Thanks for Voting
Thanks to everyone who voted
FishBytes, LLC
The Sumter Item
Best 2018
Web Design Company
Andrew Fishburne
Security for Your Small Business – Part 2
As noted in Part 1 of this series, employees have access to a variety of IT resources critical to the operation of your business. Computers and other hardware devices, data storage systems, email and mission-critical software and cloud accounts all require security policies that will protect your valuable data and sources of income. Employees who have access to any of those resources are the first line of defense against malware, hackers, and social engineering attacks. As such, your business needs a strong and properly managed IT security policy.
Phishing Scams
Phishing scams are so named because the bad guy attempts to steal your information by tossing in some bait and hoping to hook an unwary mark. Sometimes comical on the outside, these social engineering attacks are nothing to be laughed at. Millions in cash and data are stolen every year through the simple ploy of appealing to natural fear of authority, trust or greed. Tricks used by scammers are usually very simple; however, thousands of intelligent people fall for them every day.
Much is made of increasingly common data breaches, massive and small, but the most successful scammers do not need information generated from these leaks. The fact of the matter is that simple tactics work just as well to keep them well-supplied with your hard-earned money.
Some Statistics
Online scams have increased geometrically in recent years and companies have begun to employ both internal and external consultants to get a handle on the problem to protect their customers. Recent reports indicate that as many as 30 to 50 percent of phishing emails sent are opened by the receiver.
Research by IBM reported in the IBM Threat Intelligence Index 2017 notes the volume of spam emails increased nearly four times in 2016 and the trend continued in 2017. Making these data even more significant is the estimate that more than half of all emails are spam and nearly half of all spam email contains some form of malicious content.
Companies have begun to test their security by testing the weakest links, their employees. One large banking concern found that over 20 percent of their employees opened a phishing email sent out as part of the test. A success rate like that in a huge financial institution is significant and dangerous for everyone.
The Anti Phishing Working Group identified over 120,000 unique phishing websites at the beginning of 2016 and by the end of the year, they reported nearly 100,000 unique phishing email campaigns aimed at their clients. The APWG findings note that nearly 20 percent of those campaigns specifically target the financial sector.
Symantec reports 76 percent of all companies fell victim to phishing campaigns over the course of Q2 2017. This clearly indicates that no business is immune to these scams and every business must take steps to mitigate the risk.
Common Types of Phishing Scams
Deceptive Phishing is the most common form of this type of scam. Bad actors will mimic legitimate companies to convince people to give up personal information. Emails of this type use the power of the company or government name they are impersonating to either gain trust or threaten an individual into giving up identifying data. One can easily recognize the hallmark of this type of attack in the sense of urgency expressed by the scammer: “You must take care of this bill today or we will be forced to initiate legal action.”
Spear Phishing is a more highly-targeted form of the phishing scam. An attacker has procured the target’s personal information, or some piece of it, and uses that information to convince the victim that he is legitimate. Gaining such information is not difficult as we now tend to provide lots of personal information on social media sites which scammers can scrape together and use to lull us into a false sense of security.
In a spear phishing attack, one might receive an email or phone call from an individual claiming to be from ABC Company wishing to speak to Your Name Here. He will then produce information about the victim’s job, phone number and other information he or she would only expect someone with need-to-know access to have. Such knowledge tends to verify the credibility of whatever the attacker tells one. He may suggest that the victim owes a sum of money which is past due on an account or an underpayment of taxes or any number of scenarios designed to convince him or her to read off a credit card number over the phone, reply in the email, click on a link or download an attachment.
Other email phishing attacks include concealing malicious attachments as scanned documents sent from a Xerox or other brand of office copy machine. Many offices neglect to change the settings on their copiers from the default “Sent from a Xerox Scanner” message to something more specific to their company. As a result, it is easy to be fooled by an incoming email with the generic message. An unsuspecting victim clicks on the attachment which may then install a trojan virus on the computer.
Similarly, one might receive what appear to be order confirmations, booking confirmations, newsletters, email delivery failure messages, even email from one’s mother. All must be carefully inspected to verify authenticity. Any suspicion should be treated as reasonable.
CEO Fraud, also known as a “whaling” attack because it is a spear phishing attack aimed at a high-level executive within a company, has been an area of interest for fraudsters in recent years with close to 50% increases in such attacks last year.
Such an attack is a multi-phase endeavor in which the criminal gains access to email or account data through an initial attack on a company executive. He then uses the information and spoofs (fakes) a directive from the executive’s email account to transfer funds from company accounts to those of the attacker.
Another kind of whaling attack involves spoofing an email account from a company’s client with a fake invoice. Many large, and even small, company executives are often too busy or distracted to carefully peruse every document. He or she may forward the bill for payment without verifying its authenticity. Alternatively, the invoice attachment may be yet another disguised malware waiting to be opened and activated.
