Breaking Down Multi-factor Authentication

There are the three factors that you have to choose from when protecting your systems and data.   Those factors are:

Traditionally, we all have been using just the something you know factor with our usernames and passwords that we use day-in and day-out.  The problem with only using this method in various situations such as using a VPN, is that passwords can be guessed or easily compromised especially if you do not have diligent password rules in place.

The something you are factor can be effective but it has been proven repeatedly, that face-recognition, retina scanning and even fingerprint access comes with its own set of issues.  This is also the highest cost solution and the most unreliable as well.

The last factor is something you have.  This can come in the form of a key fob that gives you a timed code to input after your traditional password or a smartphone app that will give you a temporary code so you can gain access to critical systems securely.

Multi-factor authentication is picking two of three options listed above.  Usually, the first factor will be the something you know factor in the form of a username and password.  I highly recommend your second factor to be something you have.  Why?  It is a low-cost and effective solution helping protect the pathway into your entire environment.

The other major benefit in multi-factor authentication is the one that people typically do not notice right way.  It makes your organization more efficient by ensuring that systems/applications are not compromised.

Contact me today at (585) 292-5070 x278 if you are interested in raising your security posture by going to a two-factor authentication solution for your critical data and applications.

Contact Jim Nelson Today!  Learn more about our Information Security Services

Why You Need A Risk Assessment and Where You Should Start

A common question that I am always asked is “Why do I need to have a risk assessment?”  The answer will forever and always be the same: Because you don’t know what you don’t know.

Now, risk assessments can be an intimidating process and sometimes even feel over-whelming.  You just have to remember that the goal is to find out where you can mitigate potential issues in your business.

If you are not sure where to start, consider having a Vulnerability Assessment performed on your network.  Also, have your Policies and Procedures looked at for gaps, and if you don’t have any currently in place, get recommendations on which ones your type of business needs.  Maybe even, start with a social engineering test, such as a Phishing Campaign, to see if you need to build up your Security Awareness Program.

We recommend every client engage us periodically for this comprehensive review, in which we evaluate your organization’s most pressing cybersecurity considerations. We’ll look at your current state, what safeguards you already have in place, and make recommendations about how to make your organization more secure from cyber threats.

Your Information Security Risk Assessment includes:

Don’t fall victim to a cyber attack.  Call 585.292.5070 x278 and speak directly to our Chief Information Security Officers to start the conversation.

Unlock the answers to Information Security.

Contact us today!

Is email phishing just an I.T. Issue?

Look at any news source today and you are bound to see yet another article on how Phishing is affecting businesses of all sizes in the U.S. and overseas.  With the amount of money that is being spent on protecting networks and end points, why is phishing such an easy way to disrupt operations or even worse, steal and corrupt your data.  The answer is easy, people are the weak point.  

Did you know that…

  • 1 in 131 emails contained malware, the highest rate in 5 years *
  • Ransomware damages are up 15X in the last 2 years, expected to worsen **
  • Business Email Compromise scams, relying on spear-phishing emails, targeted over 400 businesses every day *

How do you stay protected?

The solution to phishing is also easy, Test and Train your employees consistently.  Have a Phishing Campaign performed on all the e-mail users of the company.  See who would be willing to click that link or even supply credentials.  The next part is training those same employees on how to spot a phishing e-mail because as we all know, e-mail filters will not stop all of them from reaching us.  It’s all about raising Information Security Awareness consistently and often.

Innovative Solutions can help your business test employees with a Phishing Campaign and with training materials to help raise consistent awareness.

Learn More about Phishing Campaign services    Contact us today!

Statistic Sources:
* Symantec
** Cybersecurity Ventures

Higher Ed Information Security 101

A byte-sized course in data protection for college administrators

It’s a long-held mystique: colleges and universities are often seen as secure, self-contained worlds free from the kinds of risks facing other sectors, like corporate America and government agencies. But when it comes to information security, campuses everywhere have extraordinary challenges. From compliance with regulations like HIPAA to faculty and staff training on safe digital habits, there are dozens of considerations higher-ed administrators should get a handle on.

At the heart of information security: Data.

What types? Where and how to store it? How to dispose of it? Here are four vital steps to take to secure your data.

1. Define what qualifies as “sensitive data”
Be clear and specific in laying out what constitutes “sensitive” for personnel. Create a data classification system (such as Public, Confidential, Sensitive) with clear definitions, and describe how each classification should be handled.

2. Determine where to store data—and show everyone how to comply
Some campus administrators might not explain to faculty and staff where they should safely store sensitive information. Even if they have a secure way to store data, they don’t enforce it. Often, without clear direction, personnel will choose storage locations of their own. The Cloud. Their local hard drive. A shared server. They may think they’re using a secure location, but they’re exposing your school to a possible breach. Set up a storage system with safeguards, and communicate the policy campuswide.

3. Store only what must be preserved
School records sometimes are sometimes perceived as sacred artifacts. But that’s not necessarily true. If your institution isn’t required to keep certain records, dispose of them safely. Sure, it can be time-consuming. But the less data you have on hand, the better. Follow your local laws and statutes to determine what you have to keep. And implement a procedure for safely destroying what you don’t need.

4. Hold the keys to information closely
Access to information can become sloppy over time. A staffer transfers to a different department but still has access to data from a former role. A professor leaves your school but continues to have access to record systems. Or, some employees may have access to student information because job descriptions and data access aren’t well aligned. Develop a policy that defines who should have access to which data, and monitor access as people change positions—or leave the school.

Fully protect your institution. Find out more.

Data policy is a critical consideration in cybersecurity for the Higher Ed sector. But that’s just the tip of the iceberg. Are faculty and staff regularly trained on digital habits to avoid? Is your administration up to speed on current regulations and laws governing privacy? Does your protection cover each of the seven layers of security vital to network security? Get answers to these questions and more.

Contact Us Today


  • This field is for validation purposes and should be left unchanged.