The AuthAnvil Blog

Catch up on the latest AuthAnvil news and the Identity and Access Management conversation.

Enhancing Your MSP with Strong Security Practices

You want to do everything possible to serve your clients and customers. You also want to grow your business, and to do that you provide fantastic products and services. Even with the best products and services in the world, if your security is weak, it will turn people away. They need to know their information and data is safe if they are to do business with you.

Read More

The Evolution of Passwords and Password Management

Passwords – they’re one of the most common safeguards in most our lives. We generally don’t give them much thought, unless it’s to stress out because we’ve forgotten a crucial password. Even more terrifying is realizing that one of passwords has been compromised and now a hacker intent on information theft has access to that account.

Milestones in Password and Password Management

Read More

Massive iCloud Hack Shows Criticality of Strong Authentication

Apple has a reputation for building secure systems. The Mac is still far more hack proof than PCs, and the iPhone being a closed system has not been hit with a plethora of malware.

The iCloud had much the same reputation – until this week.

Read More

You Need to Offer SECaaS in Your Business Portfolio

User authentication, or identity verification, is incredibly important. Businesses large and small, and even individual consumers have been forced by these exploits to take steps to ensure that their information is safe from malicious software and hackers. While good password hygiene and the right password management tool can help, there are still hurdles. SECaaS, or security as a service, can provide significant advantages. What is it, and why should it have a place in your business portfolio?

What Is SECaaS?

Read More

Saving Your Passwords Can Have Disastrous Results.

Using your web browser as a quick way to sidestep remembering your passwords might seem to be extremely convenient, but this approach poses significant security risks. This feature is offered on various browsers including Mozilla Firefox, Google Chrome and Internet Explorer. Each one has their own individual weak spots that could cause problems down the road.

Read More

Requiring Employees to Remember Massive Passwords Can Often Lead to Disaster

The memory capacity of our brains is limited by the litter it processes every day. Having too many passwords formulated with alphanumeric combinations, special characters, and signs can quickly transform your high level of security into nothing more than mass chaotic confusion. In the name of safety, the company boss and IT manager may insist that every employee reset passwords and PINs on every account they use – and reset these often.

Read More

Identity and Access MIS-Management

A former CIO who has grown a small MSP, moved to the enterprise and now focused on the growing MSP/MME international market. Having spent many years (and millions of dollars) in the enterprise working with some of the top technologies in the financial industry and seen the ups and downs, through the investments, growth, and eventual retrench--all to have it cycle again. X-CIO has a passion for business, a keen view on technology, and in the end, sometimes a different view on the every changing business of IT.

Read More

Remote Access Work Systems Cut Business Costs

In these competitive times, businesses have to do what they can to trim the fat and cut costs. This is often an unpleasant process. Cutting costs can mean laying off employees, reducing benefits packages, or moving to smaller or less appealing offices. All too often, reducing business expenses means getting rid of the things that make employees happy and productive. For that reason, cuts can hurt a business more than help.

Read More

Two-Factor Authentication: Double your Defense against Hackers

With the ever aggressive advancement of digital crime from cyber-thieves, and the increase of Internet fraud, companies now fully recognize the importance of high level security. Many businesses know they can’t completely protect their workers’ usernames, passwords and logins through traditional, largely manual means. The companies that really get this use two-factor authentication (2FA) as a defense against hackers trying to gain access to online accounts and company servers.

Read More

Placing Less Demand on Passwords Allow Companies to Gain Stronger Online Security

Many companies incorporate higher security levels by minimising the demand of username/password combinations and instead implement two-factor authentication.

Read More

Top 5 Signs You Need Better Password Management

A password manager is an effective tool for generating, organizing, and maintaining username/password combinations. For an additional layer of security, many individuals and companies incorporate two-factor authentication using hardware or software solutions.

Read More

Building Your Business with the Power of Three

Every business these days needs to have its roots in a digital environment. It would be madness to only accept cash and attempt to keep your accounting by hand. Likewise, you couldn’t possibly manage your employees or reliably market your business without software and the Internet. Sufficed to say, no matter how you plan on making a living, it likely is not possible without computers and the World Wide Web. This means proper security measures are vital.

Read More

Reap the Benefits of Remote Access for Employees

With the enormous advances that have occurred in computing and networking technology, it is now easier than ever for employees to work from home, from the road, from their local coffee shop—practically anywhere they want that's not their office. In fact, it is now unusual for many coffee shops to lack the infrastructure (computers, wireless internet, broadband access) needed for someone to work from there, if they so choose.

Read More

Risks of BYOD to Company Data and Employee Hardware

The growing trends of “Bring Your Own Device” (BYOD) solutions are providing more significant results than anticipated, to the consumerization of the IT department of any small, medium and large sized businesses. The trend is driven more by the preference of the consumer, and less about any initiative from the company. However, there are significant advantages, with associated risks, for any company that is willing to adopt BYOD policies.

Read More

The Benefits of Responsibility Separation for MSPs

Because so many companies need a fair amount of outside help to get all of their work done, Managed Service Providers (MSPs) are continually taking on new clients. The business world never operates without problems, and when issues do arise, it is essential that the MSP already has a detailed list of defined responsibilities firmly in place.

Read More

10 Signs You Need Two-Factor Authentication

Multi-factor authentication has been utilized in a variety of ways for millenniums. Many centurions would not allow strangers to gain access through security checkpoints without revealing the secret code. Additional multi-factor authentication methods included the ability of one person to recognize another individual as a method of providing a credential to gain access. In the world of computer accessibility, multi-factor authentication has long been recognized as the premier way of providing an additional layer of safeguarding to gain access into accounts.

Read More

Help your users become HIPAA Compliant

In January 2013, the United States Department of Health and Human Services (HHS) issued their new omnibus rule that governs the protection of patient personal health information.

Read More

Top 10 Ways to Keep Your Data Secure in PSAs

PSA platforms offer valuable assistance to professionals and IT consultants in their ability to find solutions when managing projects. A PSA (professional services automation) system provides crucial effective tools at every level of the project from prospective selling to delivery, and even after-delivery solutions. The entire platform is designed to create an open environment for everyone within the system to gain access to crucial data.

Read More

Educate Your Help Desk on Dealing with PHI

Since 1996, HIPAA has held medical offices to strict protocols in handling and dispersing patient’s personal health information (PHI). Strict rules and regulations are firmly in place and enforced to ensure that the handling of PHI in the office follows all the...

Read More

Where Does 2FA Stand in Your Security Policies?

Since the beginning of Internet connectivity, on-site servers, and the invention of the cloud, passwords have never been as secure as most everyone believes. Many companies incorporate an additional layer of security through two-factor authentication (2FA), in an effort to reduce the risks of using passwords.

Read More

The 3 Factors of Authentication

No matter what kind of software we’re talking about, the need for security should go without saying. It doesn’t matter if it handles emails or functions as your online shopping cart, the unfortunate truth is that we live in a world where hackers are everywhere looking to take advantage of any and every opportunity. Some want money; others are perfectly happy to just cause mischief. Sometimes, it’s the latter that’s actually more destructive than the former.

Read More

Happy H0lid4y$! - Manage Your Christmas Lists and Your Passwords

Good password management practices can increase your company's security instantly. By providing your employees a way to store their passwords securely you are preventing them from choosing their own storage method, such as an Excel document or sticky note, while setting a standard for security by evoking password policies regarding length and complexity. This holiday season do yourself a favour and manage both your Christmas lists and your passwords. 

Read More

Happy H0lid4y$! - Give the Gift of Teleworking

This holiday season give the gift of working remote. With the bad weather and crazy schedules, why not ease the stress level of your employee's by allowing them to work from home. 

Read More

Happy H0lid4y$! - Share the Holiday Spirit, not Your Password

40% of users have reported sharing their passwords with at least one other person. Don't become a victim of poor password security. Share the holiday spirit, not your passwords.

Read More

Happy H0lid4y$! - Let it SSO

On average, a strong password will take over six seconds to enter. The holidays are a busy time for everyone, so why not give your staff the gift of time by helping them save time with there passwords...

Read More

Happy H0lid4y$! - Save the Recycling for the party

Weak passwords are bad. But reused ones are worse. This holiday season be sure to save the recycling for the parties, not your passwords.

Read More

Happy Holid4y$! - Introduction

The holidays are a joyous time of year. With the winter weather and generally busy nature of the season, it's important to keep your business' security at the top of mind. To help you with this we have created a video series entitled “Happy Holid4ys!”

Read More

Ease the Pain of Passwords with SSO

Although we live in an age that is at the height of technology, there are still a few pain points most of us face on a regular basis that we’d rather do without. Sometimes, these things are just minor grievances. They may even be worth chuckling at in spite of ourselves. Other times, these pain points could become serious problems.

Read More

IDaaS is Worth All the Buzz

No matter how advanced software or our other favorite technologies become, security will always need to be a priority. Otherwise, you’re simply creating solutions that will eventually get used by the wrong people and on your dime. It’s also hard to imagine that passwords will ever quit being a part of our digital world.

Read More

Don't Let Yourself Fall Below the Security Poverty Line

Most of us have heard of the poverty line before. Falling below the poverty line is when life gets extremely difficult and you largely have to live at the mercy of others. Anyone who has ever come close to this line usually works as hard as possible to change their trajectory ASAP.

