succeed. Therefore, there’s only one way to make sure that your company stays safe from these hackers: stay alert and watch out for threats.

But How Do You Stay Cautious?
The best way to stay safe is to make sure everyone is looped in on what’s needed to keep your business secure. To get to this level, it’s best to start with management and administration to ensure that even those at the top of the ladder are taking security seriously. Be sure to keep your C-suite employees looped in on any major security advancements, as well as your HR office to give security the sense of importance that it deserves.

Security Shouldn’t Be a Hassle
Policies such as two-factor authentication or password protection can often be seen as an unnecessary way of making things more difficult for employees to do their jobs as efficiently as possible. You’ll likely get a lot of pushback, even if it’s meant to be a good thing for the company. Instead of lashing out and telling them to do what they’re told, try to get them to understand why the measures are necessary in the first place. The best employees are always the ones that care the most, so do your best to make them care not just on a corporate level, but on an individual level.

Implement Regular IT Check-Ups
Once you’ve figured out the best way to maintain IT security, you should do your part in keeping everyone up to date by holding regular meetings regarding security. It’s important that you make sure to stick to this schedule, as the higher priority your company places on security meetings, the more urgency will be associated with it by default.

Carefully Reinforce Security Measures
It’s imperative that your employees not only understand the importance of security, but that they understand why these processes and procedures are important in the first place. Be sure to document your business’ security best practices in a way which is easy to access, like in the company handbook. Follow this up with training videos, security handouts, or posters around the office.They should also be ready and willing to adapt to change, as the same threats that are a danger to your business now may not be so in the future.

Once most of your team understands that security is crucial, you should establish repercussions for failing to adhere to company security policies. It’s important to remember that most issues can easily be solved, so a first-time offender shouldn’t have their head bit off for forgetting something related to security. Of course, recurring offenses or blatant disregard to company policies should be treated with requisite severity, as all it takes is one unaware employee to completely cripple your organization’s security.

Encourage Reporting and Support Requests
One of the greatest benefits of working with technology is that you can easily put in a support request or report suspicious behavior. However, if an employee isn’t comfortable with doing this, they might not report something important that could have prevented a considerable amount of pain. Furthermore, if they make a mistake, they might be reticent to report it for fear of being punished. Therefore, you should make it clear that you not only encourage reporting issues, but that you expect it.

Kite Technology wants to be the organization that your business turns to for reinforcement of your company security policies. We can help enforce, audit, and support your business in a way which your internal IT department simply doesn’t have time for. If you don’t have an in-house IT department, we would be happy to act as one for you. To learn more, reach out to us at 855-290-KITE.

 

Security Risks Every CPA Firm Should Know About

The Internal Revenue Service has declared to tax professionals that they must take extra steps toward protecting the information of taxpayers. Certified Public Accountant (CPA) firms, whether they are large organizations or small businesses, hold much information that could be used by hackers and identity thieves, which makes them major targets during tax season.

As dictated by their chosen field, CPAs have to collect and store a significant amount of sensitive information–data which could be of great value to hackers. Data like client information, credit card numbers, and Social Security numbers is collected even by smaller tax offices, which makes them equally as enticing to steal from as a national firm with clients all over the country.

It’s shockingly easy for a hacker or identity thief to steal your clients’ sensitive information. Granted, how easy it is varies depending on your business’ security solutions. It could be as easy as a hacker parking their car on the side of the road just outside your firm and connecting to an unsecured wireless network. Therefore, you need to take considerable measures to protect your business’ data, while paying particularly close attention to any sensitive data that you may have stored on your infrastructure.

There are other methods that hackers will use to target not just one single business, but countless other professionals. They could send out a mass email as part of a phishing scheme in an attempt to steal information from unwary users. These emails can look like a legitimate message but could also include an attachment designed to spread malware, or worse. It can even install backdoors on your network that allow for access at the hacker’s leisure.

If your business works with sensitive data, the time is now to take steps to protect it from all manners of threats. The IRS suggests encrypting any and all sensitive data on your network, as well as implementing additional security features that shore up weaknesses in your infrastructure’s security. You can also start by educating your employees on how to identify phishing scams and other similar threats. Kite Technology can audit your network so that you can identify where your weak points lie. To get started, give us a call at 855-290-KITE.

 

Data Loss Can and Will Affect Your Entire Business!

Data loss, on any scale, is an organizational nightmare. Not only do you have to restore data, any lost productivity that comes as a result of the data loss incident makes it difficult on the budget. That’s only scratching of the surface of how serious data loss can be.

You Lose More than Just Data

Your data is crucial to your whole business, and when you have some stolen or lost, it can be a problem for multiple parts of your business. Consequences don’t end there. Some businesses, if they lose enough data, would have to close, putting people out of work, and negatively affecting a lot of people.

Considering how important data is, take a second and try to calculate what the financial impact of a major data loss incident would be to you. Between discovering the problem and the resolution there is the possibility that you face downtime and a corresponding loss of productivity, negative exposure, and much more. In fact, a majority of small and medium-sized businesses will close their doors after a major data loss event; it is that serious.

Other Concerns, Regarding Customer Confidence

When we mention negative exposure, what we mean is that once your organization has the perception that you can’t protect their personal data, the customer base simply won’t trust you with theirs. For almost any business that looks at themselves as a responsible operator, this is a death sentence.

So What Can You Do?

Before you lose data, productivity, or customers you need to make efforts to understand who is taking this data. Typically hackers, sometimes working as a part of an organized concern are behind these data breaches, and while you focus on your business, they gain access through any means they can. With this diligent hacking strategy at hand, it is important that you, and maybe more importantly, your employees know what they are up against and are sufficiently educated. If the “weak links” on your network are properly trained and willing to adhere to industry practices designed to keep these issues from becoming problems, you will be a lot less susceptible to attack than the average business is.

The IT security professionals at Kite Technology deal with these issues every day and have the perspective and knowledge to help you and your organization mitigate potential security threats. We offer comprehensive security solutions that proactively monitor and manage your network traffic. We also provide employee training resources that ensure that the people you depend on know how to approach this new digital world where threats are as numerous as the benefits. For more information about how we can help, contact us today at 855-290.KITE.