ActiSoft Technology - Blog #Cyber Security

7 Reasons Why You Need a Password Manager

Sun, 02 Jun 2024 12:42:22 +0000

Researchers attribute 80% of all breaches to weak passwords. These seemingly innocuous combinations—birthdays, pet names, or “12345”—become gateways for cybercriminals. They exploit lists of commonly used passwords and employ simple hacking tools to guess their way into accounts. Imagine someone getting rich by cracking passwords and draining bank accounts.

Monitoring your employees' password habits can be a daunting task without a password management solution in place. A business password manager grants organisations full control and oversight of their employees' password behaviours. The process of onboarding and offboarding employees is also streamlined. Continue reading to discover the functions of a password manager and how it can advantage your organisation.

What Is a Business Password Manager?

A business password manager is a tool that enables you and your employees to track, store, share, protect, and manage all passwords. Passwords are kept in a secure, cloud-based digital vault, accessible only with a master password. This vault can also store more than passwords, including documents, identity cards, and SSH keys, thus streamlining the security of your employees' files and passwords. Additionally, a password manager facilitates the creation of strong, unique passwords for each account, securely storing them.

Password managers play a vital role in maintaining the security of your organisation and simplifying the management of your employees' passwords. They also negate the need for employees to submit help desk tickets for password resets.

Benefits of Having a Password Manager For Your Organisation

Unsure of how a password manager can benefit your organisation? Consider these six advantages of deploying a business password management solution.

1. Enforce Organisation Password Policies Efficiently

Centralising password management within a single platform enables organisations to standardise and implement password security policies throughout the organisation. This includes setting a minimum password length and mandating the use of Multi-Factor Authentication (MFA) for every compatible site.

Employing a password manager permits IT administrators to verify compliance with organisational password policies among all employees.

2. Visibility Into Password Practices

Without centralised password management, IT administrators lack insight into employees' password habits. This issue of visibility is increasingly critical with the rise of remote work. It will prevent your employees reusing the same password across various sites and applications. Password managers offer a centralised console that grants administrators full visibility into employees' password practices, regardless of whether they are working in the office, remotely, or using a hybrid approach. Don’t worry the IT administrators cannot see the passwords in a user’s vault.

3. Securely Share Passwords

In businesses, password sharing is essential and crucial for task completion, yet it's imperative that employees have a secure method to share these passwords with their team. A password manager serves this purpose effectively. It enables organisations to establish shared folders for various groups such as individual departments or project teams. Moreover, users can securely share credentials with designated individuals, with the added convenience of automatic credential transfer to the recipient's vault.

Furthermore, our offering of Keeper's password manager provides the option to dictate whether the recipient of shared credentials or folders has the permission to edit or merely view the shared items.

4. Implement Role-Based Access Control (RBAC)

Employees should be granted only the system access necessary for their job functions, nothing more, this is the Principle of Least Privilege. This not only aids in preventing insider attacks but also reduces organisational risk if an employee's account is compromised. Adopting a standardised password management solution allows organisations to enforce Role-Based Access Control (RBAC) and keep track of account activities for any unusual behaviour that might suggest misuse or a security breach.

5. Dark Web Monitoring

Cybercriminals often target Software as a Service (SaaS) developers and other vendors, aiming to steal credentials from their clients' employees. It may take months for an organisation to detect a breach, and usually, the victims of these third-party breaches are the last to realise they've been compromised. Meanwhile, cybercriminals might have already sold the stolen login credentials on the dark web.

BreachWatch, a widely-used extension for Keeper's password manager included in our Enterprise offering, monitors dark web forums and alerts organisations in real-time if any employee passwords or credentials appear online. It integrates smoothly with the Keeper password management platform, allowing IT administrators to promptly enforce password resets.

