2015 saw a significant increase in high-profile hacking attacks in organizations of all disciplines: healthcare, government, and even large entertainment companies all fell victim to data breaches. In light of these attacks, valuable lessons can be learned through analyzing the types of records that were stolen. In 2015, over half of all records exposed to hackers were passwords and email addresses.
It’s clear that your IT department should have administrator privileges with your business’s technology, but the average employee is another story altogether. Administrator privileges provide users with the ability to do many things, such as install programs and access admin settings. Administrator privileges are exactly what you want to keep users away from, and it turns out that the majority of flaws in the Windows operating system depend on these privileges.
The fact that so many businesses are rushing to take advantage of two-factor authentication displays how the password has lost its edge as a security credential. Passwords simply aren’t good enough anymore, and hackers are always finding ways to crack even the most complex passwords. This is why many businesses are looking to improve security through alternative means.
Windows 10 has a built-in PIN system that helps to keep your workstation secure from would-be hackers that want to take advantage of a simple password. Here’s how to set up your PIN, as well as how to change it or reset it if need be.
Why Bother with a PIN?
Using a PIN offers several benefits over traditional password security. For example, Windows 10 uses your Microsoft account password to access your PC. If this password were to be obtained by a hacker, they could access your other Microsoft accounts. If you’re using a PIN to access your PC, the PIN is specific to the device. This makes it less risky to use a PIN than a password.
Adding the PIN
First, click on the search bar at the bottom of the screen and type Settings. Select Sign-in options in the left column, and scroll down to the PIN section in the right column. Next, select Add. You’ll be prompted to verify your password, so just enter your current credential into the form and click OK.
Once you’ve finished that, you’ll be taken to the Setup a PIN page. Now, all you have to do type out your PIN in the provided forms. While the only criteria for creating a PIN is that it needs to be at least four characters long, and no more than nine characters long, a simple PIN is easy to guess and could be almost as bad as not having a PIN at all. Be sure to keep these tips in mind when selecting your new PIN:
Changing or Resetting Your PIN
To change your PIN, you’ll need to go back to Settings > Accounts > Sign-in options. Tap Change underneath PIN, and you’ll be taken to the Change your PIN screen.
If you simply need to reset your PIN, you can do this easily enough. Just click I forgot my PIN next to the Change button, and you can reset your PIN. Keep in mind that you’ll need your current account password to do so.
For more great tips, be sure to subscribe to Infradapt’s blog.
IT can be like baseball. When a team is up to bat in a game of baseball, the team at bat is allowed to keep two coaches on the field. They are called the first base coach and the third base coach. While both coaches’ responsibilities mostly have to do with baserunning, the third base coach also takes on the responsibility of relaying “signs” from the manager in the dugout to the batter at the plate.
These signs represent orders or suggestions from the manager, who is in charge of implementing the strategy each pitcher or batter throughout the baseball game. The third base coach is just an intermediary. He relays the orders to the batter, and it’s the batter’s job to execute the direction that’s given. Each team will try incessantly to steal the other team’s signs, as doing so will give them a distinct advantage on the field of play. For instance, if a hitter somehow was tipped off that the pitcher will be throwing a curveball, there is a better chance the player will let the pitch go by because it’s hard to throw a curveball for a strike, and even harder to hit a curveball.
What does this have to do with IT? It suggests just how much your competition gains from having information about your company; the information that only you should have access to. While “sign-stealing” on the diamond is looked on as gamesmanship, stealing information over your business’ network is a crime (or at the very least unethical), and should be thwarted if at all possible. The former scouting director for the St. Louis Cardinals is finding that out the hard way.
Christopher Correa, the former scouting director for the St. Louis Cardinals has plead guilty to five counts of unauthorized access to a private computer for using a former employee's login information to access a Houston Astros’ secure database that was filled with data that could provide useful information. Correa had accessed both employee emails and the team’s database to gain information, an action that he admitted was, “stupid,” to U.S. District Judge Lynn Hughes.
Correa, who accessed information mainly to gain a competitive advantage over a rival team, was fired from the St. Louis organization after his improprieties came to light. Ironically, Houston, who had been playing in the same division with St. Louis since 1994, moved to the American League before any of these hacks had taken place.
Correa’s former boss, and current Astros General Manager, Jeff Luhnow is likely the “Victim A” from the indictment, and the likely owner of the passwords that Correa used to access the Astros’ system. Luhnow seemingly used the same credentials to sign into the Astros’ environment as he did when he handed over his laptop and password to Correa when he left to take the GM job in Houston in 2011. Luhnow made the following statement:
"I absolutely know about password hygiene and best practices. I’m certainly aware of how important passwords are, as well as the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard."
In this case, however, Luhnow seemed to be lacking somewhat in his conscientious efforts to protect his organization’s intellectual property by using the same credentials he was using while a member of the St. Louis staff five years prior. When someone leaves your company, especially if he or she is leaving for a competitor, it’s important that you get all the credentials that they used to access all data systems. Conversely, when someone joins your company, it’s important to make sure they understand your organization’s cyber security protocols, to keep you from having to deal with data breaches and other situations that may put your business at risk.
Network security, including password management and intrusion detection are essential for every business that doesn’t want to their network hacked by their competition, or by random hackers out to make a quick buck. For more information about the best practices for comprehensive network security, or to talk with a technician about the options we offer to help you protect your network, call us today at 800.394.2301.
Bad news for users still running outdated versions of Internet Explorer - Microsoft has ended support for its legacy web browser. What this means is that Internet Explorer 8, 9, and 10, will no longer be issued critical patches and security updates, making its continued use a security risk.