A whaling attack found to occur around tax season involves an employee receiving an email appearing to be from the HR department requesting an updated W-2 statement. The schemer gathers social security numbers and identifying information to use in further fraud schemes against the employee.
Pharming scams are forms of attack in which an attacker will target, instead of an individual, a DNS server. Domain name servers (DNS) are used to store databases that convert the alphabetical website name, i.e. www.google.com, to and from the numerical address the internet uses, i.e. 172.217.23.174.
In a pharming scam, a hacker will poison a DNS server to convert an alpha address to the false numerical address of their own server. A victim is forwarded to a fake server without realizing it and duped unless inconsistencies are noted.
Dropbox, Google Docs, and other SaaS (Software as a Service) Apps phishing scams take advantage of the usefulness and convenience of these platforms to millions of individuals and businesses around the globe. A recent scam using Dropbox attempted to lure victims to log in to a false Dropbox login page that was ironically hosted right in a Dropbox account.
Dropbox and an increasing number of accounts which host sensitive or personal information offer two-step verification. 2SV requires a user to first enter a username and password and then enter a second verification such as a code sent to the user’s email or cell phone. 2SV ensures that only someone with access to the password AND the secondary device may access the account, providing a double layer of protection.
Vishing takes advantage of the gaining popularity of Voice over IP (VoIP) technologies. Scammers use VoIP lines to go back to the old-fashioned method of just calling victims on the phone to phish for information.
Bad actors can set up a VoIP server to fake a call from anywhere and anyone they wish. Therefore, the victim feels secure because the caller ID information looks correct. The scammer then impersonates whomever he wishes to propagate his scam.
SMiShing is the name given to any attack broadcast through SMS or texting. Any of the previously mentioned types of scam can be completed through a text, email or phone call. Some are more effective through one or more routes, but one must be aware that swindlers will use any method that works. If one vector does not, they will simply try another until they get a hit.
Avoiding Scams in the Workplace
DO NOT click on a link in an email unless you are 100% sure that it is real, such as a link in a newsletter to which you intentionally subscribed and receive regularly. Hover your pointer over the link and make sure the link that pops up is the same as the one suggested by the wording of the link. Avoid clicking the link if it is different from the text or if it uses a link shortener such as bit.ly or goo.gl.
DO remember that government agencies and most large businesses will not initiate contact with you in ways that would trigger suspicion such as adding attachments, making demands, or requesting phone calls. They are aware of the scams out there and do what they can to avoid making them easier to proliferate.
DO NOT open an attachment unless you asked someone to send it to you or verify that the person intentionally sent you an attachment. Malware is capable of adding attachments to legitimate email as it is being sent.
DO consider amending your company financial policies to prevent authorization of financial transactions via email.
DO take the time to open a browser and log into your bank or other financial institution if you get an email from them instead of clicking a link to log in. That way you’ll know it is really your bank. Most banks have an internal messaging system which will place any urgent messages for you within your account page.
DO recognize that any scam will indicate a strong sense of urgency that you to take some action immediately to prevent an event you should recognize as unconstitutional or illegal, such as an arrest or property seizure without the proper legal procedure.
DO remember that a scammer seeks information you would not typically give via insecure channels or to unvetted individuals. Scammers must make you believe they are someone in authority with a valid reason for collecting this information. People in such positions of authority know when and where it is appropriate to collect such information.
DO always be suspicious. Phishing emails often look very real and appear very frightening. The tactic is to make a victim click without stopping to think first, so never click without thinking first.
DO ask yourself questions when you receive any kind of communication. Have you ever heard of this company? Did you send an email to this address? Are you behind on your taxes? Is this your bank or credit card company? Did you ask for this information?
DO use a good anti-virus software and spam filter to prevent most spam from ever entering your mailbox in the first place.
DO check the email header details, even when it comes from someone you know. Spoofing the display portion of an email address is very easy but spoofing the actual return address is not.
DO note whether a communication contains significant misspelling and/or poor grammar. This is often a clear red flag that one is dealing with a scam.
DO know that any claim that you have money coming to you from anyone outside of your home country is almost 100 percent guaranteed to be fraudulent. Too good to be true is just that.
DO NOT believe anyone claiming to have found viruses on your computer. Other than the virus checker you have installed on your computer, no one, not even Microsoft, can determine that your computer is infected with a virus. Your virus checker will inform you if a one is found, but no one from the company will call or email you to let you know. If someone claims to be capable of doing this, they are scamming you
DO NOT take any action of any kind that provides any information or takes you to an alternate website as a result of a “popup.” Popups may be safe but they may also be the result of a virus infection on your computer or a website you are visiting. Clicking the popup is likely to have negative effects.
The weakest link in any area of security risk is the human factor. When dealing with these types of scams, the only risk is the human one because they rely on people giving up information voluntarily and without suspicion.
