One constant struggle in offices is the balance between productivity and security. If you give users too much freedom in your network, risk increases. But add too many security gates, and productivity can dwindle. It’s a fine balance between the two, but one you can achieve. Organizations need to recognize the importance of both. And not sacrifice one for another. A recent report from Microsoft notes a dangerous lack of authentication security. Just 22% of Azure Active Directory users had multi-factor authentication (MFA) enabled. This means that over three-quarters were at a much higher risk of an account breach. Why do organizations fail to adopt important security protocols, like MFA? We know that it’s as much as 99.9% effective at stopping fraudulent sign-ins. Yet so many companies aren’t adopting it. User inconvenience is the biggest reason. MFA is not expensive. In fact, it’s free to enable in nearly all cloud applications. But if users say that it’s hurting productivity and is a pain to use, companies may not bother with it. But sacrificing security can hurt productivity worse. Downtime due to a data breach is expensive and can put smaller companies out of business. The main cause of data breaches is credential compromise. So, if you’re not protecting your authentication process, the risk of becoming a breach victim is high. 35% of data breaches initiate from breached login credentials. There are ways to have both secure and productive users. It simply takes adopting some solutions that can help. These are tools that improve authentication security. But do it in a way that keeps user convenience in mind. Solutions to Improve Security Without Sacrificing Convenience Use Contextual Authentication Rules Not every user needs to go through the same authentication process. If someone is working in your building, they have a certain trust factor. If someone is attempting to log in from outside the country, they do not have that same trust. Contextual authentication is used with MFA to target users that need to reach a higher bar. You may choose to limit or block system access to someone attempting to log in from a certain region. Or you may need to add an additional challenge question for users logging in after work hours. Companies don’t need to inconvenience people working from normal locations during typical hours. But they can still verify those logging in under non-typical circumstances. Some of the contextual factors you can use include: Time of day Location The device used Time of the last login Type of resources accessed Install a Single Sign-on (SSO) Solution A report on U.S. employees found they use a lot of apps. Workers switch between an average of 13 apps 30 times per day. That’s a lot of inconveniences if they need to use an MFA action for each of those logins. Single sign-on applications solve this problem. They merge the authentication process for several apps into just one login. Employees log in once and can go through MFA a single time. Using multi-factor authentication isn’t nearly as inconvenient. Users gain access to everything at the same time. SSO solutions help organizations improve their security without all the pushback from users. Recognize Devices Another way to better secure network access is to recognize devices. This is typically done using an endpoint device manager. This automates some of the security behind user authentication. Thus, it doesn’t inconvenience the person. First, register employee devices in the endpoint device manager. Once completed, you can then set up security rules. Such as blocking unknown devices automatically. You can also put in place device scanning for malware and automated updates. Both these things increase security without sacrificing productivity. Use Role-based Authentication Your shipping clerk may not have access to sensitive customer information. But your accounting team does. One can have a lower barrier to authentication. Using role-based authentication saves time when setting up new employee accounts. Authentication and access happen based on the person’s role. Admins can program permissions and contextual authentication factors once. Then, the process automates as soon as an employee has their role set. Consider Adding Biometrics One of the most convenient forms of authentication is biometrics. This would be a fingerprint, retina, or facial scan. The user doesn’t need to type in anything. It also takes just a few seconds. Biometric hardware can be costly, depending on the size of your organization. But you can introduce it over time. Perhaps using biometrics with your most sensitive roles first, then expanding. Additionally, many apps are now incorporating things like facial scanning. Users can authenticate using a typical smartphone, making it much more affordable. Need Help Improving Authentication Security? Don’t give up important security because you’re afraid of user pushback. Give us a call and schedule a security consultation. SHOUT OUT TO T.M.E.

Countless employers still don’t trust their people to do their best work unless they’re physically in the office. But while managers may be struggling to adjust to our new hybrid world, this perception is a long way from the truth. Research from around the world reveals that greater flexibility from remote and hybrid working often results in a major boost to productivity. Yet still some firms are bringing back an office-only policy. Employers may be grappling with the fallout of the last few years and hoping that a return to the office will result in a post-pandemic productivity boost. But seeing as hybrid workers show improved morale, greater creativity and better collaboration (compared with pre-pandemic levels), this could be a big step in the wrong direction. Big Brother will never be popular Some businesses have increased their employee monitoring to try and track performance. But this is often perceived as a Big Brother tactic that ends up having the opposite effect – a drop in productivity, a lack of trust, demoralized teams, and a greater feeling of ‘us and them’. All businesses need to understand how they are performing and decide which metrics give the best insight into productivity. But this has to be done in a way that doesn’t leave employees feeling like cogs in a machine. So what’s the answer? There is some clear advice for building a productive and successful hybrid environment: · Encourage people to work in the way that’s best for them · Find the right ways to measure performance – without people feeling like they’re constantly being watched · Automate repetitive tasks to free up your team’s creativity · And provide everyone with the tools and tech they need to do their job properly. That could include choosing the right devices, using communication tools that aid collaboration, and making the right connectivity choices. We can help with all of this. So if you’re having trouble adjusting to a hybrid world, get in touch – we’re here to help. Published with permission from Your Tech Updates.