6. Simplified employee onboarding and offboarding

The use of a uniform password manager streamlines the onboarding process for new hires, facilitating a smooth transition even when the team is partially or fully remote. IT administrators can efficiently prepare new employees for work within minutes by either manually registering each one via the admin console or enrolling multiple users simultaneously using Keeper's supported methods. New employees are welcomed with a personalised email invitation containing a link to set up their Keeper Vault.

Former employees retaining active passwords pose a significant cyber risk, and securing passwords during the offboarding process is vital to an organisation's cybersecurity infrastructure. Upon an employee's departure, their system access must be revoked without delay. Password managers not only enable IT administrators to promptly withdraw access from ex-employees but also offer the option to conceal passwords for current employees within the platform. This measure prevents the copying of passwords through screenshots or written notes and facilitates the secure handover of accounts to successors.

7. Helpdesk Tickets

It is estimated that 40% of help desk calls/tickets pertain to password resets, each costing the business approximately £60. Envision a scenario where a multitude of employees are synchronised on a 90-day password renewal cycle; the impact on productivity could be substantial.

IT support teams can be targeted with social engineering attacks aimed at password resets, they typically rely on static data to confirm an employee's identity, a password manager such as Keeper mitigates that risk.

Consider the potential accomplishments of your support team with a decrease in password reset calls/tickets!

Choosing Keeper as Your Organisation’s Password Manager

Keeper's Enterprise password management solution offers all the essential features required in a password manager, plus many additional benefits. The Keeper password manager operates on a zero trust and zero knowledge basis, ensuring that only the end user can access the plain-text data in their Keeper vault—Keeper's employees included.

With Keeper for Business, every employee receives Keeper across an unlimited number of devices, ensuring comprehensive protection throughout the company. Moreover, it includes a complimentary family plan for every employee.

Contact our friendly Cyber Security specialists at Actisoft today to find out how Keeper Password Manager can help you improve your security posture and protect your users and organisation.

Get Started Now!

The Hidden Cost of Cyber Crime And How to Avoid it

Mon, 04 Apr 2022 14:34:15 +0000

When a new story hits the news about another organisation being hit by a cyber attack, it’s mostly numbers we hear about. We’re told how many records were compromised, how many hours were lost, how much ransom money was demanded and how big a fine the company will have to pay to the ICO.

What we don’t hear so much about is the human cost of cyber attacks, or how those responsible for handing over valuable data (mostly completely innocently) feel about their mistakes.

Fraudsters know how to play on people’s weaknesses, and they’re very good at it. It’s easy to think you’d never fall for a scam if it’s never happened to you, but the truth is that hundreds of thousands of people do get caught out every year. Often, those people are highly intelligent, organised and diligent, and just happened to be having a bad day.

Being tired, overworked, stressed or simply relaxing in the lead up to a holiday can cause even the brightest spark to make simple mistakes. Nobody is immune to cyber attacks, and hackers capitalise on that fact every single day. The situation is now so serious that mental health professionals are referring to cyber crime as a new, hidden epidemic, and those who fall victim to hackers often pay a heavy psychological price. It goes way beyond having information stolen or even handing over money. It’s about deep-seated feelings of guilt, embarrassment and powerlessness, and in an increasing number of cases victims are being diagnosed with depression, post traumatic stress disorder or other related health problems.

A recent survey found that almost 70% of victims said they felt they could no longer trust strangers, and over half said they were no longer able to enjoy the activities they used to. Depression and anxiety were reported in over half the respondents, with almost 85% experiencing insomnia following a data breach. More than 60% said they experienced difficulties with concentration and cognitive function, while just under 57% said they regularly experienced aches, pains and headaches.

In severe cases, the shame of compromising company data and being seen as “the weakest link” in an organisation has even led to suicide. So, how do you protect your employees and your company from the chaos of a data breach? These 7 simple security measures will help keep you and your people safe and help you avoid the long term repercussions of cyber crime.

1. Make Sure You Have Endpoint Protection Software on Every Device

A lot of people still think that anti-virus software is just for laptops and PCs, but you should have it installed on every device on which people access your systems.