Therefore, it is critical that businesses present clear company policies which express how employees will respond to all communications which present a risk to private, personal, or sensitive information. Additionally, training should discourage users from publishing sensitive personal or corporate information on social media and elsewhere. Proper training must be implemented to teach employees to recognize these scams and avoid them.
Unfortunately, the human factor is too frequently contravened even with strong training and policy measures in place. Companies should further ensure against fraud with strong security technology which goes beyond the standard desktop virus checker, though these are still valuable assistants in the war against malware. Companies should also invest in solutions which can analyze incoming and outgoing emails for malicious links and email attachments.
What to Do if You Are Scammed
It happens. A scammer gets the best of you or someone you know. The response needs to be as quick as possible to mitigate the damage. One should assume the scam has definitely resulted in identity theft and the response should take such a worst-case scenario into effect.
First, shut down the computer. Turn it all the way off and make sure it is no longer running or connected to the internet or any other computers on the local network. This is to attempt to prevent any virus from escaping onto the company network and will halt damage taking place from a running ransomware package. If this is a work computer, contact your IT team immediately and let them handle the cleanup of the computer itself. Make sure they are aware of any details you can provide. If it is a personal computer, contact a reputable service to help.
Next, you need to get online using a different computer and begin changing all of your passwords, beginning with your financial accounts. Next, take care of email accounts, file storage accounts, social media accounts and down the line to the least sensitive. Change security questions and add two-factor authorization to any accounts where these are available.
If you find that you are no longer able to login to any of your accounts, immediately contact the company and report an account hijacking. Any time you wait to act is time the attacker is doing damage to your account.
Call the major credit reporting agencies and put a fraud alert on your credit account as a potential victim of identity theft. While this is not likely to stop an identity thief from making use of your stolen information, it will make the cleanup of damage much easier later. Plan to monitor your credit closely for the next few years to make sure no unusual events occur. Quick responses to such events will mean the difference between a fix and a loss.
If you gave out your debit or credit card information, call your bank and report that card as stolen and monitor the account carefully to make sure the charges do not go through. If a bank account number was given to the attacker, immediately close the account and open a new one. Be sure to remove all funds from compromised accounts.
How to Report Suspicious Emails
If you have a good spam filter, you are not likely to see the most common phishing emails, but sometimes one will make it into your inbox. Such an email is particularly dangerous because it has defied the spam filter. If you receive one of these, you may wish to help the community at large by reporting it to an authority which may prevent its spread to other unsuspecting victims.
In the United States, you may report suspicious emails to one or all of the following by simply forwarding the email including the full email header, which includes the display names and email addresses of both the sender and recipient, the date, and the subject:
FTC at spam@uce.gov
Anti-Phishing Working Group at reportphishing@antiphishing.org
US Computer Emergency Readiness Team (US CERT) at phishing-report@us-cert.gov
Summary
The primary takeaway from this article is not to react over-hastily to any communication which you have not verified by secondary means. Companies are either aware of the need to use secure means to access your personal information or should be. Either way, it is inappropriate for them to use email or the phone to secure such information. So always be wary. You are the last line of defense in protecting your personal information and that of your company and its employees. When in doubt, check it out.
How to Create a Facebook Group (and Why)
What is a Facebook Group?
Facebook designed Groups to be spaces where like-minded individuals could come together and discuss topics of mutual interest. This is not a new idea. Bulletin Boards were among the first social developments of the early Internet and they have been around in one form or another ever since.
A Group can be about anything you like, provided you are within Facebook’s Community Standards Policy: Things for Sale, Pets, Business, A Product or Service, Politics, Parenting, Spring-Loaded Doo-Dads, Purple Earring Collecting, etc.
No topic is a wrong topic, though some will be more popular than others. The idea is to bring together people interested in a topic and get them interacting.
Why Should I Create a Facebook Group?
As a business owner, you can simply participate in various groups which might relate in some way to your product or service and use them to promote your business, but managing your own group gives you much more control over the type of message you can present. You are setting the rules, so you make them suit your own needs.
That said, great care must be taken never to become a “group tyrant” or to turn your group into an obvious commercial. The instant and eternal effect will be a loss of every group member who is not either your mom or someone not paying attention to the group content anyway. Subtlety is key to steering conversations in directions that benefit your message.
What Should My Group Be About?
Don’t even open up Facebook until you have taken some time to really think about this question. You need to be very clear about what you want your group to be about, how you want to use that topic to connect to your business goals, and how you want to go about connecting the two using the subtlety mentioned above.
There are a few common use cases for Facebook Groups at which we can take a look:
Topic-Focused Communities
Create a Group with a general topic that relates to your business directly or tangentially to draw in people who are interested in the topic and, therefore, the product or service provided by your business. An example might be to create a Fashionable Nurses Group to talk about the latest cool scrubs. You can drop in one of the nifty scrubs you sell every now and then as interest grows or you can get ideas from what everyone else is interested in.
