Passwords are all over the place these days, whether they?re required to access an online account, or access the devices used to open these accounts. While both types of passwords can make for ideal security conditions, this is only the case if the passwords are strong. If your passwords can be guessed by just about anyone, can you really call it a security measure? New insights from SplashData show that passwords aren?t being considered as much as they need to be. SplashData collected and examined passwords that were leaked in 2017, resulting in the most common passwords being ?123456? and ?password.? These also happened to be the most cracked passwords for the past four years. The University of Phoenix?s annual cybersecurity survey has also provided some interesting insights: Only 42 percent of Americans use different passwords across different websites. Only 35 percent regularly update their passwords. Only 24 percent update their passwords before they have to travel. Furthermore, 43 percent of adults have experienced a data breach over the past three years, and 29 percent of workplaces have password protection as an official part of their cybersecurity policies. While these statistics aren?t the best situation, it?s important to understand why this is the case. One of the biggest issues regarding password security is that people don?t have enough confidence in their ability to remember complex passwords. This is augmented by the fact that multiple passwords are needed to ensure all accounts are secure. You can use some tips and tricks to remember them, though. Passcodes A random string of letters, numbers, and symbols simply isn?t user-friendly or easy to remember. When you?re restricted by length and content requirements, implementing a password that is easy to remember is borderline impossible. Since you don?t want to use just a single word either, you can boost the security of your password by lengthening it into a passphrase–sort of like a secret phrase that you, and only you, should know. For example, the phrase ?starwars? was one of the most used passwords in the SplashData survey. If information on a user?s social media profile indicates that they are a Star Wars fan, a cybercriminal could use this information to guess the password and cause all sorts of trouble. By lengthening your password into a full sentence, like ?I really like star wars,? you can drastically improve security for your account. Substitution If security is a further issue, you can improve the strength of your passwords by replacing numbers and symbols for specific letters. For example, the previous example of ?I really like Star Wars? can be changed to ?1 really l!ke St@r W@rs.? This makes it more difficult for a hacker to guess the password. Implement a Password Manager The security industry is completely aware of how difficult passwords are to remember. This is why password managers have become a major implementation of any security-minded organization. Instead of having to remember multiple complex passwords, a password manager provides a secure vault for storage of any complex passwords, all of which are controlled by a master password. Does your business need help with cybersecurity? White Mountain IT Services has the solution. To learn more, reach out to us at (603) 889-0800.

Automated ContractsBlockchain technology can ensure that the agreements made in contracts are kept, triggering when the conditions of these agreements have been met. This is possible through the use of smart contracts that have the involved parties? information, terms, and payment processes populated, allowing the entire process to be securely automated. Identity AuthenticationSince it serves as a permanent record, of sorts, the blockchain may soon be used as an identification and authentication tool. Rather than continuing to use the assorted insecure methods that we do today to identify ourselves, as well as birth certificates, passports, and other digital identities, we may soon rely on the blockchain to verify that we are who we say we are. VotingThe blockchain can also be used to help fight potential voter fraud as well. If applied to the voting process, the blockchain would not only allow the identity of each voter to be verified, their vote couldn?t be altered by someone else afterwards. As a result, the democratic process becomes more transparent. Notary FunctionsIn order for many documents to be properly signed, they require a notary to be present. This is to confirm that all parties are willfully signing the document at a given time, the notary acting as a neutral third-party witness. The blockchain can serve a similar purpose. By adding a timestamp to the blockchain along with data, the entire chain becomes a witness of sorts to the agreement. There?s no denying that focus is currently on cryptocurrency, but it likely won?t be long between the blockchain is used for many other purposes. What do you think the blockchain should be used for? Share your ideas in the comments!

Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewhat easily by developing responsible habits. Unfortunately, it is much easier to develop bad habits, which only opens you up to increased threats. For example, passwords. While it may be a pain to remember more than one password, it is even more of a pain to find yourself locked out of all of your accounts if your single password is discovered by a cybercriminal or leaked. Each of your accounts should have its own unique password, preferably composed of a random string of numbers, letters, and symbols. If you anticipate that you will have trouble remembering your passwords, resist the urge to write them down. Instead, use a password manager program, which allows you to securely save your passwords for various sites and services, protected by a single master password. Speaking of passwords, you should also do some password management on your networking equipment. If a hacker can gain access to your router, everything on your network is then vulnerable to them. A great way to make it easier for a cybercriminal is to leave your router set to the default password. Like any password-protected account, you need to devise a new password for your router that meets the best practices that were discussed above, changing it periodically. Of course, there are other considerations to make to truly be secure when on the Internet in addition to good password practices. Additional StrategiesOne of the easiest ways to boost your online security is to make sure that you?re using the most up-to-date tools and programs, including your web browser. The relationship between the programs you rely on and the threats that target you means that the two are effectively locked in an arms race over your security. As threats improve and find new vulnerabilities, solutions have to shore up their defenses and eliminate these vulnerabilities. This means that you need to be diligent about updating your solutions promptly, so that these improvements can be put into effect and protect your system. Look for the LockWhenever submitting sensitive information to the web, such as your credit card number when shopping online, check for the lock in your browser address bar. This will show up to the left of the URL. For example, if on Amazon, you?ll see it to the left of https://www.amazon.com. The lock means that your connection is encrypted, so the data you send to Amazon can only be understood by Amazon, and not someone sneaking around in between you and the store. This applies to any site where you enter in secure information, so be mindful that the lock is there before you share anything personal. Of course, this is a very shallow dive into how to surf the web more securely. In fact, this is barely dipping a toe into the water. For more details, reach out to White Mountain IT Services by calling (603) 889-0800.