Poverty lines exist elsewhere in life, not just where money is concerned. Another extremely important one is called the security poverty line. For the sake of your business, you need to make sure your company never gets anywhere near it.

Read More

Get Ready for Retail Season by Ensuring You Are PCI Compliant

Retail season is almost here, but before you get too excited about what this means for your business, it’s vital you understand the following about PCI-DSS.

What Is PCI-DSS?

Read More

7 Deadly Sins of Techy Turnover

Going through techy turnover may not seem like the end of the world, but if you’re not careful, it could very well be fertile ground for huge problems. Below, we’ll cover the seven deadly sins of techy turnover that you need to avoid if your company is to thrive.

Read More

Clean Out Those Skeletons from Your Password Closet

Everyone knows that comprehensive password management must be a priority in today’s day and age. Most of us can’t make it through the day without inputting a password at least once. In fact, the majority of people have to use numerous passwords as part of their job.

Read More

5 Reasons to Arm Your RMM With Stronger Security

Remote Monitoring and Management (RMM) platforms are a simple way to gain a powerful handle on maintaining your clients’ IT environments. As a true force multiplier, RMM allows you to greatly increase your productivity by giving you a vantage point on various workstations from numerous clients all at the same time. This way, you can often resolve problems before your customer even knows they were there. Furthermore, you can automate a whole host of tasks too, which only helps you increase your productivity even more.

Read More

Don't Get Spooked by Compliancy Requirements

If your company deals with customers’ personal information or sensitive data from the government, the need for sufficient cybersecurity measures isn’t just good housekeeping; it’s the law. Below, we’ll explore some of the important rules your organization should know about and one simple step you can take toward staying compliant.

Read More

Working Remotely Makes Your Business More Time Efficient

The average American worker reports that he or she "works" just over forty hours per week, but how much of that time is actually spent working? Studies of office work flows and worker productivity suggest that, in fact, a surprisingly small portion of those forty-plus hours truly go towards work that is productive and increases a business's revenue.

Read More

What To Look For in a Password Management System

Technology has made our lives easier in so many ways, it’s hard to keep track of them all. Sufficed to say, most of us wouldn’t know what to do if we lost just half the technologies we depend on every day. That being said, technology has also made a number of things more challenging too. Take passwords for example.

Read More

Things to Look for in a Multi-Factor Authentication Vendor

Multi-factor authentication, or MFA, is a tremendous type of platform that provides excellent security measures. An MFA platforms require a password and at least one other, independent form of verification before a user is allowed access. Every company should invest in this type of protection, but, before doing so, they should also consider a few things. Here is our list of things to look for in an MFA vendor.

Do They Accommodate OTP?

Read More

Why an MSP Wants to Offer MFA

If you are an MSP, it makes sense that you take security very seriously. Obviously, your customers do too. They have a lot of very sensitive information and there is no shortage of people who would love to get their hands on it.

Read More

MSP Responsibilities When It Comes to Compliance

Managed Service Providers (MSP) serve all kinds of companies across a number of industries. As you can imagine, this means following a number of very serious laws and regulations. When it comes to being an MSP, compliance can mean thinking about any number of major factors where security is concerned. Two very good examples of this are PCI and HIPAA. The former deals with compliance acts that concern the retail industry, while HIPAA does the same for healthcare. Let’s take a close look at what both of these calls for.

PCI DSS

Read More

An Overview of CJIS

Every company out there has sensitive information. Whether it’s their secret to success, customer information, emails or something else, it goes without saying that these organizations want this information protected at all costs from prying eyes that have no business going through this data. One of the best examples of a system that demands this kind of security comes from CJIS. In this case, though, you’re dealing with security demands from the Federal Bureau of Investigation. 

What Is CJIS?

Read More

Things to Think About When Looking to Implement Single Sign-On

Single Sign-On (SSO) software is a great way to defend your company against hackers while ensuring your workers aren’t unnecessarily inconvenienced. Before you make your purchase or implement an SSO platform, consider the following.

Will the End User Need Any Specific Software?

A lot of companies eventually find themselves in an awkward position after they’ve gone to the trouble of investing in SSO software and implemented it: their end user can’t use it without special software.

Read More

The Truth About Passwords

Technology is such an ingrained part of our lives that no one makes it throughout their day without logging on, signing in, updating, posting or doing something else that involves an Internet connection. This may be why so many people have come to take passwords for granted. After all, we have firewalls, VPNs, antivirus software and all kinds of programs meant to leave hackers without a prayer. Yet, every year, companies, major corporations and even governments get hacked.

Read More

Making Two Factor Authentication Easier

Everyone running a company has many goals. One that most probably have in common, though, is that they want to make sure their organization is as secure as possible. Whenever news breaks of another business or even a government getting hacked—and it seems like this happens about every week now—CEOs, CTOs and other executives around the world cringe knowing they could be next. This is why two-factor authentication is so important to the future of your company.

Read More

What Your Business Looks Like Without Multi-Factor Authentication

Keeping your company safe in the digital age takes a number of measures. However, at some point, they come down to using effective passwords. You can use every kind of firewall and antivirus software imaginable, eventually, someone needs to pick a password that’s going to hold its own.

Read More

The Hidden Costs of Passwords

These days, most of us associate passwords with cybersecurity. Whether we’re logging in to check our email, buying something off iTunes or using Facebook, passwords are everywhere and meant to ensure that prying eyes don’t see our private information. Obviously, companies make good use of passwords as well. However, their relationship to them is a bit different. In a business context, passwords come with costs that not a lot of people see.

Read More

Top 10 Security Issues with Remote Employees

With major advancements in mobile technology and network infrastructures, remote employee security has become more critical than ever. Companies all around the world now allow their workforce to perform their duties less from the office, and more from distant locations including a home office, coffee shops, restaurants and hotels while working on the road.

Read More

Five Tips for the MSP Looking to Offer IDaaS

Every MSP out there needs to be smart about considering what else they could be doing for their customers. Here are the 5 things to remember as an MSP looking to offer IDaaS.

Read More

5 Ways Single Sign On Will Benefit Your Business

In the digital age, you need to constantly be on the lookout for ways to improve what your company does. Usually, this means employing the best software the market has to offer. While it can be tricky discerning between fads and essentials, Single Sign On (SSO) software is easy to argue for. Here are five reasons to convince you.

Read More

It Is Time to Start Trusting the Password Again

Digital security has never been more important, even for those of us who own small businesses or just want to use the home computer with confidence. It seems like just about every month there’s a story on the news about some hacker causing problems. If it’s not our actual government getting victimized, it’s a major corporation, two parties you’d think could keep themselves safe. In today’s business world, the password has a bad reputation, but it is not all that warranted.  

How Passwords Got a Bad Name

Read More

Five Terrible Password Practices and How to Avoid Them

Everyone knows it’s important to have a quality password for their various accounts. Unfortunately, many, many people don’t. Instead, they make one or more of the following five mistakes.

Read More

The Do's and Dont's of Password Management

No matter how sophisticated our digital security measures become, passwords are always going to play a big role. This is why password management absolutely must be a priority at your company. The security of your entire organization rests on people choosing good passwords and then keeping them safe. Here are some do’s to implement and don’ts to avoid in order to maintain security. 

Read More

Why is Cloud Security so Critical?

The cloud has changed how people use the Internet. This is especially true for companies. Thanks to the cloud, reaching your business’ potential is easier than ever. However, like any digital asset, just because the cloud is powerful doesn’t mean it’s not without its risks.

Read More

That Smells Phishy

When most of us think about getting hacked, we think about some techie who can write impressive code launching an intricate attack on our company’s system. Although this kind of thing definitely happens, some of the most lethal forms of online attacks could be pulled off by just about anyone without a conscience. Phishing is a perfect example of this. As they take practically no real skills to pull off, these might be the most common type of attack your employees will come across. This is why you need to take steps toward ensuring your staff doesn’t fall victim to them.

Read More

Complying with HIPAA

If you work in the healthcare industry, you have all kinds of hats to wear and targets to stay focused on. One thing you can’t forget is the importance of HIPAA and being sure to comply with it.

Read More

Techie Turnover Doesn't Have to be Sour

Everyone knows that terminating a staff member usually involves some amount of sour worms. However, when that fired employee is a techie, they could take those sour worms and actually do something about it to harm your business.

Read More

5 Benefits of Offering IDaaS

IDaaS stands for Identity as a Service. It’s the new wave of security, a cloud-based version of authentication that you can provide your customers. There are so many reasons that IDaaS not only makes sense, but will soon become the only security option that does. Here are five of those.

Read More

What is the Cost of a Password?

Studies indicate that a breach in data security can cost between $100 and $300 for each record that is breached or lost. Part of the cost includes legal fees, lost productivity from the workforce, regulatory fines, and call-center costs. However, the cost to the reputation of the company in the eyes of customers is almost immeasurable.

Read More

The Weakest Link of Any Computer Security System Is the Password

Every company IT department understands that employees in the workforce simply do not like passwords. Even so, a password is one of the key players in modern-day online security. They are used to protect an individual’s identity while safeguarding confidential information including financial records, emails and credit card numbers. However, are passwords really effective at maintaining a high level of security? 

The Weak Link

Read More

Do you know who is logging into your systems?