Establish Community Authority
When part of your Social Media goal is to inspire confidence in your goods and services by proving your knowledge and experience in your area of expertise, your Group will seek to notify current and potential clients of this expertise. You will be responsible for educating and unselfishly giving away knowledge that helps people who need it in your special area of expertise. This will pay off in droves as people come to your business because of the trust you have built.
Product/Service-based Communities
These Groups are often provided by businesses to their current clients as a private space to discuss and get help with the products and services purchased from the company. Think of this as a customer service area to add value to your product or service. This is guaranteed to inspire customer loyalty when used correctly and consistently.
You must weigh the benefits of any approach you take and determine the best way you can use it to benefit your business. Keep in mind that creating a Group is a long-term labor-of-love no matter what approach you take. Any Social Media approach you take will require daily fostering to build the trust and loyalty required to make it a successful producer of sustained business growth. However, if done well, it will.
Now that you know what you are going to do and why you are going to do it, it’s time to fire up Facebook and build the Group.
How Do I Build a Facebook Group?
Look in the LEFT column on your Facebook HOME PAGE under EXPLORE. Click on GROUPS.
In the second bar from the top, click on the + CREATE GROUP button. A lightbox will pop up.
A slider at the top of the lightbox allows you to choose from several Group Type options, but we will stick with the first option for now: “Groups are great for getting things done and staying in touch with just the people you want.”
In the box titled NAME YOUR GROUP, create a name for your Group.
You can name it whatever you want and can change it later, but think about these questions:
- What are my goals for the Group?
- Does the name reflect the goals and focus of the Group?
- Is the name memorable and searchable?
- Will the name appeal to my target audience?
Next, for some out-of-place reason, you will need to add at least one new member to your group. I suggest waiting to add the bulk of your intended audience until you have fully tweaked your settings and added some content so they don’t come into a nekkid Group. You can send a personalized note with the invitation by clicking on the note icon at the end of the entry box.
Finally, on this first page, you will need to choose your Privacy Setting. Choose carefully, because changing it later is not always an option. After 250 members, you can only increase the level of privacy.
Public Groups
Anyone can join
Everyone can see the Group posts
Potentially attract people who spam with their own content
Best for a community about a specific topic, interest or event
Closed Groups
Anyone can ask to join
Requests to join must be approved by Group administrator
Non-members can’t see Group posts
Good for business-related Groups
Helps prevent spamming
**RECOMMENDED**
Secret Groups
Group can’t be seen in search
Only members can see the Group and Group posts
Members must be invited by Group administrator
Can establish the authority of your business
Can be used to provide a service or even charge a fee to join
Click the CREATE button
If you wish, choose an icon in the next box to represent your Group and click OK. This is optional and you may click SKIP to use no icon.
Congratulations! Your Group now exists. But don’t stop now. You need to customize it to make it fit your goals and intentions for the Group as well as appeal to your audience.
The Details
First, add a cover photo that’s 820 x 428 pixels. Here’s a good article on how to make a great cover photo using the awesome and free-to-very-cheap tool Canva. Choose a photo or create a header that relates as well as possible to the purpose you have developed for your Group.
Now fill in the rest of the information needed to fully describe your Group. Under your profile picture, click the …MORE button and choose EDIT GROUP SETTINGS.
If you thought of a better Group name since your first try, change it here. Change the Group Type and Icon here as well, if needed.
Description: Now you need to accurately describe your group so you will attract the members who will serve the Group’s purpose. Your description must include what the group is about and why it exists. Spend some time on this part of the process and really sell your Group to its clients. You want your perfect Group member to see that he or she is home when your purple prose is read.
You may also wish to add any rules to which you wish to hold the members. Be specific about these, especially about the policy regarding selling/spam-type activity.
Enter your Group description in the DESCRIPTION box.
Tags: You can enter up to 5 existing groups or tags that you feel might relate well to your Group. Think creatively here. You want to catch the most number of searchers. Since you are only allowed 5 here, it’s worth playing around and finding related groups with the most number of current members as these are likely to draw more members to your Group.
Locations: Click the ADD LOCATIONS button to choose specific areas you would like your Group members to reside if this is necessary to the Group Purpose. This will be a decision that is up to you. You can always just choose the United States if you want to stay at least that local.
Linked Pages: Click the LINK YOUR PAGE button to link your business web page if this is the purpose of your Group page. You may decide this is not the proper thing to do based on your Group Purpose for the page. You may also have a related web page set up for the Group. Link that here.
Web and Email Address: Here you will generate a direct email and webpage address for your Group. Click CHANGE ADDRESS and type in the group name with no spaces. As long as there is no indicator that your name is not already taken, you are good to go. Otherwise, you will need to do one of two things:
Recommended – Change your Group name so it does not get mixed up with the other group with the same name (don’t forget to change it at the top of the page).