Google Play Protect is one measure that is helping users identify malicious apps on their phones. It?s not an actual app on your device–rather, it?s a feature that is implemented on the Google Play app store. Google Play Protect basically scans your apps in the background to detect any dangerous applications on your device. You can manually scan your device for threats as well, improve harmful app detection by extending the scanning to any apps not installed through the Google Play store. To do so, open the Google Play Store App, tap the menu on the left, and scroll down and select Play Protect from the menu. One noteworthy downfall of Google Play Protect is that it doesn?t immediately scan an installed app. Instead, what we recommend is before opening the app for the first time, scan it with Google Play Protect first. However, we do recommend approaching any new app with a grain of salt, starting even before you download it from the Google Play store. While Google Play Protect can offer some ways to keep your mobile devices safe, you should still consider the following tips to approach downloading new apps as mindfully as possible. Download apps from trustworthy sources: Sometimes you might find a link to an app while looking through frequently asked questions or message boards. Be sure that you don?t download apps from external sources, as there is a higher chance that they could put your business in harm?s way. Make sure that any apps you download are reputable and from the Google Play Store. Most Android phones are set up to not allow this by default. Check app permissions before downloading: Depending on the type of app you?re downloading, it might ask for access to certain information or functions on your device. It?s up to you to determine whether or not the app is accessing too much, or something that doesn?t make sense. For example, a flashlight app shouldn?t need access to your calls or text messages. Implement a Bring Your Own Device (BYOD) policy: Chances are that your employees have multiple devices that they will bring to the office every day, including a laptop, tablet, and smartphone. Therefore, it makes sense that you have a solution implemented that manages risk from these devices. We recommend a BYOD policy that includes whitelisting and blacklisting apps, remote wiping of compromised devices, and comprehensive mobile security. To improve the way that your business handles mobile devices and security, reach out to White Mountain IT Services at (603) 889-0800.

What Makes Social Engineering Effective?Social engineering is the equivalent of pointing to an imaginary spot on someone?s shirt, only to flick their nose when they look down — by posing as someone trustworthy, a cybercriminal is given the opportunity to do as they will with a business? data. These attacks have two factors going in their favor. First, a social engineering attack isn?t the kind of attack that the average user is on the lookout for. They will have instead heard about botnets and ransomware and other big, external threats, and so won?t think to question what seems to be a legitimate-looking message. Secondly, there is plenty of data readily available on the Internet to help build a convincing social engineering attack. This data is referred to as open-source intelligence. Open-source intelligence can come from a vast array of data sources, which only assists an aspiring social engineer. Through some digging on the Internet, a social engineer can find plenty of information that better informs their attack. What the Internet Can ProvideWith the right research, a social engineer can compile an unnervingly comprehensive profile of a business, its employees, its operations, and more. Some very brief and incomplete examples are as follows: TechnologyInformation about the kind of technology a business leverages is surprisingly common online. Job postings, for example, often identify the hardware and operating system a company uses to ensure that an applicant has a familiarity with the systems they would be working with. The trouble is, this also helps a criminal by identifying which exploits will be effective against a company. Furthermore, if a company isn?t careful, their social media images could provide a cybercriminal with information about their networking hardware. Employee InformationIt is also common for people to overshare on social media, which can easily lead to company information being shared as well. This includes, in addition to the access of information many allow to be publicly available via social media, images from within the workplace. Such images often reveal the kind of computer used by employees, as well as the contents of their screens and any information displayed on them. Additionally, many people will discuss their work schedule on social media, as well as provide a detailed account of their professional experience, giving a social engineer more data to work with. Vendors and Other CompaniesExternal services that provide for a company can help a social engineer gain access to that company, especially if the service provider uses them as evidence of value on their website. Janitorial services and trash pickup services are especially valuable, as data could potentially be stolen after it leaves a business? premises. In short, while protecting your data with firewalls, authentication requirements, and other digital measures is crucial, it is just as crucial to also ensure that your employees are aware of the dangers that social engineering can bring. Establishing processes to help thwart social engineering attempts is something that every company should do, as it will help to protect them from these attacks. For help in planning these processes, reach out to White Mountain IT Services at (603) 889-0800.