Everyone knows security must be a top priority for companies these days. This is especially true for their digital presence. The damage a malicious party can do to a company by having access to sensitive information is virtually limitless. Unfortunately, we live in a world where there are more parties than ever before looking to cause these types of problems. Some want to do it for financial gain. Others are happy simply to be a nuisance. In any case, to keep your company safe from these outside threats, auditing and monitoring who has access and how it’s used is essential.

Read More

Why Does IDaaS Matter to Your Business

IT service providers face a number of challenges today. The rise of cloud technology means that many of the services they traditionally offer clients are now being handled off site, in the cloud. This has an immediate effect on revenue and profitability.

Read More

Why Office 365 Deserves More Than a Password

With Office 365, and its ability to offer valuable solutions for SMBs and large corporations, it is imperative that every company be offered a high level of security when performing work over the Internet. Some of the extensive features of Office 365 include: 

Read More

Verifying Your Users

Knowing who is accessing what in your business is a best practice that should always be followed. For businesses, running a virtual private network (VPN) is a foregone conclusion. While a wired network offers substantial security benefits and reduces inherent risks, there’s often no way to get around the need for a wireless network in place. Wireless technology is convenient, and it ensures that all devices can access the network, not just Ethernet-enabled desktops and laptops. In today’s increasingly tech-centered business world, that’s an important advantage.

Read More

Retiring the Password through SSO

The humble password has been the sole layer of protection against unauthorized access of business data, platforms and more for a very long time. In fact, passwords (and user management of those passwords) are the weakest link in the chain that protects a business’ most valuable asset. Given that fact, single sign-on might seem like a bad idea (at least superficially). Why would anyone want to use a single set of credentials for multiple platforms, websites and accounts? Doesn’t that go completely against data security best practices?

Read More

Understanding Identity as a Service

The simpler the process, the easier it will be to build a new revenue stream for your business while still providing the robust solution that your clients demand and deserve. Learn more...

Read More

Profiting on Passwords: Addressing Pain Points to Build Revenue

The need for robust security is at an all-time high for businesses large and small. However, security software, firewalls and other measures are virtually useless if businesses do not make an effort in other areas. One of the most critical is using passwords correctly.

Read More

MSPs Need IDaaS - Growing Success and Building Profitability in a Changing World

Today’s world barely resembles the state of the IT industry just a few short years ago. The very technology supported and enabled by IT service providers has altered the industry in remarkable ways. Perhaps the most important change to understand here is the rise of cloud computing – your clients are moving to the cloud in droves, and by doing so, they make many of your traditional service offerings obsolete. That obviously has a significant impact on your ability to compete, grow, and even to stay in business.

Read More

The Future of IDaaS: More Than Just Another “as a Service” Solution

It seems like there are a thousand “X as a service” solutions out there today. Even companies like Microsoft are getting into the act by offering products like MS Office on a subscription basis. One of those that you might have heard of is IDaaS, or identity as a service. What is it and what should business owners and decision makers know?

Read More

Don't Fall Victim to Brute Force Password Cracking

When it comes to digital security, there are all kinds of platforms, software and protocols you could use to keep yourself safe. However, no matter what you decide on, the efficacy of your choice will always boil down to a password of some sort. This is where hackers can strike. Even if you have a virtual army of protection working to keep your sensitive data secure, that one hacker who finds the way to gain a password could slip by it all undetected.

Read More

Learn How To Protect Your Users From Themselves

In today’s digital world, it’s all too easy to find yourself the victim of somebody who wanted your password, access to sensitive data, money, or even much more. Unfortunately, a lot of times the culprit had a lot of help. Even more unfortunate is that this help probably came from the victim themselves or an employee working for a company that found itself in some malicious party’s crosshairs.

Read More

May the Fourth be With You!

Have you heard master? There are new Star Wars movies coming soon!

Read More

Make Sure You Don't Have Your SOX on Backwards

Back in 2002, Congress passed SOX with the best of intentions. It was meant to protect shareholders and the economy at large from the widespread effects of fraudulent corporate behavior. However, this act may also be placing fairly strenuous demands on your customers’ business. Aside from playing a role in the financial elements of your business, SOX is also a major factor you must consider where the IT side of things is concerned as well. Being caught out of compliance could mean your company ends up vulnerable to malicious actions from those outside of or even within your own walls.

Read More

Remote Access is Only as Good as its Protection

If your company doesn’t have remote access protocols in place, it’s definitely behind the times. Remote access is great for several reasons. It can save you money by allowing employees to spend their workday at home without missing a beat. It also allows employees to travel to client sites or other essential locations and still stay in contact with headquarters.

Read More

What You Need to Know About Password Automation

Every workforce in the modern age involves a hefty digital component. It would be impossible for a company to remain competitive without the right technology. Unfortunately, while a digital landscape definitely means a lot of benefits, it can also bring all kinds of problems too. All you have to do is look to passwords for proof.

Read More

Ten Million Passwords

Imagine finding out that a password of yours had been stolen. That would be scary enough, right? Even if you found out in time to do something about it, that would still be a terrifying dose of reality knowing that someone was able to get their hands on it. However, now imagine that not only had someone stolen this important piece of information, but they had also posted it online for all to see. That’s exactly what happened to as many as 10 million people earlier this year.

Read More

Potential Risks with Event Wi-Fi

If you think about it, it really wasn’t that long ago that Wi-Fi was treated as a luxury. Unless you were in your own home, it was very rare you’d be somewhere where your phone, laptop or tablet could benefit from super-fast speeds. Nowadays, though, if a restaurant, hotel or any other business doesn’t offer reliable Wi-Fi, their reputation will pay the price. This is why so many events now offer it.. Still, like so many things in the digital age, just because you enjoy event Wi-Fi doesn’t mean it’s actually safe to use.

Hackers Love It

Read More

Your Passwords Are Like Flowers - They Too Should Grow with Time

Creating strong passwords that are hacker-resistant is critical to maintaining company data and personal information both online and on-site. As a critical, crucial component to maintaining the ultimate set of computer security, it is vital to develop strong passwords for every individual account on the company server, in the cloud, or online.

Read More

Why Does Your Company Need Two-Factor Authentication Software?

Most IT departments in companies recognize that a traditional password is extremely easy to guess, and even easier to steal. However, two-factor authentication (2FA) can easily add a second layer of high level security to guard against hackers and cyber-thieves.

Read More

Top 10 Signs Your Password is Weak

In the past, online banking institutions have had to shut down their online accessibility due to continual hacking from outside sources. Even the most highly secured systems on the Internet struggle with cyber-attacks and hackers that can easily gain access into their servers. Likewise, individuals and companies must be continuously on guard to build a strong wall of defense. This will safeguard against hackers that mean to do harm by gaining unauthorized access into the company intranet servers or online account.

Read More

The Concept of Least Privilege

The most crucial tool for blocking intellectual property theft is to utilize “least privilege.” The very basics of a “least privilege approach” are founded on a proven information security modality that assigns the fewest privileges to devices, processes and people as necessary.

Read More

MSPs: Client Relationship Best Practices

Every successful MSP (managed service provider) offers the “best practices” solutions to their clients, which can significantly improve company performance. This often includes better speed, long-term cost control, overall consistency, and the ongoing reduction of compliance risk.

A managed service provider can offer these solutions because of their flexible talents. They provide the ability to incorporate effective strategies for the workforce, with an overall focus that supports the goals of the business client.

Read More

How Is Your Security Hygiene?

In a survey of over one-thousand individuals, YouGov found that 24% were very concerned, 37 were moderately concerned, 31% were slightly concerned, and only 8% were unconcerned about having their online accounts compromised.

Read More

Tell Your Users Not To Commute: Telecommute

In case you missed it, this was National Telework Week (March 2 - 6, 2015). If you missed out, don’t worry, you have an entire year to practice teleworking before this opportunity comes around again.

Read More

Is Your RMM Tool Automating Against You?

Automation is one of the most potent capabilities of a Remote Monitoring and Management (RMM) system. With automation you can delegate many time consuming routine tasks, like updating programs and protections, to the RMM tool itself, thus freeing up your staff’s time.

Read More

5 Ways To Secure Your RMM Platform

Remote Monitoring and Management (RMM) platforms are a simple way to gain a powerful handle on maintaining your clients' IT environments. Learn more.

Read More

Your RMM System needs it's own Secret Service

Today is Presidents' Day in the United States. It may seem like Presidents' Day would have very little to do with IT security but, when you really consider it, the president is at the core of the government just like how a Remote Monitoring and Management (RMM) system is at the core of most IT service providers. The parallels shouldn't stop there though. Just as the president has his own protection, so too should your RMM system.

Read More

Locking Down Your RMM Platform

Despite how much attention is paid to an RMM system’s ability to allow technicians to manage multiple endpoints, little thought is given to the risks the management systems pose themselves.

Your RMM system needs armor! It needs to be locked down tightly.  In this blog post we will take a look at the cost and effectiveness of three exceptional ways to lock down your RMM platform.

Read More

Why Does Your RMM Platform Need Strong Security?

RMM tools can be a boon to any business. That much is certain; however, underneath their helpful outward appearance lies an emotionless mechanical construct. An RMM system has no moral compass. They do not know right from wrong. If someone with less than noble intentions gained access to such a system, then those capabilities once used to create and maintain could instead be used to degrade and destroy…

Read More

One Rotten Apple Ruins The RMM

RMM systems provide technicians with amazing capabilities, but with those capabilities comes an equal need for managerial control. Without those controls in place, things can quickly turn ugly whenever a technician turns rotten and needs to be “Let Go.”