2 – Alter the name in the address until it is different enough to allow its use.
Privacy: You set this earlier, but if you need to change it, click CHANGE PRIVACY SETTINGS and do so.
Membership Approval: You may choose to allow anyone already in the Group to approve new members or require that they are approved only by admins and moderators. Your choice.
Membership Requests: If you chose to make this a Closed Group, you may request that anyone wishing to join answer a few questions to give you an idea whether they are the correct fit before approving them to join. If you wish to require such questions, click ASK QUESTIONS and enter the questions prospective members must answer. Only admins and moderators will see the answers.
Posting Permissions: You may choose to allow anyone in the Group to post to the Group or, rarely, only allow admins to post.
Post Approval: Check the box if you want an admin or moderator to approve every post before it is seen by the Group. (You’d need a really good reason to saddle yourself with this job!)
Story Posting: Allow anyone in the Group or admins only to post Stories.
Story Post Approval: Check the box if you wish to have all Story posts approved by an admin or moderator.
Click SAVE and you’re almost done
Now you need to pin your description of the Group to the top so new and prospective Group members can find it easily. Find the post to be pinned and click the ellipsis (…) in the upper right corner. Then click PIN POST. It will now stay at the top of all future posts. You may also wish to turn off comments for this post by clicking TURN OFF COMMENTING.
How Do I Get My Group Going?
You might want to go ahead and get started with a couple of posts to get things rolling when your first new Group members arrive. Otherwise, you might end up with one of those awkward parties where everyone just sort of stands around and grins while waiting for someone else to start talking.
Finally! It’s time to get this party started! Invite some guests. There are a couple of ways to do this. NOTE: This process adds these people to the Group so they do not require approval to join, but they will need to accept to be fully joined.
In the column on the right, there is an ADD MEMBERS box where you can type in names, choosing any who are Facebook members or entering email addresses for any who are not.
Below that, you will see SUGGESTED MEMBERS consisting of members of your Friends list (click SEE MORE to, pardon me, see more). Just click the ADD MEMBER button next to their names to invite them to the group.
Facebook didn’t make it easy to power through your Friends list, for some reason, so keep at it until you have a respectable crowd gathered.
That’s it. Talk amongst yourselves. Grow your group. Use it for whatever Purpose you chose and always be a good Internet Citizen!
BONUS!
What Can I Do with my Shiny New Site?
Chat Messages
Send a message via the Facebook Messenger App to your Group or a subset of the Group. Use this feature to notify the group of things you want to make sure everyone sees. Use it sparingly or you’ll run people off!
Events
You can create Events inside of a Group that are not seen by Facebook as a whole. This can be useful for setting up meetings or “lunch-n-learn” sessions or whatever your heart desires.
Files
You can share and collaborate on files within the Group. There are lots of things you can do with this. It’s like a Group Dropbox.
Strategize
Sit down and come up with a plan for making the best use of your Group. Plan out some content of a variety that supports your Purpose for the Group. Put them on your calendar and stick to the plan.
Find Content
Unless you have all the time in the world, you can’t write all the content most types of Groups will find interesting and engaging. Look to other sources to find things you can share to keep the content fresh. Blogs, news feeds, podcasts, other Groups and Pages, books and magazines you are reading; all are great places to find content to share. A word of caution: Don’t Steal It! Always give credit where credit is due. You will be found out and your credibility is shot.
Encourage Engagement
- Provide learning opportunities such as tutorials or guest “speakers” for Group members.
- Set up Live events so everyone can get together for roundtable sessions to discuss a topic or issue.
- Instigate a contest among Group members.
- Have a quiz or trivia competition.
- Start a poll to determine Group sentiment or opinion.
Have Fun
Your Facebook Group may be the carefully considered creation of a business genius, but that does not mean you can’t have fun with it. Always take the time to find the pleasure in your work and it will never feel like work.
Security for Your Small Business – Part 1
Security for Your Small Business
Part 1 – Passwords
Photo by NeONBRAND on Unsplash
Your employees have access to a variety of IT resources critical to the operation of your business. Computers and other hardware devices, data storage systems, email and mission-critical software and cloud accounts all require security policies that will protect your valuable data and sources of income. Employees who have access to any of those resources are the first line of defense against malware, hackers, and social engineering attacks. As such, your business needs a strong and properly managed IT security policy.
Passwords
Passwords are the most common security measure used in office IT systems. Passwords must be sufficiently complex and difficult so as to limit unauthorized access to systems. Employees must choose passwords that are at least eight to twelve (8-12) characters long and contain a combination of upper- and lower-case letters, numbers, and special characters, ideally something like 6iN!m8HLxS&A. Company policy needs to support these requirements for every case where a password is required, without exception.
