fbpx

security

What's Wrong with your Password?

What’s Wrong with your Password?

passwords on paper not safe

Passwords are the first line of defense against break-ins on your phone, computer and online accounts. Thieves are clever. They come up with tricks to grab your password, with or without your knowledge. When we create passwords, we either make something that’s easy to type – a common pattern – things that remind us of the word password – the account that we’ve created the password for – or we think about things that make us happy. While this makes typing and remembering your password more fun, it also makes it a lot easier to guess your password.

Now days, we are told that our passwords need to have a lot of “entropy” – a lack of order or predictability. If you haven’t gotten around to using a password manager yet, you’re not alone. Even Lorrie Cranor, the past chief technologist at the Federal Trade Commission, who helped protect consumers from online crimes, only started using one in late 2016. “I’ve been advocating password managers for years, but I’d never actually tried one,” Cranor says. These services can help defend against criminals by generating and storing a different password—one that’s long and complicated—for each of your online accounts. But deciding which password manager to trust with the keys to your online life may seem daunting.

What Are Password Managers, Exactly?

Most of us either use weak passwords or reuse passwords on multiple accounts. This makes us more susceptible to crimes such as identity theft. A password manager will generate, retrieve, and keep track of super-long, crazy-random passwords across countless accounts for you, while also protecting all your vital online info—not only passwords but PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more—with encryption so strong that it might take a hacker between decades and forever to crack. And to get all that security, you’ll only need to remember a single password, the one you use to unlock your so-called vault. Your login data will be locked down and, at the same time, remain right at your fingertips.

What to Look for in a Password Manager?

A dedicated password manager will store your passwords in an encrypted form, help you generate secure random passwords, offer a more powerful interface, and allow you to easily access your passwords across all the different computers, smartphones, and tablets you use. When researching Password Managers, look for the following features:

• Generate unique passwords
• Two-factor authentication
• Quick secure signing across multiple platforms
• Automatic bookmark-style logins
• Change dozens of passwords with one click
• Instant security alerts
• Provides secure access to your passwords wherever you are
• Supports Windows Biometric Framework, Apple Touch ID and Face ID
• AES-256 encryption

Most password managers offer strong security: AES-256 encryption, which is used by the federal government to protect classified information. But what we see is easy-to-use software with nifty features such as alerts when one of your sites or services has been breached, the ability to change your old passwords automatically on certain sites, seamless syncing, and a smart, engaging interface.

Don’t Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or a PayPal account.

We put ourselves at risk when we take an apathetic approach to creating, using and protecting our passwords. To prevent password leaks from being so damaging, you need to use unique passwords on every website. A password manager will take a load off your mind, freeing up brain power. For more information on ways to secure your business processes, visit www.kechie.com or www.myofficeapps.com.

by admin

Access Control Systems: The Power to Secure what’s Yours

Access Control Systems:  The Power to Secure what’s Yours

image of access control

A critical element in securing your business is controlling access to your business space. While cyber security tends to be top of mind for many businesses, controlling who enters – or has access to your business – is the first line of defense against intruders, thieves and even potential employee misconduct. Choosing access control systems wisely protects your staff, your stuff and your data.

What is an Access Control System?

Access control is a way of limiting access to a system, either physically or virtually, and users must present credentials before they can be granted access.  In brief, access control is used to identify an individual who does a specific job, authenticate them, and then proceed to give that individual only the key to the door, the workstation, or the software tools they need access to and nothing more. Access control systems come in three variations:

  • Discretionary Access Control (DAC): This is the least stringent form as it provides one level of access for all with approved credentials.
  • Mandatory Access Control (MAC): This is the strictest and most work-intensive form of access control as it requires the system administrator to assign an access level to each individual added to the system.
  • Role Based Access Control (RBAC): This is the most common form. With this approach, roles or job titles are added to the system with a level of access assigned to each, based on the access needs someone in that role will have.   When a new person is added to the system, they are added with a given role or job title and the level of access is automatically assigned. This is also called rules-based access.

Cloud-Based Access Control

Access control in the cloud started with small business end users because it made sense. Offering them a way to get many of the same features larger enterprises enjoyed while not requiring the same infrastructure was a natural fit.  The main benefit of cloud-based access control is that these systems are much easier to manage and maintain than traditional access control systems. You never have to worry about losing important information if/when your system crashes.  Also, upgrades or new features can be applied automatically and seamlessly, with no need for site visits by technicians.  With a cloud-based physical access control system, your cloud environment is a trusted and compliant environment that always provides you with full control, governance, and ownership of your data.