Read More

The Anthem Breach: HIPAA, and What's Known So Far

The breach of over 80 million records was announced late last night by “Anthem”, the United States’ second largest health insurer. While their electronic health records are not expected to have been breached, what the attackers gained access to may have been even more valuable. They managed to gain access to over 80 million records including information like names, birthdays, SSNs, addresses, phone numbers, email addresses, and employment information. Forget credit card fraud, there are mortgage brokers that ask for less information than that!

Read More

RMMs are Great, but Great RMMs are Secure!

to get nicer for some time. Your staff have work that needs to be completed, but bad weather invariably lead to a bad commute. Wouldn’t it be nice if your staff could securely work on all of your customers systems from the coziness of your main office?

Yes, and if you’re an IT service provider you may already have the means of doing so. Effective ITSPs and MSPs invest in RMM solutions, and the ability to Remotely access systems puts the R in RMM.

Read More

Can Auditing Improve Your IT Security?

Audits come in many shapes and sizes, and most can be leveraged to improve your IT security. Whether you’re involved in a technically focused audit for PCI compliance, or something more observational like an operational audit, there are ways you can swing the process to the benefit of your overall IT security posture. How? Read on and find out.

Read More

The IT Security Best Practices Checklist

Investing in security can be an overwhelming process. Why not make the process a bit clearer by reading through our IT Security Best Practices Checklist. Just click the image above for a web friendly version of the infographic, or read on for it in text.

Read More

Technical Debt: Money Isn't the Only Thing that Accumulates Interest

IOU: Better IT security

It’s an unfortunate fact, but when people are presented with the choice between doing an easy job now or putting it off until later, they will often put off the work if they can. The mentality of leaving jobs “for future me” is used surprisingly often. Despite it being better to get things done early, when it comes to IT security, many businesses fail to see the wisdom in either getting ahead of the curve.

Read More

Five Ways to Rise above the Security Poverty Line

Does raising a business above the Security Poverty Line sound like a troublesome task? It doesn’t have to be! In our newest tipsheet we will show you five ways you can help raise any business above the Security Poverty Line.

Read More

Living Below the Security Poverty Line Puts You at Risk

Managing risk is like paying utility bills... if you’re not doing it then you’re going to be left out in the cold. That sounds rather harsh, but 85% of attacks are the result of basic security shortcomings. If you don’t want to be left out in the cold, read on to see why living below the “security poverty line” is so risky.

Read More

Rising above the Security Poverty Line

Staying above the security poverty line isn’t just a good idea, it’s also good business. According to the Ponemon institute’s “2014 Global Report on the Cost of Cyber Crime,” the cost of  cyberattacks on businesses has nearly doubled in the last four years.

Read More

Everybody Hates Passwords

Everybody hates passwords, and rightly so. There are many ways passwords can fail their intended purpose. If an attacker wants access to a password protected system, there are a number of different ways they can sneak in. If they’re unable to simply bypass the password requirement altogether, they could try guessing, shoulder surfing, phishing, install a keylogger, or even attempting a dictionary attack to get past that password.

Read More

Where is the Security Poverty Line?

How can you discover where a business is relative to this poverty line? It’s simple, just check out our infographic by clicking the image above. If you’d rather read it in text instead, continue on to find answers to the question: “Where is the Security Poverty Line?”

Read More

Your IT Security isn't your IT Budget

IT security isn’t something you can just buy in a store. It’s not a product or a person, it’s a process. There’s a lot  you could be doing to improve your IT security without spending a fortune.

Read More

All work and no play makes your IT security stronger...

If you work in the field of IT security, you know that you’re always on call. Simply put, hackers don’t take holidays. If you’re stuck working today because you need to avoid being Scrooged in the New Year, here are four things you can do today to improve the security of your IT infrastructure while everyone else is at home with their families.

Read More

Password Management: The Quest For Excellence

As the final chapter of our two-part eBook series, our newest eBook “Password Management: The Quest For Excellence” picks up where “5 Ways That A Password Management System Can Help Your Business Grow” left off.

Read More

Oh Network Tree, Oh Network Tree, I Want To Work Remotely

Working remotely, when done with the proper planning, can be a great boon to any business. Benjamin Franklin is often quoted as having said: “Early to bed and early to rise, makes a man healthy, wealthy, and wise.” Well, when you take the daily commute out of the picture your teleworkers will be healthier, and wiser, while your business can enjoy the wealth.

Read More

Do you want to make a password?

Multi-factor authentication allows you to mitigate the risk of passwords in general by requiring an additional factor, like a USB key, fingerprint scan, or smartphone app, in addition to the password they already use.

Read More

5 Ways That A Password Management System Can Help Your Business Grow

How exactly can a password management system grow your business? Simple, by driving efficiency, making compliance a snap, decreasing the turmoil of employee turnover, and enabling the addition of new employees.

Read More

How To Avoid Ho-Ho-Hoaxes This Holiday Season

The winter holidays are the biggest shopping season for retailers. Everyone is online looking up holiday recipes, buying things, contacting family, downloading winter themed screensavers. Is it no surprise then that, as a result, the holidays are also one of the easiest times for cybercrimes to be committed?

Read More

Thanksgiving Top Ten: MSP Interview Questions

Have you ever bought a big turkey, cooked it, and then noticed that it shrunk in the oven? That’s a lot like the experience of hiring a new employee. How many times have you ever hired someone that oversold themselves in an interview? Perhaps they sounded amazingly qualified on paper yet, in practice, proved to be a less than stellar employee. When you’re a smaller business, you need people that you can rely on. People that aren’t going to bog your company down. People that are… well… competent. The kind of employees you would be thankful for.

Read More

Secure Your Windows Network Logon

If you haven't seen it yet, we've written a new eBook called “AuthAnvil Two-Factor Auth: Secure Your Windows Network Logon ". It provides an overview of how to secure your Windows Network Logon using our Windows Logon Credential Provider. 

Read More

Embrace cloud-based infrastructure for what is, look past the hype

Whenever some sort of new technology becomes mainstream, the hype surrounding it becomes unbearable. To truly understand these new tools, you have to look past the hype and see what is actually being offered.

Read More

4 Common Attack Vectors and their Effectiveness Against Cloud-based Systems

In this infographic, we take an in-depth look at the comparative risks of four common attack vectors against in-house and cloud based infrastructure.

Read More

Using AuthAnvil with RADIUS

There’s no such thing as absolute security, and with wireless connections that’s just as, if not more, accurate. If you absolutely need a wireless connection in your workplace, then you should secure it as much as possible.

Read More

IT Auditing Season and Radiology Day!

Saturday is International Radiology Day! Back in 1895 Wilhelm Conrad Röntgen discovered X-rays which now provide us a means of looking inside the human body. In the theme of this lesser known holiday, let’s take a look at how auditing allows system administrators to look inside the mind of the average end-user, not unlike how X-ray technology allows doctors to look into a patient’s body.

Read More

Making Memorable Passwords 2: Electric Boogaloo

Are your passwords pathetic? Does your ability to remember regularly rotated passwords reduce your workday to IT help-requests? Worry not, we’ve got just the thing for that.

Read More

Passwords Are A Lot Like Halloween Costumes

It may seem like an odd comparison, but passwords do bear a lot of resemblance to Halloween costumes. Try to remember all of the bad Halloween costumes you’ve ever seen. How many of them were unoriginal, poorly executed, or just plain bad? If you downloaded a list of all the passwords used today, you would likely look at them in the same manner!

Read More

IT Security Horror Stories: The System Access Isn't Remote!

A Chief Technical Officer working for a large firm had gone to an out of city board meeting and left a junior technician in charge of monitoring the network. The rest of the employees had left for the day and the tech was working tirelessly testing the installation of a new Windows update when the network traffic monitor began to pick up some strange FTP traffic coming from a network backup server. The technician assumed the server had become infected with malware of some sort, remotely accessed the system and set it to sleep mode so he could deal with it later.

Read More

Preparing for the Passwordpocalypse

The script reads like a bad horror story for business owners.

In a dark room a disgruntled ex-employee sits down in a comfortable chair. He logs into a critical network, while is employers remain unaware of his access to the account. Perhaps they were too careless to bother changing the passwords. How it got to that point doesn’t matter, because that’s where the horror begins…

Read More

The Sky is Not the Limit: Secure Your Cloud-Based Infrastructure

If you haven't seen it yet, we've written a new eBook called “The Sky is Not the Limit: Secure Your Cloud-Based Infrastructure". It provides an overview of why cloud security is so critical for any business intending to rely upon a cloud based infrastructure. Here’s a sample of what to expect from the eBook.

Read More

Bringing shadow IT out of the dark

In today’s blog post, let’s shine a light onto the subject of Shadow IT, how it is a risk to your data security, and how to address Shadow IT in your business.

What is “Shadow IT”?

Read More

5 Benefits & Risks Of Working In The Cloud

Good news! We’ve released a new eBook for all of you who are considering, or already have, shifted to the cloud! This introductory eBook provides a pro/con analysis of the 5 key things most people think of when they’re looking at Cloud based systems.