Common sense must be applied when choosing combinations to avoid combinations that are easy to crack. Hackers are aware of the tricks for making easy-to-remember passwords, including those with the appearance of complexity such as choices like “password,” “password1” and “Pa$w0rd.” All of these are equally inappropriate from a security perspective. Recognizable words, proper names and common phrases must be avoided. According to security expert Bruce Schneier:
Crackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages. They run the dictionaries with various capitalizations and common substitutions: “$” for “s”, “@” for “a”, “1” for “l” and so on. This guessing strategy quickly breaks about two-thirds of all passwords.
One recommended method to choosing a strong password that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalization. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”.
Most people can understand the need for complex password strategies, but many do not use them because they are simply too difficult to maintain and remember. So the question really boils down to: How does one find the balance between the necessity for secure passwords with the need to be able to easily recall them all? The answer is to develop a system for creating passwords which are both secure and memorable.
Some Methods for Choosing Unbreakable Passwords
Bruce Schneier Method
Use a personal and memorable sentence and turn it into a password. Take the words from the sentence, then abbreviate and combine them to form a password. For example:
I like to pick up a latte at Daves’s every morning before work = iL2pUaL@DeMb4W!
Will Smith is my #1 actor at the moment = !WSim#1a@atm!
My first trip to Disney was when I was 12? = Mft2DwwIw12?
I work for the best boss ever at Cogswell! = Iw4tbbe@C!
Pass Phrase Method
Rather than a complicated string of characters, you might want to try a phrase. First, come up with a random, but a memorable phrase, preferably a little nonsensical rather than a common quote. Try something like:
I wake up at 6 every morning with a cat in my face= IWakeUpAt6EveryMorningWithACatInMyFace@
Twelve of my kinfolk like to wear parkas = 12OfMyKinfolkLikeToWearParkas$
I usually have at least $15 left at the end of the week = IUsuallyHave$15LeftAtTheEndOfTheWeek!
Alternately, you can come up with a set of 12 random words rather than a phrase (note that it would take roughly 238,378,158,171,207 quadragintillion years for a brute force attack to crack such a passphrase!)
DogCatFluffy9LivesCemetaryStoneRockPetBruceBatmanGotham
KoolaidMunchkinLollipopWellSpotKrakenGameTortoiseHareLittleMittenDoll
To make remembering easier, use the memory trick of chaining these into a story in your head: “My Dog likes my cat Fluffy who recently used up her 9 lives and ended up in the pet cemetery…”
The PAO Method
Other common mnemonic devices might also assist you to remember an unbreakable password. One suggested method by Carnegie Mellon University computer scientists is the Person-Action-Object (PAO) method to create and store your passwords.
First, choose an interesting place such as Disney World. Then think of a familiar or famous person such as Michael Jackson. Finally, imagine a random action to tie them together (Flying). Now see Michael Jackson flying over Disney World. From this image, create your password by combining the first 3 letters from each word into a new made-up word: MicFlyDis.
Develop 4 such picture stories, add the resulting words together, and you have a nice random, lengthy password. Seed it with some numbers and characters for additional security. It helps if you weave the website or account for which you use the password into the story to solidify the memory for a specific location. Once you create and memorize a few of these PAO stories, you can use the stories to generate new passwords as they are needed.
Phonetic Muscle Memory
Blogger Kevan Lee suggests yet another memory device for creating strong passwords. Start at any random password generator website, such as Secure Password Generator (which, as a bonus, gives you suggestions of the type noted below).
Randomly generate 20 or so new passwords that are at least 10 characters long and include numbers and capital letters. Allow punctuation for extra security. Scan the list of passwords looking for phonetic structures within the randomness. You want to find sets that make something sensible to you:
drEnaba5Et – which could read: (doctor enaba 5 E.T.)
BragUtheV5 – which is more memorable as (brag you the V5)
From the list, keep the ones that are easiest for you to remember and forget the rest. This should give you a series of passwords to choose from as you need them.
Use A Password Manager
If you have a large number of passwords to remember (keeping in mind that passwords should never be reused on different accounts and should be changed often), you may wish to make use of an encryption-based software password tool like LastPass or 1Password.
These tools will store passwords for you using a solid encryption algorithm as well as provide randomly generated new passwords as they are needed. To access any single password, you just need to remember the master password for the tool. Please make sure you use an extremely secure password for the master and change it often.
Test Your Password Strength
OnlineDomainTools provides a password tester to verify the security level of your passwords. The tool checks your password against tricks used by password crackers to determine how long it would take to crack using typical methods. Try it out to see how secure some of your current passwords might be.
Some Final Advice on Password Security
Regardless of the strength of your passwords, they must all be changed regularly. More secure accounts, such as banking and other financial accounts, should be changed more frequently. If possible, you should allow this to be managed automatically in software or accounts which provide for it. It is difficult to forget to change your password if you are required to do so every so often in order to enter the account. Any time there is any suspicion that a password may have been compromised, change it immediately along with any others that may be related.