As you can see, when it comes to choosing the type of access control system that is most suitable for your organization, there are a number of factors involved. Some of those factors include the nature of your business, security procedures within the organization, and the number of users on the system.  Kechie™ ERP offers complete and customizable access control tools that are as unique as your business.  For more information on managing your business processes with role based access control, visit www.myofficeapps.com.

About My Office Apps, Inc.

My Office Apps, Inc. (MOA) is a leader in business improvement software solutions to automate your organization.  Building on three decades of software design and development, MOA delivers Kechie™, a transformative business tool.  Kechie is a fully integrated Enterprise Resource Planning Software as a Service (SaaS) platform with a simplified user experience and the latest in cloud technology.  It is quick and easy to implement without the expensive price tag.  Sold in separate packages – inventory and warehouse management, manufacturing, finance – or a fully configured ERP system to include all of these individual tools.  Kechie is easily configured to the scalable needs of your growing business. For more information on managing your business processes more efficiently and effectively, visit www.myofficeapps.com.

###

 

by admin

cloud security for ERP

ERP Systems and Cloud Security

ERP Systems and Cloud Security

cloud security for ERP

A significant concern held by CIOs and top managers at companies of all sizes is the risk of a cybersecurity issue at their company.  Their concern is justified and many are actively working to improve their software, systems, and procedures so that they will not have any problems.

A common misconception of ERP systems is that on-premise systems will have better security than a cloud-based system since it can be closely monitored.  The fact is, the exact opposite is true!  A cloud-based system will actually be MORE secure than one that you might operate on your own premises.

Reasons why Cloud security is better than on-premise

First, Software-as-a-Service (SaaS) providers are particularly focused on excelling in this area.  They know that a breach in their security will cause customers to lose confidence them and severely impact their business.  Their staff is particularly trained to identify and eliminate any potential security threats, and have a broader experience warding off these attacks. On the other hand, a user company’s internal IT staff will have too much on its plate trying to manage all of these responsibilities, while not being experts in cybersecurity.

In additional to having staff and internal procedures focused on providing great cybersecurity, having the right software to utilize is just as important. At My Office Apps, we partner with the Progress Software company for the back-end database functionality of Kechie ERP software.  Progress Software was founded in 1981 and is one of the largest providers of database management software used by over 150,000 enterprises worldwide.

cloud ERP security

Security features that are built into this ERP software:

  • The Authentication of Users: Who is allowed to get in either via a User Interface (UI) or directly to API’s?
  • Authorization: Once a user logs into your application, what data are they allowed to access?
  • Auditing: What did the user change?
  • Data-at-rest: Is the data secure when it’s stored in the application?
  • Data-in-motion: Is the data secure when it’s flowing through various architectural components of your application?
  • Network connectivity: How do you make sure that the various ways in which a user can access your application are safe, both inside and outside the application boundaries?

 

The Kechie software takes advantage of these features by creating a smooth interface to this functionality that can enhance its capabilities.  For example, different permissions can be programmed in the system for each user for either NO ACCESS, VIEW, UPDATE, or ADMIN privileges. These allow you to keep employees on a need to know and prevent unauthorized viewing, deleting, or changing of data by someone who shouldn’t be doing so.  Another feature in Kechie is the CHANGE LOG function.  This means that if a hacker ever was able to get into the system and change something, it could be detected.  The hacker would not be able to cover their tracks.  This feature is also useful in recovering from inadvertent errors in your staff.  If something is mistakenly changed, an administrator could go in, figure out what happened and take corrective action. In addition, the cloud-based system also will have automatic data replication functionality. So if a data base becomes invalid due to a hacker or some other reason, the replicated information would be available for restoration of the data and maintaining functionality for the end user.

If you’re worried about communicating your data over the internet, precautions must be taken to ensure that a bad actor can’t tap into the connection, read the data, and cause mischief with this information.  The internet standard for this is called Transport Layer Security (TLS) and the Kechie software fully complies with this.  All data transmitted between the end user and the server is encrypted, meaning if someone were able to intercept the data, they would not be able to decode it or do anything with it.  Simply put, the data sitting at rest on the server is encrypted, and if someone were to physically break into the server room and steal the storage hardware, they also would not be able to decode the data or do anything with it.

Your company’s data has been at the forefront of Kechie’s creation from the start, to make sure that it is kept secure by both My Office Apps, and its partners. With the Kechie ERP system, you won’t have to worry about cybersecurity. You can instead focus your efforts on running and building your business with peace of mind.

 

 

by Stephen Akhterov