2. Use Different Passwords

Many of us are guilty of re-using the same password for different accounts, but it’s a really bad habit to get into. Having to remember different passwords for all your online activities can be exhausting and frustrating, but if you use a system like Keeper you won’t have to. Password management systems remember everything for you, so you and your team can stay safe without having to deal with an administrative nightmare.

3. Switch to Multi-factor Authentication

Entering a username and password is just one step in the online security process, so more and more organisations are choosing to protect their data with several layers of protection. Multi-factor authentication requires you to provide more information to confirm your identity, such as:

Something you know – a password or PIN
Something you have – like a Security Key, secure USB or phone number
Something you are – such as a fingerprint or retina scan

4. Protect Every Device

One of the downsides of remote working is that your team members will most likely be using their own devices to log into your network. It’s imperative to clearly outline everyone’s responsibilities when it comes to looking after those devices, from keeping them safe on public transport to ensuring nobody else has access to them.

You’ll need a robust Bring Your Own Device (BYOD) policy in place to ensure everyone knows what’s expected of them – get advice on how to create one here.

It's important to note that under the GDPR, if any device containing personal information is stolen it must be reported to the ICO within 72 hours. It’s also a good idea to install tracking software on your devices so they’re easier to get back in the event of theft or loss.

5. Make Sure Your Software is Always Up to Date

One of the easiest ways for hackers to infiltrate organisations is through outdated software. Every time someone hits the “update later” button it makes your organisation more vulnerable, so make it policy to ensure all software is updated at the same time every week.

6. Back up Regularly

Even if the worst does happen and you lose your data, it will be a whole lot easier to deal with if you’ve got everything backed up in another place. You can store copies of your data in an external hard drive, but most businesses nowadays choose to back up in the Cloud. A good security provider will perform backups on your behalf and regularly monitor activity on the network, which means you won’t have to give it a second thought.

Don't forget to test your backup regularly!

7. Educate and Support Your Staff

This is the number one most important thing you can do when it comes to cyber security. Human error is the biggest cause of data breaches, so by keeping everyone trained and up to date with the latest phishing threats and how to recognise them, you’ll be going a long way towards keeping your customer information safe.

With the right training, employees should all be able to spot a phishing email or dodgy link and know what to do if something doesn’t look right. It’s also important to create a culture in which people feel comfortable to ask if they’re not sure about something, and don’t feel under too much pressure. Of course, an element of pressure is expected in every job, but when people are overloaded, they’re more likely to make mistakes. And as we’ve already seen, sometimes those mistakes have far reaching consequences. Creating a culture of fear won’t work, but providing a supportive, educational environment just might.

We are here to help you and your team stay safe online. To find out more, or to book a cyber security training session, contact us today.

Endpoint & DNS Protection Together

To secure businesses, you need endpoint protection that’s stronger and smarter than traditional business antivirus and secure your DNS connection against cyberattacks, get total visibility into web usage, and enforce acceptable web usage policies to reduce security risk.

Why it's different:

Stop sophisticated cyber attacks

Streamline Management

Save time and money

Skip the hardware and software with our DNS Protection

Block threats at the domain level

Reduce costs relating to infections

Protection wherever you are

Try it now!

How To Harness the Power of Data in Your Organisation

Wed, 30 Mar 2022 13:40:01 +0000

Companies all over the world are learning that one of the best ways to future-proof their organisations is by harnessing the power of data. According to a recent survey from McKinsey, today’s leaders understand that data isn’t just part of business, it is business. But there’s a big difference between simply collecting data and using it properly, so how do you ensure you’ve got all the information you need to succeed without getting bogged down in statistics?

For most companies, data collection is about three things:

Informing and improving decision making
Refining operations
Creating new revenue streams

Informing and Improving Decision Making

A recent study by Bain & Company, which looked at over 400 organisations, found that those who used advanced data analytics made decisions five times quicker than their peers. Data helps us understand the way our customers think and provides deep insights into which processes are working, as well as those that would benefit from a different approach.