Always avoid using default passwords when setting up new accounts for employees or others. Each new account should have a new, strong password generated along with it. Make sure the new account holder is required to change it as soon as possible to his/her own strong password.
Many sensitive accounts now provide two-factor authentication. This method requires you to enter a password and then requires a secong method of proving your identity, such as sending an email or text message containing a secondary passcode. Whenever this is available, make use of it.
Avoid sharing a password unless it is absolutely necessary. If it does prove necessary, change it as soon as the shared user is done using it.
Get out of the habit of using a “Remember Me” function to store your password for easy entry even on your personal computer, but especially on public computers. Try to avoid using any passwords at all on public computers which are often infected with viruses that can steal your password and pass it on to a hacker. If forced to use a password on a public computer, change it as soon as possible on your private computer.
If you must keep passwords written down, be sure to store them securely. Ideally, these should be under lock and key.
Why is it so Important to Maintain Password Security?
Even accounts which may not expose your personal or financial data directly can provide juicy bits of information which can be used by hackers, scammers and other bad actors to put together a profile that eventually adds up to a pretty solid picture of your identity. This profile may be pieced together from many seemingly insignificant chunks of information left lying about along your electronic trail on the internet. The final result can be used to break into your accounts, open new accounts in your name, or even steal your tax refund.
Whole or partial profiles are regularly sold in bulk to organized crime organizations in the US and abroad. Carefully aggregated data is then sold again and again to anyone willing to pay a few cents for your name and any identifying information that goes with it. If you use the internet for any reason, or even if you don’t, thanks to huge data breaches such as the recent Equifax and Target leaks, there is a better than likely chance that your information is already out there. So, protect your information as well as you can to keep the amount of data about you to a minimum so what there is will be uselessly incomplete.
NEVER REUSE PASSWORDS
For the reasons stated above, NEVER reuse passwords. If you do and your password is compromised in a breach at a low-level site, someone now has a known-good username/password combination to inject into the other information known about you and he can be reasonably sure that this combination will work somewhere to get even more important information.
The bottom line: Some account you have somewhere will be hacked someday. With luck, it will be an unimportant account. And if you don’t have the same password everywhere, then the damage will be isolated to that one account. But if you reuse one password all over the place, then the chances that other accounts will be hacked goes up significantly.
What Should You Do Now?
1. Purchase or develop a detailed password policy for your business right away and provide training to your employees on its importance.
2. Change at least your most important passwords right away using the suggestions mentioned in this article or elsewhere.
Finally, here are the 100 most popular passwords used this year. This list is tested first by the software used in any brute force attack, which guarantees your password will be cracked in less than one second if you use any of them.
1111
1234
2000
6969
12345
111111
121212
123123
123456
654321
666666
696969
1234567
12345678
123456789
abc123
access
amanda
andrew
asdfgh
ashley
asshole
austin
baseball
batman
bigdog
biteme
buster
charlie
cheese
chelsea
computer
corvette
cowboy
dallas
daniel
diamond
dragon
football
freedom
fuck
fucker
fuckme
fuckyou
george
ginger
golfer
hammer
harley
heather
hello
hockey
hunter
jennifer
jessica
jordan
joshua
killer
letmein
love
maggie
martin
master
matthew
merlin
michael
michelle
monkey
mustang
nicole
orange
pass
password
patrick
pepper
princess
pussy
qwerty
ranger
richard
robert
secret
sexy
shadow
silver
soccer
sparky
starwars
summer
sunshine
superman
taylor
test
thomas
thunder
tigger
trustno1
william
yankees
yellow
Common Myths About Social Media Marketing
Common Myths About Social Media Marketing
Has your business looked into social media marketing as a way to expand or improve your bottom line? Can this form of marketing help you reach your goals? Are any of the following statements ones you have made as a reason why social media is not something your company needs?
Social media does not provide an adequate return on investment (ROI).
What is the ROI for your phone? If you don’t have a phone or a website or a social media profile, you don’t exist in the business landscape of your customer. That doesn’t mean that you just throw money at social media and hope it delivers results. Use sound business principles. Set business goals and start comparing the investment you currently have in getting and keeping customers with new social media tools.
We don’t have the time or money to waste on something new.
If you currently make cold calls, send sales reps into the field, go to networking events, travel to trade shows, gather business cards, make sales calls, make appointments, drive to appointments and make more appointments to generate new sales, then you will be saving time and money by using social media tools. You will still have face-to-face meetings, but these often come AFTER a lengthy relationship-building series over LinkedIn, Facebook and even Skype. In mileage alone, you will see significant savings. Consider all the other areas of savings from which you will recoup social media marketing costs.
We won’t be able to control our public message.