Read More

It's National Cyber Security Awareness Month (NCSAM)!

I’ve said before that the most vulnerable parts of any network are the people using it. Technology is good at following rules consistently, while people, for the most part, are not. I still stand by that notion. You can trust a power supply to supply power, it’s what it’s designed to do.

Technology may not work the way it’s supposed to all of the time, but it’s not like the technology itself has any control over its actions. People on the other hand…

Read More

The Reach of a Breach: Data Breaches and Password Lists

Now, what I neglected to mention was that this data was collected freely online from data breaches over a number of years. The main database, which thankfully remains unreleased, contains over six million unique username (email) and password combinations.

There are approximately 2.5 billion email using users worldwide. If we arbitrarily decide that 50% of those people also have a work email, then that means there are 3.75 billion email accounts actively being used.

Read More

7 Passwords You Should Pass On

According to a collection of 6 million publicly available unique username and password combinations the seven passwords pictured above account for 18% of all passwords.

Read More

Shellshocked by Shellshock? This Bash bug may make your hearts bleed...

IT security isn’t some paint by the numbers step-by-step process of crossing t’s and dotting i’s, it’s all about risk management and risk mitigation.

Read More

A is for Apathy, B is for Breach... Relearn your ABC’s for IT Security

If you work in IT security, your ABC's should stand for "Always Be Checking"

Read More

[Infographic] Your Users Make Terrible Passwords

Let’s face it, of all the risks to IT security, people are the largest. It doesn’t matter how secure your building and network are if an employee with access hands the keys over to a criminal. That’s what your users may as well be doing if they’re using any of these passwords. When you can use a list of 10 thousand passwords to gain access to many accounts, bruteforce password cracking becomes unnecessary.

Read More

AuthAnvil Single Sign On Quick Peek

If you haven't seen it yet, we've written a new eBook called “AuthAnvil Single Sign On Quick Peek". As the name implies, it provides a quick peek into your AuthAnvil Single Sign On experience.

Read More

Tired of Managing Multiple Passwords? Work Smarter, Not Harder!

As people gain access to more online resources, they need to remember an ever-increasing number of usernames and passwords. Unfortunately, having more usernames and passwords means spending more time spent keeping track of those usernames and passwords.

Many users make this process easier for themselves by using simple passwords, re-using their passwords, and storing their passwords in poorly secured locations. This exposes their accounts to a significant amount of risk.

Read More

What is Single Sign-On?

This Ebook provides an overview of what single sign-on is, and how single sign-on can reduce the frustration caused by passwords.

Read More

Shadow IT "is Like A Box Of Chocolates"

The information used in this infographic originally came from a study commissioned by McAfee. In the study, over 80% of responding users admitted that they currently were using applications which were unapproved by any internal review process.

Read More

The Four Rules Everyone Who Offers IT Security Need to Follow

If you or your business is involved in IT, or IT security, then you know just how hectic and busy work can be. There are always new viruses and bugs, patches to install, and general break-fix work to do. After a certain point, unless you’re highly motivated, it becomes painfully easy to become apathetic to the entire process…

Well, this shouldn’t surprise you, but not caring is the worst possible thing you can do.

Read More

CJIS Compliance Made Easy: Non-Compliance and Willful Negligence

Back in December we wrote a blog post on the risks and punishments that can result from CJIS non-compliance. Since then we’ve had a chance to relax with a book or five, and during that time came to the realization that we left out a key notion from the original post. 

Read More

How to Give Your IT Staff a Day Off Work

It’s Senior Citizens’ Day, and I’m sure your IT staff would love to spend some time with their older family members. You could let them go spend time with their loved ones and family members...

Unfortunately, there’s a problem with that plan. There’s always a massive backlog of password resets, break-fix jobs, and general account management work that needs to be done before any of them can leave for the day. Why can’t things just be simple?  Why can’t you let your IT staff take some time off without everything falling to shambles?

Read More

CJIS Made Easy: A CJIS Checklist for AuthAnvil

If you haven't seen it yet, we've written a new whitepaper called “CJIS Made Easy: A CJIS Checklist for AuthAnvil.” This whitepaper is all about policy areas in CJIS that AuthAnvil can help to address.

Read More

AuthAnvil: Tokens and You

If you haven't seen it yet, we have written a new eBook titled “AuthAnvil: Tokens and You ". It provides an overview of the token options we offer, as well as insight into how to choose a token that best suites you.

Read More

CJIS Compliance Made Easy: Integrating Advanced Authentication

If you are a reader with an interest in CJIS compliance, then you’re in luck; I’ve compiled all the information you’ll need. In the past I’ve talked about CJIS compliancy at length. I’ve expanded upon the various components and aspects of CJIS, and how AuthAnvil can make CJIS compliance a simpler process.

Read More

CJIS Compliance: Advanced Authentication and You

If you haven't seen it yet, we've written a new eBook called "CJIS Compliance: Advanced Authentication and You". This eBook focuses on addressing CJIS Advanced Authentication requirements, as well as how AuthAnvil can help you meet compliancy.

Read More

Threat Assessment Thursday: The Easy Mark

The information in your networks is always valuable! Some of that information is simply more valuable than others. When you’re trying to perform a risk assessment of your infrastructure it’s critical that you don’t overlook the basics. It’s easy to forget the simple things when you’re dealing with advanced user authentication, denial-of-service attacks, and compliancy requirements; however, sometimes it’s those small mistakes that will bring your army of techs to their knees.

Read More

The Reach of a Breach: Financial and Retail Institutions Suffer Long-Term Damages

That jingling noise is the sound of lost business. How much is a loyal customer/client worth? If you’re a retailer, that value could be anywhere from fifty to five-thousand dollars per year. If you’re a bank, that value could be anywhere from five-hundred to fifty-thousand dollars per year. In the aftermath of recent retail security breaches a number of concerning statistics have come to light.

Read More

An Employee Wants Access Permissions for Protected Service "X"…

Let me just start out by clarifying something. This article isn’t meant to be the “Top Ten ways of Making Your Users Unhappy”! It’s can seem that way, but restricting access permissions for all services except those necessary to do ones job is, quite possibly, the best way to harden the security of a network!

Read More

Reusing and Recycling Passwords Reduces Their Resilience

Recycling is a wonderful thing. It provides people with jobs, it helps the environment, and it keeps the waterways clear... So it can't be that bad to recycle your passwords... Right?

Would you be okay with your mailbox, car, bank account, and house using the exact same key? If you answered yes, then you should really think about this some more. If you answered no, then good job on realizing why recycling passwords sounds like a terrible idea!

Read More

When You're Solving for the Problem of Passwords, Less is More!

A little poem to get you thinking about your typical morning at work as a system admin.

Read More

CJIS Compliance Protects against Sieges (of your Data Infrastructure)

CJIS compliance is a lot of things… Of high importance to those in charge of management and finances is that it’s mandatory. For those with feet on the ground, the resources provided by CJIS are invaluable. To those in charge of the data infrastructure, non-compliance lies hand in hand with vulnerable infrastructure which can be compromised.

Read More

What is a Security Question? An Easily Guessed Password!

Security questions...Whether you love or hate them, they’ve been commonplace for long enough that you’ve probably used at least one. Maybe you forget your passwords. Or maybe you don’t access all of your accounts often enough to remember those specific passwords. Lucky you though, you’ll always remember that beautiful honeymoon you spent in San Jose, California. Unfortunately, so will a lot of other people. If you were using social media at the time, then anyone who wants to know can find out rather easily.

Read More

4 Password Management Mistakes that RMM Admins Must Avoid

Many of my most successful MSP clients depend on their remote monitoring and management (RMM) tool for the success of their business. RMMs are growing more and more popular with MSPs across the board, and it’s easy to see why. RMM platforms like Kaseya (the market leader) and N-Able, Continuum, etc., allow MSPs to effectively manage the needs of multiple clients and systems, all from the comfort of their own home or office.

Read More

4 Reasons Kaseya Access Security Should Begin with AuthAnvil

With high-profile security breaches reaching the headlines, and cyber-attackers finding more and more ways to get their hands on account passwords, the thought of a criminal hacking themselves into sensitive client data and resources is keeping more than a few MSPs up at night—especially when it comes to Kaseya.

Read More

Why Securing Access to Kaseya is Critical

I hear a lot of the same things when I talk to MSP clients (and tech friends) who use Kaseya: It helps me run my business more efficiently and effectively. It allows me to manage the needs of my clients off-site. The platform is best on the market.

Read More

Kaseya is Awesome; Your Kaseya Security Should Be Just as Awesome

Kaseya has certainly made a name for itself in remote monitoring and management (RMM), standing out as a market leader with advanced features, seamless performance, and exceptional support.

Read More

6 Ways That Your RMM or PSA Tools Can Be Compromised

You love your RMM or PSA because it gives you incredible remote access to your clients’ systems and resources. Unfortunately, a would-be hacker loves it for that same reason. If they’re able to login to your super tool, the results could be disastrous. How would they be able to get in?

Read More

Two Factor Authentication for Kaseya

High-profile security breaches are all over the headlines. More than ever, MSPs are covering all of their bases to ensure their systems and tools are secure in hopes of protecting their clients from a disastrous data scandal.

