Misleading password meters could increase risk of data breachA Password meter is an indicator of the strength of a password entered by a user on a website. In most cases, meters estimate the amount of tries necessary for your password to be guessed by an attacker by factoring in password length and complexity. A University of Plymouth study tested 16 of the most encountered password meters on the internet to test their effectiveness. Based on the results, here are a few tips on how to keep your passwords secure, regardless of an “approval” given by the password meter:
Do not always trust the password meterJust because a password meter says “strong password” does not mean it is. The meters can be helpful but are also extremely flawed, giving you a sense of false security. When deciding on a password, do not base it solely on the rating given by the website.
Avoid using keyboard patternsOn many password meters, passwords such as “querty”, “abc123”, and “Password” sometimes cannot be detected as problematic. Common letter combinations, such as going down a row of the keyword or commonly used words, are easily guessed and not always flagged on the meters.
Make passwords complicated and personalThe most secure passwords are those with a combination of uppercase, lowercase, numbers, and symbols. Choose combinations that seem difficult to guess by an outside person or computer. The more complicated and seemingly random the password, the stronger it will be. In addition to character variation, do not use the same password for all of your accounts. Change up your passwords so that if one is discovered, not all of your information is at risk. Secure your valuable data with the protection it deserves. Do you part to protect your information with a strong password, WesTec is here to do the rest. WesTec Services is dedicated to providing the highest quality of IT consulting as well as backup disaster and recovery planning. Give WesTecCall a call today to discover more about our available services.
How to Recover Deleted FilesHave you ever accidentally deleted a file and then realized you need it back? Unfortunately, it’s happened to most of us at least once–and we’ve all experienced the headache that follows.
Here are a few tips that can help you try to recover a deleted file from your device:
- Make sure the file is really deleted – If you’re not sure whether you permanently deleted a file, be sure to look for it before making an assumption. When attempting to recover deleted files, check the Recycle Bin or Trash on your computer. Typically, you can choose the filter “Date Deleted” to make your search easier. If your file was stored in a cloud storage like Dropbox or Google Drive, check your deleted files there–it may still be recoverable.
- Check your backups – Making regular backups of your most important files on your device can prevent you from losing critical data when you need it. If you do have a backup, you may be able to recover your deleted files. if you don’t have a backup, now may be the time to implement one.
- Try to recover the file – If you deleted a file on a magnetic hard drive, shut down the computer immediately. With the computer shut down, you should remove the hard drive from the computer entirely and place it in another computer as a secondary drive. Use file-recovery software to scan the drive. If you deleted the file recently and haven’t written to the drive much, you have a fairly good chance of recovering it.
- Professionally recover the file – If all other methods were not successful in recovering the deleted files, you may want to consider a professional data recovery service. Professional data recovery services deal with everything from deleted and overwritten files to dying hard drives that need to be disassembled and repaired.
For more information on our data backup or recovery services, contact the experts at WesTec today.
How to Avoid a Spear-Phishing AttackAs we discussed in a previous article, phishing is an attack that uses disguised emails as weapons aimed at masses of people. However, spear-phishing is a targeted attempt to steal sensitive information from a specific victim, such as account credentials or financial information.
During a spear-phishing attack, the perpetrator attempts to acquire personal details on the victim’s friends, hometown, employer, hang-outs, and their recent online purchases. This is typically done by disguising themselves as a trustworthy friend or entity through email, social media, phone calls, or text messages.
Because spear-phishing is the most successful form of acquiring confidential information online, it is important to practice how to avoid an attack.
1. Beware what you post: Review your online profiles. How much personal information is available for potential attackers to view? If there is something you do not want the public to see, delete it, or ensure your privacy settings are properly configured.
2. Use smart passwords: It is not wise to use the password for every account you own. In this case, if an attacker has access to one account, they effectively have access to all of your accounts. Passwords with random phrases, letters, and numbers are secure.
3. Use logic with emails: If an organization sends you a link in an email requesting a specific action or sort of personal information, go directly to the organization’s site rather than clicking on the link. Calling the organization can also help clarify the issue. Real businesses will not email you asking for your username and password.
4. Update your software: Software systems include security updates that should help protect you from spear-phishing attacks, as well as others. If you receive notice of a new update, be sure to take advantage, or enable automatic updates.
To learn more about how you can protect your data or sensitive information, contact the experts at WesTec.
How to Protect Customer DataWe place our information online every day. We’re more than happy to hand over our email, phone number, address and credit card information to purchase a product on the internet. In a world where ecommerce is becoming the standard, businesses must do what they can to protect customer data.
Follow Current Encryption PracticesEncryption practices change regularly to evolve and combat cybercriminals. Often, organizations who failed to stay up-to-date with the latest data protection trends fall victim to cyberattacks. To help protect customer data, create a recurring reminder to analyze your company’s security practices and make updates as necessary.
Limit Access to Customer InformationFor additional protection, limit who within your business can view customer data. Not every employee needs access to customers’ personal information. When only necessary employees have access to customer information, hackers have a harder time finding a weak point to break into company databases.
Don’t Ask for Unnecessary InformationAs a company, it is important to only collect the information you need to complete a transaction or service to your customer. Customers get weary when a business asks for unnecessary information. By only collecting necessary information, there is less for a hacker to steal. This protects customers and their livelihoods.
Educate All Employees on Security PolicyWhile you may limit who can view customer data, make sure every employee knows and understands the company security policy. Even though an employee may not have access to the customer database, their actions could affect the privacy of customers. For example, if someone were to take a company laptop to a coffee shop and used the open wifi, a nearby hacker could potentially break into the company’s database through the network and steal personal information.
Hack the Hackers with Password SecurityHave you ever been the victim of a cyber attack? Do you use the same password for all of your accounts? Follow our guide to outsmart the hackers with increased password security.
How Hackers Get Your PasswordsBefore you can better protect your accounts, you must understand how cybercriminals access steal your information. Typically, a hacker will compromise your account in one of three ways.
- Personal attack: Hackers target your account specifically. They will typically guess your email password and use password recovery options to access other accounts.
- Brute-Force attack: Hackers systematically check all possible passwords until the correct one is found.
- Data Breach: Hackers attack large companies, resulting in millions of compromised accounts.