The way you control your message with social media is by putting the message out there in the form of blog articles, guest articles, Twitter posts, Facebook updates, LinkedIn updates, answering questions and simply being present online. Think of Google as your homepage. When people search for your name or your company name, the content that you created should overwhelm the page. Your customers use Google to search for your goods and services. When you are the result of their search, you are seen to be the leading expert or provider. People decide to go with your company.
We will expose private information to our competitors.
You will lose as much privacy as you would sharing information at a networking event or a customer presentation. In fact, social media is a sales and marketing tool; the last thing you want is privacy! Worrying about privacy is like sending your sales rep to a trade show and saying, “Don’t tell anyone we’re there.” You wouldn’t do that at a trade show, why do it online? Maybe you’re stuck on the idea that people share what they’re having for breakfast on social media. That might have been true in the early days, but overwhelmingly the web is a place where conversations happen about brands. Marketing research tools are designed to analyze what products and services people are talking about. This wouldn’t be possible if people weren’t talking about them.
We don’t have the time to invest in social media.
Does your business have people that take care of customer service? Perhaps they take phone calls, respond to emails or even snail mail letters. Is their time as efficient as possible? Many companies train their customer service staff in the use of social media so they can respond to queries and issues between calls and email responses. This approach ensures the business is using staff who live and breathe customer service and are at the heart of social media efforts, but it also alleviates the need to have dedicated social staff. In an ideal world a business would have people with the sole purpose of delivering service via the social media platforms; however, that can also be easily and inexpensively outsourced to social media experts.
We can’t afford it right now.
Social media offers an attractive low-cost alternative to media advertising buys, but social media is not a free alternative as some suggest. It may be necessary to hire a part-time employee or contract a social media marketing expert to manage your business’ social media presence. You may also incur a modest expense to produce content to share on your sites. But again, you can turn the no money objection around. Are you saying you cannot afford to market your business? If no, there are bigger issues that need to be addressed to fight for survival.
It will take too long for a social media marketing campaign to pay off.
Social media will definitely not have an immediate financial impact, but it will have an immediate impact on brand recognition. Social media takes time and energy, but what successful venture doesn’t require time and energy? Don’t just think about the revenue that is generated, but also the cost savings involved. Look at the traffic your website is getting due to your social media efforts. Are you noticing more positive mentions? It’s all part of the benefits of social media.
Our customers don’t use social networks so we would not be reaching our target market.
You will be surprised to discover how many of your customers and potential customers are using social media. A sizeable portion of the population of planet Earth are on there. You know what they say about assumptions, right? The most useful social networking sites are meant for the general audience.
We prefer not to acknowledge negative comments about our brand.
With the global acceptance of social media across all types of businesses and industries, negative comments will happen whether you want them to or not. The power of social media is in the public. It gives your customers and potential customers a voice they didn’t have before. Negative comments are inevitable so instead of ignoring them, embrace this opportunity to reach out as needed. The missed opportunity is to let it happen behind your back. You will be surprised to find out that many negative comments are based on inaccurate information. In addition, this type of feedback can lead to improved business processes or product/service enhancements. The power to influence is extremely compelling. You don’t have to respond to every negative mention, but at least follow the conversation.
We tried using social media before and it didn’t work.
How long did you “try” social media? Did you have a strategy in place? What did the strategy consist of? How did you measure success? What were your goals and objectives? What gave you the conclusion that social media did not work? What results from social media would you have considered a success? What process did you go through when participating in social media? If you don’t have answers to all of these questions, you may have missed some steps in your social media marketing plan. Perhaps a more detailed plan would produce better results.
Social media marketing doesn’t really fit our company’s brand.
The most useful social networking sites are meant for the general public with no preference to any type of brand or industry. Social media is not a fad and is starting to become a best practice for PR, marketing, customer service, and business development. What is important to consider is your company culture. Your company culture is reflected in whatever social media participation you enter. Whether you’re in a bland industry or not, your brand will come out shining.
My industry is different.
No, it isn’t, and thank goodness. When social media first became a fixture, companies tried to start their own social networks. They were unsuccessful because they missed a key point: people don’t want to hang out on your website all day, hovering around your particular product or service. They want to hang around where other people already are and choose to follow their own interests. The upside is that the social web has become a primary referral source for companies selling products or services, who have a “non-salesy” presence on the social web. This means that your industry is NOT different; not if it caters to people who are not only about one thing, who only do one thing, and spend all their time on websites about one thing. If they’re real people, who have a variety of interests, they’re pursuing those. That’s good news because you can go where they are with confidence. Companies that participate in the social web have increased by 75% in the past few years. Businesses that are integrated with social media get the leads, while businesses that are isolated do not. Repeat customers will often refer others using social sharing. The social web has every kind of person, including the ones who can influence your business.
There are plenty of reasons and excuses to avoid having to deal with the social media revolution in business, but the result is that your business misses out on one of the greatest growth potentials available today. Social media is not going away. Now is the time to take a look at what it can do for your business.