With its huge dominance in the workplace, Microsoft’s Windows has become the prime target for cyber criminals. They’re looking to access your information, disrupt your business, or hold your data to ransom. Tens of millions of attempted malware attacks were discovered throughout this year, and a massive 95% of those threats were targeted at Windows. The vast majority of attacks are unsuccessful, but those that do succeed can create havoc for the affected businesses. So you need to be sure that you’re taking all possible precautions to protect your business and your data. · Hardware and software companies release regular updates to address threats to Windows users, as well as security patches designed specifically to deal with new risks. These should all be installed as soon as they become available. · Your people should be regularly trained in how to spot cyber security threats and what to do if they suspect one. · And because it’s not possible to protect every business from 100% of all threats, it’s also important that you have a strong resilience plan in place. This should detail exactly how your business should react if it falls victim to a cyber attack and who should be notified to take action. Everyone in the company should have access to this document and know to report any potential attack as quickly as possible – that’s the best way to lessen its impact. If you have an IT service provider, they’ll be able to make the best recommendations to keep your business safe and secure, train your people, and even provide monitoring to spot any potential danger before it becomes a problem. This is something we do every day. So if we can help your business become more resilient, just get in touch. Published with permission from Your Tech Updates.

Passkeys are set to take over from traditional passwords to give us a safer, more secure way of logging into our online accounts. That will be a major step forward for online security, and it’s gathering pace quickly with more and more big names adopting the technology. So how long will it be before we finally wave goodbye to the password? This new tech has long been supported by the FIDO alliance – an organization of big tech companies including Apple, Google, and Microsoft – in the hope that it could eventually kill off passwords completely. These megabrands are already rolling out passkeys on some of their applications. But now some of the big names in password management software are getting in on the act, too, which is likely to speed things up even further. Passkeys work by creating and storing credentials on your phone, which only you can access. These are called private keys and they’re authenticated by the biometrics you use to log in to that device – your fingerprint, or your phone’s facial recognition system. When you log into an account, the site will create a public key which then requests your private key. Your matching passkey gives you access to your account, just like a password. Password managers let you create and store complex passwords, meaning you always have a strong, unique and unguessable password for every site. But the adoption of passkeys by a growing number of traditional password managers is likely to accelerate the move. We’ve spent years implementing strong passwords. Will we miss them when they’re gone? Probably not… Any move towards stronger security is always welcome and we don’t think it will be too long before most online accounts are using passkeys. If you’d like any help to keep your business secure in 2023, get in touch. Published with permission from Your Tech Updates.

Almost half of people with social media accounts have admitted to falling for shopping scams. So if members of your team are doing a little last minute Christmas shopping from work, how can you be sure your business is protected? New research shows that a massive 47% of people have clicked on links hoping to get a great deal, and instead ended up giving financial and personal details to cyber criminals. That could mean they’re not only putting their own data and money at risk, but your device – and even your network – could be exposed, too. It’s not just shopping scams that are fooling people online. Phishing links have tricked 36% of people into revealing personal data. Phishing is where you get an email that seems to be from a person or brand you trust, but it’s not. The same number have fallen for gift card scams – that’s where criminals gain victims’ trust and persuade them to buy gift cards or online vouchers. If an employee clicks a malicious link or downloads an infected file using their work device, the results for a business can be devastating. The risks go beyond the loss of data and reputation. The cost of downtime while you get going again is enough to put many people out of business for good. So how can you protect your business against this kind of scam – right now, and throughout the year? As well as having the right cyber security tools in place – such as firewalls, antivirus software, and strong password management – you should stay focused on training your people. Because your best line of defense is a team that recognizes a threat when they see one. Make sure they’re aware of the latest scams, and that they know the warning signs to look out for. Advise everyone to check that links are genuine, websites are the real deal, and be suspicious of offers that look too good to be true. And have a strong plan in place that kicks in the moment a security breach is spotted. Employees should all know to report any incidents immediately, and who they should inform. Acting quickly often lessens the impact of a data breach and makes it faster and less expensive to fix. As always, if you’d like further help or advice, get in touch. Published with permission from Your Tech Updates.