Read More

5 Ways to Boost Kaseya Access Security Without Complicating Things

Many of my MSP clients and IT friends consider Kaseya to be absolutely essential to their daily operations—and with good reason. Kaseya has earned its role as a market leader through advanced design and functionality; its remote monitoring and management (RMM) capabilities stand out from the pack. 

“Without Kaseya, it would be impossible to manage the needs of all of my clients unless I was on-site 24/7. And there was more than one of me. And I was much, much smarter, with more hands,” one loyal Kaseya user explained.

Read More

Authentication as a Service (AaaS) is a Win-Win for MSPs and Clients

Most businesses recognize the pains associated with authentication. As companies increasingly rely on online services and password protected applications, the struggle to maintain password security without overburdening employees or risking non-compliance with data security regulations like PCI DSS or HIPAA is becoming more and more difficult.

Read More

There Is Serious Profit Potential in User Authentication as a Service

Many MSPs I’ve spoken to over the past year or so have had a lot of questions about the very apparent shift toward improved and advanced authentication security in nearly every industry and market. With a renewed focus on user authentication and technical safeguards from industry and government entities alike, it’s clear that things are changing rapidly.

Read More

Hate Password Security? So Do Your Customers

Passwords. Sigh.

It’s complicated.

For many MSPs, passwords are a double-edged sword. On one hand, they provide some serious job security—clients are always looking for help with password management, and with tighter authentication standards becoming the norm in every industry and market, they’re only going to be looking for more help.

Read More

How to Best Meet Password Security Compliance Requirements

Compliance is one of the main concerns of nearly every business owner I consult with, and for good reason. After all, nearly every business is held to data security standards set by an industry or government organization. 

 When a business’s data becomes compromised in a security breach, the result can be devastating; think big fines, public scrutiny, and a serious loss of customer confidence.

Read More

Authentication as a Service (AaaS)

AaaS. It stands for authentication as a service. By that, we mean delivering authentication services like two-factor authentication, single sign-on and password management remotely from the cloud.

Read More

So You Want to Sell Password Management Software: Now What?

If you’re an MSP or IT service provider looking to increase your bottom line (and who isn’t?), you’re likely considering a shift to authentication and password management. It’s a smart move.

With stricter technical compliance guidelines in nearly every industry and high-profile security breaches (for example, Target and TJX), businesses of all sizes are looking to update their outdated password and security protocols- and fast.

Read More

6 Things Your Customers Need from Their Password Management Solutions

With technical compliance guidelines (HIPAA, CJIS, PCI, etc.) becoming more strict and high-profile security breaches hitting the headlines, businesses of all sizes are looking for new security solutions. The result? An identity and access management (IAM) market that’s expected to be worth $10.39 billion by 2018.

Read More

How to Profit From Compliance: Resell Password Management Software

If you’re an MSP who works in an industry that’s subject to compliance, you’re probably feeling a bit overwhelmed as deadlines approach and the guidelines, particularly in the areas of user authentication and password security, are getting tougher and more strictly enforced.

Read More

Profiting on Passwords

If you haven't seen it yet, we've written a new eBook called "Profiting on Passwords: Increasing Revenue By Addressing Password-Related Pain Points".

Read More

The 5 Most Common Failings of Password Security and How To Avoid Them

Here's the deal: when it comes to identity assurance, password-based security is one of the worst forms of user authentication. Don't get me wrong: the creation of the password was a huge boon for productivity, and this has continued to be the case as the password became more ubiquitous as the go-to form of user authentication; However, with modern technology like two factor authentication and single sign on, it's about time we acknowledge some of the major failings of password so that we can move towards a more secure and productive solution.

Read More

The 7 Deadly Sins of IT Turnover: Is Your Password Security at Risk?

Turnover is rarely good for any company. Not only does turnover require companies to spend an estimated 1.5x to 3x the lost employee's salary to identify a replacement, but the employee often leaves with specialized knowledge that you may never recover. 

Read More

The 6 Main Categories of PCI DSS 30

This is a high-level overview to get you thinking about where you stand in regards to PCI compliance, and to help you identify any costly security gaps. 

Read More

You + Password Management Software = Profit

If you’re like many MSPs, the word “password” alone can make you shudder. It might bring back bad memories, like the numerous emergency password reset requests you’ve received while eating your lunch, or that time you nearly had a heart attack after finding out that the entire office was sharing a password to log onto the billing system—and that the password was "Password1".

Read More

At Least 23 Passwords That You Should Include In a Password Inventory

When you get ready to roll out a password management system, it's easy to think about the complications that might arise in the implementation phase and the ongoing maintenace phase. In my experience, any issues that arise can easily be remedied through a little technical know-how, some creative thinking, and stellar support from your password management vendor. 

Read More

What Password Management Is, What Password Management Isn't

When you start talking about password management, you inevitably start launching into the technical details: what types of authentication token to use, how to structure your SQL servers, cloud vs. on-premise, etc. However, it’s important to take a step back and understand what password management is and what password management isn’t.

Read More

3 Types of Password Security Attacks and How to Avoid Them

How do hackers go about stealing passwords in order to infiltrate a network and gain access to sensitive information like a client database, credit card information, and more? Today, there are three common methods used to break into a password-protected system.

Read More

MSPs: Your Retail Client Had A Credit Card Breach, What Do You Do Now?

If a retail client contacts you because they recently had their customers’ credit card information stolen, you should have no problem sensing the panic in their voice. Understandable, especially considering that a credit card breach can be incredibly devastating to a business of any size—just think of the headlines that Target’s recent credit card breach resulted in. 

Read More

When It Comes to PCI Audits, the Best Defense is a Good Offense

Understandably, audits have a bad rap. The word “audit” alone may strike fear into the heart of most business owners. So if you’ve gotten a call from a retail client who’s been informed of an upcoming PCI audit, chances are, they’re more than a little concerned about the process ahead of them.

Read More

How to "Sell" PCI Compliance to Your Retail Clients

You’ve done your research, considered some “PCI DSS worst case scenarios,” and you’ve come to a big realization: It’s super important that your retail clients comply with the Payment Card Industry Data Security Standard (PCI DSS), ASAP.

But there’s still someone else you need to convince: your client.

Read More

PCI Compliance Checklist for MSPs

If you work with clients that accept credit or debit cards (retailers, hotels, restaurants, etc.), they’re counting on you to maintain your compliance with the Payment Card Industry Data Security Standard (PCI DSS). Remember, businesses that accept and process credit cards aren’t the only ones that need to comply with PCI DSS. Any incursion into the cardholder data environment (CDE) needs to be secure. That means if you use a remote agent to access your clients’ systems, and those systems contain payment card information, you’re on the hook for PCI DSS compliance.

Read More

7 Common Client Questions About PCI DSS Compliance

Have you heard this, or something similar, from your retail clients? Do you get the feeling they think PCI compliance is just something you use to milk them for more money for your IT services? Sometimes it can be difficult to convince your small business clients they need to worry about compliance issues like PCI, but you know from experience that these things matter—even for the smallest businesses. Here is how you should reply to these common client pushbacks to help them understand what they’re up against.

Read More

So Your Client Is Requesting You Help Them Become PCI DSS Compliant

Your clients that process payment cards (credit, debit) need to be PCI-compliant. Heads up: you need to help. Learn how you can help here.

Read More

What is PCI DSS and Why Does it Matter?

Last month, mega-retailer Target admitted that credit and debit card information for up to 40 million of its customers had been compromised in a massive cyber-attack that stretched from November to December. We don't know yet exactly what happened at Target or the ultimate price Target will pay, but when you ask "Why does PCI DSS matter?" this is why.

Large companies like Target aren't the only ones under attack. The payment brands that comprise the Payment Card Industry know this and that is why they got together to create the standard.

Read More

PCI DSS 20 vs PCI DSS 30: What are the Differences for IT Security?

You might have heard that the Payment Card Industry Data Security Standard (PCI DSS) has gotten a minor makeover for the New Year. Well, not the New Year, exactly. The new standard—version 3.0 to be exact—was released in November, but close enough.

That’s just great, you’re probably thinking. All the work you’ve done to lock down your data security and password procedures to comply with PCI and now you have a whole new set of standards to worry about?

Read More

CJIS Education: What Does Advanced Authentication Mean?

For many IT service providers in law enforcement, the most confusing part of the new CJIS guidelines is the “advanced authentication” terminology (most prominent in CJIS Policy Area 6). As agencies and IT professionals scramble to ensure they are fully compliant with all CJIS security guidelines by the upcoming September 2014 deadline, many feel that this “advanced authentication” aspect will be their biggest hurdle.

Read More

Complying with CJIS Doesn't Have to Be Hard

Many IT service providers across the country are facing the challenge of having to update and adapt their security processes and protocols to ensure they meet the requirements the FBI has set forth for any agency accessing their Criminal Justice Information Services (CJIS) databases.

Read More

4 CJIS Use Cases for Password Management

Reading over the FBI’s new guidelines for CJIS compliance, it can be hard to imagine how these rules and new protocols are actually going to be implemented across the country—particularly when it comes to password management. So many agencies and individuals are used to an environment in which password security is, well, nonexistent.

Read More

December in Review: Target, Dead Passwords & Two Factor Authentication

Happy New Year! For many people, the New Year is time for a fresh start, both in their personal and professional lives, but before we let 2013 fade completely from our rearview, let’s take a look back at the month of December and see what we can learn.