Refining Operations

Today’s data sources allow organisations to refine everyday operations and processes and work more efficiently. From customer feedback to production line reports, we now have a host of information at our fingertips to help us be bigger and better than ever.

A good example of this is the use of GPS software in delivery vehicles – companies like Amazon have used this new technology to their full advantage, giving customers and managers alike regular updates on deliveries. They’ve also used data in all sorts of ways to influence customer decisions, like the recently introduced Personal Recommendation system that prompts consumers on the products they might need, before they even know it themselves.

Creating New Revenue Streams

The more in-depth and interesting your data, the more attractive a business asset it becomes. So much so that companies are now being bought based on how much data they collect, like in the case of IBM’s takeover of The Weather Company. Originally founded as the Weather Channel in 1982, the company invested in technology that allowed it to offer an impressive line of digital products. They changed their name to the Weather Company in 2012 and a number of eagle-eyed investors noticed the wealth of information they had collected about weather patterns. IBM soon snapped them up and has since been able to position itself as one of the leading suppliers of weather information in the world. Even if you don’t want your company to be acquired by one of the big fish, your data will still be valuable to someone.

However far along you are in your journey, you’ll need a robust data strategy in place. Before you go on a mission to collect all those facts and figures , it’s important to know what you want to do with it. That means starting with a robust data strategy that clearly identifies what you’re trying to achieve and how you plan to do it.

The amount of data that exists around the globe is growing rapidly – 90% of it has only become available over the past couple of years. As that data continues to increase, managing it properly has become essential, which is why all businesses need a data strategy.

Like all business planning activities, your company data strategy should be SMART and flexible, allowing you to scale up and down according to need.
Without a data strategy in place, different departments and team members find themselves having to make decisions about information and solve data decisions on their own. This adds up to confusion and a lot of wasted time and money, so it’s important to develop clear guidelines in order to keep costs low and operations running smoothly.
Define how your data will help you meet business goals.
Identify how you will complete data collection activities in line with those goals.
Outline any changes you need to make within your organisation to make the most of your data.
Establish a timeline for all your data collection activities and milestones.
Describe your short-, mid- and long-term data collection strategies.
Discuss how these activities can be financially justified.
Identify what software you intend to use and how your insights can be monetised.
Include information about how your data will be stored and kept safe.

Data Security should be your number one priority when it comes to collecting any kind of information. Since the introduction of the GDPR and the ever-increasing risk of hacking, it’s never been more important to make sure your data is safe. Here are some important things to consider for your new data strategy:

Always make sure your data is regularly backed up
Ensure all your staff are well trained in cyber security and clear about access and data sharing
Use Cloud computing systems to keep your information remotely
Invest in some reliable Antivirus software and install it on all devices that access your systems
Always keep your data protected with a robust cyber security strategy

We are here to help you keep your data safe. Contact us today to find out more about our cyber security products and services, including data strategy implementation and staff training.

Endpoint & DNS Protection Together

Why it's different:

Stop sophisticated cyber attacks

Streamline Management

Save time and money

Skip the hardware and software with our DNS Protection

Block threats at the domain level

Reduce costs relating to infections

Protection wherever you are

Try it now!

79% of Employees Have Knowingly Engaged in Risky Online Activities in the Past Year

Wed, 18 Aug 2021 15:01:00 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

With employees not believing that it’s important to personally worry about cyber security risks, they also tend to believe they’re not a target, new data suggest as the reason for the risky behaviour.

In most cyberattacks, the employee plays some role – clicking on a malicious attachment, giving up their corporate credentials to an impersonated logon page on the web, or taking specific action because they were fooled into believing their CEO or boss told them to. So, it’s important for employees to not engage in risky online behaviours.

