WELCOME TO OUR BLOG
Two-factor authentication (2FA for short), sometimes called multi-factor authentication (MFA), is a system in which you must verify your identity in two separate ways to access an account – this may be a login password, an online account or an account to access an application.
Having physical access to technology, even if the devices themselves have been properly maintained and secured, increases risk dramatically, so physical security to your space still matters.
Technology has made our lives better. Technology has made adjusting the thermostat and turning the hot-water heater back to normal temperature as you board the plane to come back home from vacation very convenient and efficient.
Passwords and management of those passwords are a big pain – no two ways around it. One website requires a symbol, another requires 14 characters and your bank requires 10 characters, four PIN numbers and the answer to a secret question. It becomes easy to just use the same three or four passwords for everything – after all, that’s more secure than one password for everything, right?
"Is my PCI compliance good enough to serve as a network cybersecurity audit?"
We often get asked if an organization has passed their PCI compliance requirements for accepting credit cards; is there really a need for more security and compliance? It's very possible you do. Keep in mind that PCI is focused on protecting credit card data specifically, and most organizations touch sensitive data that goes beyond credit cards. Was that considered when you did your PCI review?
The time to start planning for a security threat is BEFORE a cyber-attack occurs…not during! Cyber-security planning should be done continuously, especially as your organization changes.
By proactively planning and adjusting, you can reduce the risk of significant consequences from technology incidents.
For any account that you care about protecting, we recommend you change your passwords about once every three months. It’s also important that you don’t reuse passwords or use the same passwords for two different sensitive accounts.
Do you have guest access on your company WiFi network separate from your main network? Or do you simply give out the same password and access point information that your employees use? If you give out your password, you’re allowing a guest to play in the same sandbox where your staff accesses sensitive data. What if your guest, knowingly or unknowingly, has been infected with some kind of worm?