general articles b

Security audits are more crucial than they seem

Security audits are an excellent way to set the benchmark for your company’s data integrity. It is also a reliable way of identifying gaps in your system before they can be exploited by hackers.

Auditing and the security strategy

Audits are necessary to maintain system integrity and uphold quality. These system checks help identify security gaps and guarantee business stakeholders that the company is doing everything in its power to ensure that all of its information is uncompromised.

The three key procedures of an audit are assess, assign, and audit. Having a methodical way of auditing helps you avoid missing important details. It is also crucial that each stage is treated with the same level of importance to ensure thorough and comprehensive auditing.

During the assessment phase, have your IT partner look at the security system you have in place. All of your business computers and servers need to be checked, as well as every program and every user. Doing an assessment should give you an overview of how secure your business currently is, along with any weak points that need to be improved.
After the assessment, you may begin assigning solutions and solution providers. Ask your IT provider about solutions they can provide for each of your network/system gaps. And for issues that they can’t handle (perhaps because certain machines and software are highly specialized), ask your IT provider for their whitelist of partners.

Finally, you conclude your audit cycle with an “audit” — one last look-around before releasing the system back into the wild. Make sure that installations, patches, and upgrades are integrated properly and working seamlessly. For future reference, you’ll also want to take down notes just in case you need information about software and hardware improvements done during this audit cycle.

What exactly should be audited?

When conducting an audit, there are three factors you should focus on:

The state of your security – Security — especially digital security — is never at an impasse, and it is always in flux. Why? Because according to the Clark School at the University of Maryland, hackers attack every 39 seconds. And that’s not even accounting for other cyberattacks such as phishing, ransomware, and malware. This means that system security has shorter and shorter expiration dates nowadays, which makes audits all the more crucial to accomplishing your security strategy.

The changes made – The key to having long-term data integrity is a continuity plan — and not just one that addresses severe business disruptions such as those caused by calamity or disaster. A true continuity plan tries to address every conceivable risk realistically, especially those that can trip up business operations, such as cyberattacks. This can only be possible if you know what kind of hardware and software comprise your system, as well as their respective updates and improvements.

Who has access to what – Data systems — even proprietary ones — should allow administrators some control over who sees what. Total accessibility is a very dangerous prospect, especially since business nowadays is increasingly hinged on internet presence. An audit will let you check on user access so that you can make necessary adjustments to protect your data.

If you are looking for help in developing a security strategy for your business, contact us today to see how our managed solutions can help.

The dangers of autocomplete passwords

Hackers have found a new way to track you online. Aside from using advertisements and suggestions, they can now use autocomplete passwords to track you down. Feeling unsecure? Here are some ways to keep you out of harm’s way.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.
Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.
Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

  • If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
  • If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.