But according to new data from security vendor Thycotic, employees simply aren’t prepared and educated to think about corporate risk, let alone their role in helping to mitigate that risk. In their newly released Balancing Risk, Productivity and Security report, Thycotic point out some specific insights that clearly point to how and why employees are creating risk:

45% see the organisation being at little or no risk of cyberattack
51% say IT should be solely responsible to protect the organisation from cyber threats
79% of employees have engaged in one or more risky activities that include sharing credentials with colleagues, using the same password across multiple sites, using unauthorised personal devices to conduct work, and allowing family members to use their corporate device

One of the reasons is clear from the report’s data: 56% of employees have received no Security Awareness Training in the last year. Over half of employees aren’t having the concept of needing to be vigilant continually reinforced – so it’s no wonder these organisations are seeing employees introduce risk regularly.

If you want a vigilant and cyber security-minded employee, you need to continuously teach them about the importance of cyber vigilance. Otherwise, you’re going to end up with an organisation that is demonstrated by the Thycotic data.

Request A Demo: Security Awareness Training

New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

BEC Attacks Are Targeting Lower-Level Employees

Wed, 18 Aug 2021 07:40:00 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

A new report from Barracuda found that most business email compromise (BEC) attacks are now targeting employees who aren’t in executive or financial roles.

“Many organisations focus their training and protection on who they perceive to be the most targeted individuals within the organisation—usually executive and finance teams,” Barracuda’s researchers write. “However, 77% of BEC attacks targeted employees in other departments. Attackers look for an entry point and a weak link within your organisation, and then they work their way to more valuable accounts. This highlights the need to secure and educate every employee to the same level.”

Barracuda also found that one in five BEC attacks target employees in sales roles.

“Due to the nature of their role, sales reps are used to getting external messages from senders they haven’t communicated with before,” the researchers write. “At the same time, they are all connected with payments and with other departments including finance. For hackers, these individuals could be a perfect entry point to get into an organisation and launch other attacks.” They also have access to a lot of contacts

IT departments were another prime target, with each IT employee being targeted by an average of forty attacks.

“When we look at the number of phishing emails targeting IT teams, although they received only 5% of the total number of attacks, each employee was targeted by 40 email attacks, which is well above average,” the researchers write. “IT staff has access to business-critical applications, so compromising their accounts can be extremely valuable to hackers as it will give them access to organisations’ security and IT infrastructure. Cybercriminals tailor their attacks to their victims, so there were barely any BEC attacks, which usually look for quick monetary return, targeting IT teams. However, when it comes to attacks that include phishing URLs designed to compromise accounts, IT was one of the top targets.”

New-school security awareness training can enable employees throughout your organisation to recognise and thwart social engineering attacks.

Barracuda has the full story.

Request A Demo: Security Awareness Training

Save My Spot!

U.K. Employees Pose a Major Cybersecurity Risk to Business as They Return to the Office

Thu, 29 Jul 2021 12:15:10 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

After well over a year of getting used to working from home, as U.K. employees look to head back into the office, new data shows they don’t see themselves as a cyber risk (which makes them one!)

The case has already been made that remote employees have adopted bad cybersecurity habits while working from home. It, therefore, makes sense that employers need to be aware of this and take precautions to ensure employees realise that cybersecurity is more important than when the pandemic started.

Data from security vendor Armis points out this same issue exists throughout the world. In a survey of 2,000 UK employees, it appears that British users are the same as their U.S. counterparts:

61% of U.K. employees use their personal mobile phone and 44% use their own laptop for business purposes
25% admit to having insufficient security in place on their personal devices
61% intend to return to the office with those same personal devices
60% don’t believe their personal devices represent a threat

All this spells danger for organisations, as we obviously have a material portion of users thinking they are simply going to bring their admittedly insecure devices back into the workplace and continue to use them.

It’s critical that organisations have a cybersecurity component to their “return to work” plan – one that addresses device security, acceptable use of company resources (including Internet access), and Security Awareness Training to elevate these remote employees’ sense of organisational vigilance against cyberthreats to an acceptable and effectual level.

Request A Demo: Security Awareness Training

Save My Spot!