Read More

What You Need to Know About CJIS Policy Area 6

Policy Area 6 of the new CJIS Security Policy, “Identification and Authentication,” is my favorite. Big surprise there; it deals with multi factor authentication. If you’re a regular reader of this blog, you know it’s a topic I never get sick of.

Read More

What You Need to Know About CJIS Policy Area 5

I’ve met with many IT service providers who work in law enforcement and are still unsure about what they need to do to ensure their organization is fully compliant with the CJIS guidelines by the September 2014 deadline.

Read More

What You Need to Know About CJIS Policy Area 4

As an IT services provider for a law enforcement agency, compliance with the FBI’s Criminal Justice Information Services (CJIS) guidelines is probably at the top of your list—especially considering the September 2014 compliance deadline. After that deadline, your organization could be subject to one of the FBI’s security audits.

Read More

CJIS Compliance Checklist for Authentication in Law Enforcement IT

Still unsure about Criminal Justice Information Services (CJIS) guidelines? You’re not alone.

Since the announcement of the FBI’s September 2014 deadline, by which all organizations that use the CJIS databases must become fully compliant with the new security and technical safeguards, many law enforcement agencies and organizations are scrambling to get their systems compliant. The sense of urgency is real; if an organization is found to be non-compliant, they’ll be unable to access the centralized CJIS information that they depend upon and use daily.

Read More

Not Complying with CJIS? Here are the Risks and Punishments

If you work as an IT service provider in law enforcement, you’re likely in the stages of preparing your organization to be in full compliance with the new, revamped guidelines from the FBI’s Division of Criminal Justice Information Services (CJIS). The September 2014 deadline will be upon us sooner than you think and if one thing is clear from the 200+ pages of the CJIS document, it’s that the guidelines are comprehensive and somewhat complex.

Read More

The 4 As of CJIS Compliance

Starting in September of 2014, any law enforcement agency that wishes to access the FBI’s Criminal Justice Information Services (CJIS) databases needs to be 100 percent compliant with the new, extensive security guidelines outlined in a 200+ page document. The document includes specific requirements regarding password security, login audit reports, and more.

Read More

How to Know If Your Law Enforcement Organization is CJIS Compliant

While many law enforcement IT professionals understand the importance of the information stored in the FBI’s Criminal Justice Information Services (CJIS) Division’s databases, many are now facing a challenge maintaining their department’s access to that information. Agencies that don’t meet the FBI’s latest changes to its Security Policy by the September 2014 deadline will risk losing access to this crime-fighting data.

Read More

Best Practices for Complying with CJIS with Password Management

If you are an IT professional who works with a law enforcement organization, you’re probably already familiar with the FBI’s Criminal Justice Information Services (CJIS) Division. CJIS is the gatekeeper of the invaluable data your organization’s agents or officers use every day to investigate crimes and keep the public—and themselves—safe. It’s because the data stored in CJIS databases is so valuable that the FBI makes it a priority to keep it away from unauthorized eyes—and it’s the reason the FBI has been rolling out a revamped CJIS Security Policy.

Read More

Password Management Month in Review: November 2013

This is the first post of our "month-in-review" series of blogs. In this series, we will be taking a look back at the previous month in the world of password security, password management, multi factor authentication, single sign on, compliance news, and more. 

Read More

Studies Project Massive Growth in (HIPAA) Healthcare IT Market

When the rules changed to apply the regulations of the Health Insurance Portability and Accountability Act (HIPAA) to not only healthcare providers and organizations, but also to any of their “business associates” that have access to electronic protected health information (ePHI), including IT service providers and MSPs, many of my IT clients became concerned about the impact HIPAA would have on their businesses. Some even considered not offering services to HIPAA-regulated organizations, just to avoid the hassle of additional rules and risk.

Read More

HIPAA Compliance: Access Management and Identity Assurance

The Health Insurance Portability and Accountability Act (HIPAA) was created to protect individuals’ sensitive medical information (in HIPAA terms, electronic protected health information, or ePHI) and streamline the healthcare administrative process. So restricting access to some users while providing access to others (password role-based access control) is a key aspect of HIPAA compliance (check out our HIPAA compliance checklist).

Read More

IT Service Providers: How to Profit from HIPAA

In this blog post, you will learn how IT service providers can profit from HIPAA and use it as a competitive advantage.

Read More

Helping Your Clients Comply with HIPAA Doesn't Have to Be Hard

With recent changes to the Health Insurance Portability and Accountability Act—including the new rule that requires any “business associate” of a company handling patient information to comply with all HIPAA standards—many MSPs and other IT service providers may be wary of taking on new healthcare clients, or even continuing with the ones they have. Who needs the headache? It seems like HIPAA is adding a whole new level of complexity to the already-complicated world of IT security.

Read More

HIPAA Compliance Checklist for Password Security

What does it mean to be HIPAA compliant, in terms of password and authentication security? Here’s our breakdown of what to go over with any client that handles ePHI in any way.

Read More

The Risks of HIPAA Non-Compliance in Password Security

Password security and HIPAA? You’ve got it down. You understand the new Omnibus Final Rule regulations and what they mean in regard to password security. You understand that HIPAA’s new definition of a “business associate” or “subcontractor” means that you, the brilliant IT service provider, are now bound by HIPAA rules and regulations and could be liable in the event of a breach.

Do you really get just how liable you might be, though?

Read More

What is HIPAA and Why Does It Matter for IT Service Providers?

HIPAA, the Health Insurance Portability and Accountability Act of 1996, was created by the federal government to protect the privacy of patients and streamline the health care administrative process.

For the most part, HIPAA isn’t a topic that many IT service providers would consider themselves experts on. Some might not even know what HIPAA is. Which sounds like, well…not the biggest deal. After all, why should the IT guy spend time researching some health care act, right?

Read More

How to Maintain Password Security When Using SSO with Cloud Apps

Many businesses are turning to single sign-on (SSO) as a smart and effective password security option for their users. It makes sense—SSO offers many benefits for offices and workspaces.

Read More

Simple for You and Your Users: Resell Password Management Software

Anyone who has worked in an office environment is likely to agree that passwords are a pain point for everyone in the office. The higher-ups need to create a policy that meets regulations and protects the security of the company and its data. The users have to struggle to remember their long list of login credentials (in some cases, eventually just surrendering to the “Forgot Password” button). And the managers have to watch as their team spends valuable time each day entering and re-entering passwords and login credentials.

Read More

4 Ways to Protect Your Cloud-Based IT Infrastructure

Cloud-based IT applications (applications that are hosted on the web, rather than your desktop computer or a local server) are becoming more and more popular in offices and workspaces. If your company uses Office 365, Salesforce, or Google Apps, you’re already in the cloud. Moving to the cloud has many benefits—bandwidth capabilities are expanded, the software updates automatically, and employees can work from anywhere. One possible downside, however, is that every cloud-based application is password protected. What does that mean to the average user? More passwords. Lots of them.

Read More

Industry News: Facebook Security and Password Management Software

Employing a password management software solution that allows for password auditing, automated password reset, role based access control, multi factor authentication, and single sign on as the ideal solution to your password management problems.

Read More

Web App Doesn't Support SSO? Password Management Software is Here

Many companies are excited about the idea of having single sign on (SSO) in their password management software. However, they are often afraid that the web applications they use won’t support it. This is an understandable concern. After all, one of the main draws to SSO is its convenience and ability to drastically cut the amount of time employees waste on numerous login screens, entering their passwords. If the needed web applications don’t support SSO, they might still require still require manual sign on.

Read More

How to Create a Seamless Login Experience Across All Devices

In business technology today, one thing is clear: everything’s going mobile. Smartphones and tablets are standard issue now. More users are logging into business-related applications on their mobile devices, allowing them to increase productivity and respond as needed while traveling, on the go, or during off-hours. Most employers encourage their workers to use their personal mobile devices for work purposes, as it allows them to respond to work requests more quickly, get more work done, and remain in the loop even when not in the office.

Read More

How to Take Password Security Out of the Hands of Your Employees

In a business of any size, each employee has their designated tasks and responsibilities. An office assistant might be responsible for answering phones and filing. A salesperson might be responsible for generating and following up on new leads. An accountant might be responsible for handling all payroll and tax issues. But in most offices, there’s at least one responsibility that every single employee shares: using password security to protect the best interests of the business.

Read More

3 Steps to Simplify Password Security for Your End Users

When it comes to password security for your clients, it may feel like a constant balancing act. Of course, you want each and every user to follow best practices (creating strong passwords, changing them on a regular basis, etc.) and protect their best interests and those of the business, but password policy and processes have to be practical, too. After all, any given employee may have upwards of 10 applications (and sometimes a lot more than that) that they have to sign into each day.

Read More

How to Improve Employee Efficiency Using Password Management Software

It’s 9:15 in the morning. Do you know where your employees are?

Some might catching up on yesterday’s emails. Some might be Facebooking; others may be preparing their first coffee. But I bet at least one of them is beginning their daily log-in process, possibly with a sigh: opening tabs in their web browser, starting applications they’re going to need for the day, typing each password in one-by-one.

Chances are, you know the drill, too. You probably do the same thing.

Read More

How to Protect Your Accounts and Passwords from Getting Hijacked

If you’re like most people, you use the Internet for just about everything: shopping, banking, bill-paying, communicating with friends and family…the list goes on and on. The convenience of being able to manage so many aspects of your life from your computer or smartphone is simply unbeatable. However, most people also don’t realize the very real risk of a security attack that could wreak havoc on their everyday life.

Read More

Password Encryption and Security: Best Practices

Password security is easy, right? These days, programs and sites make you choose a complex password with at least one number, one symbol, one capitalized letter, etc. Besides, sites and programs encrypt all of that information. Right?

Wrong.

Read More

The Secret to Increasing Password Security

In my work with a wide range of businesses, I’ve noticed that sometimes even the most competent IT departments feel utterly lost when it comes to password security.

Read More

Is Multi Factor Authentication Right for You and Your Customers?

I meet and consult with IT providers regularly about their security needs. This is what I’ve learned. Every IT service professional is essentially looking for the same thing: a smart and effective password security software solution that will protect their clients and make their lives easier.

Read More

So Your Customer Requests Multi-Factor Authentication—Now What?

If you work for an IT company like a managed service provider (MSP) and your client has requested multi factor authentication, you may be unsure of what to offer them, or even what exactly they’re looking for. I’ve spoken with many IT professionals who are extremely knowledgeable about data and password security, but are still unsure of what they should be looking for when choosing a multi-factor authentication system for their client.

What is Multi-Factor Authentication (MFA)?

Read More

What is Multi-Factor Authentication?

All too often, I see companies that rely solely on passwords to keep their data and applications secure. Requiring users to enter only something that they know—a password—is considered single-factor- authentication. While many companies educate their employees on password security best practices(such as “strong” passwords that use a combination of letters, numbers, and symbols), this is usually not enough.

Read More

The Most Recent Password Security Compliance Guidelines

One of the most common reasons business owners and IT managers ask me for help shoring up their organizations’ password procedures is because of the confusing and often-changing requirements of the industry and government regulations to which their organizations must comply. It makes sense they would want to make sure their password policies are 100 percent in line with their compliance obligations. Running afoul of industry or government regulations is one of the more costly and embarrassing things that can happen to a business. When this happens, losses come in the form of fines and legal fees, as well as bad publicity and loss of customer confidence.

Read More

How to Segment Your Employee's Password Access

One of the most worthwhile things you can do to protect your company’s passwords from being misused is to restrict access to passwords to only the people who need to see them. Here’s what I mean by that: Given the number of systems your company uses that are protected by passwords (and multiply that by however many clients you service if your company is an MSP), it’s implausible that every one of your employees would need access to every one of your passwords.

Read More

Break Glass in Event of Emergency: Automated Password Reset

For managed service providers (MSPs) and other IT service organizations, changing your clients’ passwords is a time-consuming pain. How painful is it? I’ve seen research that indicates that resetting customers’ passwords is among the most frequent—if not the single most frequent—requests made to the average IT help desk workers.

Read More

Put Passwords in the Right Hands Using Role-Based Access Controls

Are your company’s passwords on a need-to-know basis? How easy would it be for a low-level employee, a recent hire, or a trainee to gain administrative control of one of your critical systems or those of your clients? If it’s a simple matter of loading up a spreadsheet and navigating to the right line, then your company’s password management practices could use some improvement.

In a previous post on this blog, I discussed the three must-haves of a password management system: access control, auditing, and change management.  Let’s take a closer look at access control.

Read More

Four Ways to Know Your Business' Passwords are Safe

Passwords are your business’s first line of defense (and sometimes only line of defense) against a data breach. With only a single stream of characters protecting your company’s sensitive data—or the sensitive data of your clients if you work for an IT provider—from the nefarious forces that want to exploit the data for their own purposes, keeping your passwords safe at all times should be an extreme priority. But for many businesses, it isn’t. Or, and I see this more frequently, businesses think their passwords are safe, but they really aren’t.

Read More

Should Your Password Manager Be in the Cloud or On-Premises?

I wish I could give you a simple answer to the question in the title of this article: Should a password manager be located in the Cloud or at your business’s physical location? The Cloud is one of the biggest—if not the biggest—buzzwords in the IT world currently, and for good reason. The Cloud holds a lot of promise for a lot of IT applications. Storing your data offsite in a flexible, scalable solution is attractive because of its ease-of-use, its accessibility from anywhere, and because it frees companies from maintaining rooms full of servers on their own sites.

Read More

Multi-User Password Solutions for Teams

Smartphones are great, and they’ve quickly become an essential tool for managing our lives. Ten years ago, I couldn’t even conceive of carrying around something like a smartphone. Now I’m lost without mine. I use it to keep track of my calendar and my contacts, collaborate on projects when I’m not in the office, organize much of my social life, watch TV shows, and get directions. Despite its handiness and power, however, there’s one thing I’ve learned not to use my smartphone for: multi-user password management.

Read More

How to Protect Your Company From the Password Risks of Techy Turnover

This is advice I usually give to managed service providers (MSPs), but really it applies to any company with sensitive data and systems protected behind passwords: When your employees leave (and, inevitably, some will) they take their knowledge of your passwords with them. I’m not just talking about their personal login to your network and email system; presumably those accounts are deactivated as soon as someone leaves your company’s employ. Passwords protect a host of business systems.

Read More

3 Must-Have Password Management Best Practices

You must take the security of your passwords and your customers’ passwords very seriously. To protect the passwords that protect your customers' data, you need a plan that takes password management best practices into account.

Read More

Retailers love the Holidays and so do Hackers

People spend a lot of money over the holidays. For retailers, this means an increase in customers and, the “holiday rush”, often necessitates the hiring of temporary holiday staff to handle everything in a timely manner.

This influx of customers invariably results in a very happy holiday as far as retailer profitability is concerned.

For hackers, the increase in customer data at easily infiltrated businesses makes for a felonious festive feast.

Read More

The Future of IDaaS: More Than Just Another "as a Service" Solution

It seems like there are a thousand “X as a service” solutions out there today. Even companies like Microsoft are getting into the act by offering products like MS Office on a subscription basis. One of those that you might have heard of is IDaaS, or identity as a service. What is it and what should business owners and decision makers know?

Read More

Techie Turnover Doesn't Have to be Sour

Everyone knows that terminating a staff member usually involves some amount of sour worms. However, when that fired employee is a techie, they could take those sour worms and actually do something about it to harm your business.

Your Company Is at Risk

Read More

Learning to Comply with HIPAA

If you work in the healthcare industry, you have all kinds of hats to wear and targets to stay focused on. One thing you can’t forget is the importance of HIPAA and being sure to comply with it.

Read More

We are the Botnet. All email will be assimilated. Resisting is Futile.

Let’s start with the big numbers people love to read about… There are around 200 billion emails sent every given day. That’s a lot of emails. For those of you who are unfortunate enough to not have a good spam filter it probably isn’t a surprise that 80-90% of those emails are spam.

On any given day around 170 billion spam emails are being sent.

Read More

Protect Your Company with a Remote Access Policy

Many businesses now offer the opportunity of telecommuting, where employees are allowed to work from remote locations, including from home. Telecommuting is often used as a tool to attract and retain the best employees available in the market.

Read More

Ease the Pain of Passwords with Single Sign On

Although we live in an age that is at the height of technology, there are still a few pain points most of us face on a regular basis that we’d rather do without. Sometimes, these things are just minor grievances.

Read More

4 Things MSPs Should Look For in Password Management Software Partners

In the past few months, I’ve spoken with more and more IT professionals who are interested in growing their business in the rapidly expanding password and security market. For anyone who has done their research, entry into the password management and security realm is a no-brainer.

Read More

The True Cost of a Password

Studies indicate that a breach in data security can cost between $100 and $300 for each record that is breached or lost. Part of the cost includes legal fees, lost productivity from the workforce, regulatory fines, and call-center costs. However, the cost to the reputation of the company in the eyes of customers is almost immeasurable. The worst part about all of this is that typically, the breach of data in most businesses is a result of a poorly secured password. In other words, the breach is preventable.

Read More

So You Want to Sell Password Management Software: Now What?

If you’re an MSP or IT service provider looking to increase your bottom line (and who isn’t?), you’re likely considering a shift to authentication and password management. It’s a smart move.

With stricter technical compliance guidelines in nearly every industry and high-profile security breaches (for example, Target and TJX), businesses of all sizes are looking to update their outdated password and security protocols- and fast.

Read More

Webinar: Managing and Securing Office 365

It’s common to hear IT Pros state that security and usability are at odds. That applying one reduces the effectiveness of the other. While on the surface this may have some merrit, if we look closer we find it doesn’t always have to be the case.

Read More

Top 5 Signs You Need Better Password Management

A password manager is an effective tool for generating, organizing, and maintaining username/password combinations. For an additional layer of security, many individuals and companies incorporate two-factor authentication using hardware or software solutions. This additional layer of security minimizes the potential for cyber-attacks from individuals that can decipher passwords.

Read More

Relearn your ABC’s for IT Security

Your old ABC’s were a process. You would just live your life being ‘Apathetic’ towards security practices until there was a ‘Breach’, and afterwards you would think “oh, I’d better fix that vulnerability” and would ‘Compensate’ for the issue that caused the breach.

Read More

Ready to Get Started?

Try AuthAnvil