What Is Push-Bombing & How Can You Prevent It?

Free Attack Unsecured vector and picture

Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password. Employees end up having to log into many different systems or cloud apps.

Hackers use various methods to get those login credentials. The goal is to gain access to business data as a user. As well as launch sophisticated attacks, and send insider phishing emails.

How bad has the problem of account breaches become? Between 2019 and 2021, account takeover (ATO) rose by 307%.

Doesn’t Multi-Factor Authentication Stop Credential Breaches?

Many organizations and individuals use multi-factor authentication (MFA). It’s a way to stop attackers that have gained access to their usernames and passwords. MFA is very effective at protecting cloud accounts and has been for many years.

But it’s that effectiveness that has spurred workarounds by hackers. One of these nefarious ways to get around MFA is push-bombing.

How Does Push-Bombing Work?

When a user enables MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials. Then the system sends an authorization request to the user to complete their login.

The MFA code or approval request will usually come through some type of “push” message. Users can receive it in a few ways:

  • SMS/text
  • A device popup
  • An app notification

Receiving that notification is a normal part of the multi-factor authentication login. It’s something the user would be familiar with.

With push-bombing, hackers start with the user’s credentials. They may get them through phishing or from a large data breach password dump.

They take advantage of that push notification process. Hackers attempt to log in many times. This sends the legitimate user several push notifications, one after the other.

Many people question the receipt of an unexpected code that they didn’t request. But when someone is bombarded with these, it can be easy to mistakenly click to approve access.

Push-bombing is a form of social engineering attack designed to:

  • Confuse the user
  • Wear the user down
  • Trick the user into approving the MFA request to give the hacker access

Ways to Combat Push-Bombing at Your Organization

Educate Employees

Knowledge is power. When a user experiences a push-bombing attack it can be disruptive and confusing. If employees have education beforehand, they’ll be better prepared to defend themselves.

Let employees know what push-bombing is and how it works. Provide them with training on what to do if they receive MFA notifications they didn’t request.

You should also give your staff a way to report these attacks. This enables your IT security team to alert other users. They can then also take steps to secure everyone’s login credentials.

Reduce Business App “Sprawl”

On average, employees use 36 different cloud-based services per day. That’s a lot of logins to keep up with. The more logins someone has to use, the greater the risk of a stolen password.

Take a look at how many applications your company uses. Look for ways to reduce app “sprawl” by consolidating. Platforms like Microsoft 365 and Google Workspace offer many tools behind one login. Streamlining your cloud environment improves security and productivity.

Adopt Phishing-Resistant MFA Solutions

You can thwart push-bombing attacks altogether by moving to a different form of MFA. Phishing-resistant MFA uses a device passkey or physical security key for authentication.

There is no push notification to approve with this type of authentication. This solution is more complex to set up, but it’s also more secure than text or app-based MFA.

Enforce Strong Password Policies

For hackers to send several push-notifications, they need to have the user’s login. Enforcing strong password policies reduces the chance that a password will get breached.

Standard practices for strong password policies include:

  • Using at least one upper and one lower-case letter
  • Using a combination of letters, numbers, and symbols
  • Not using personal information to create a password
  • Storing passwords securely
  • Not reusing passwords across several accounts

Put in Place an Advanced Identity Management Solution

Advanced identity management solutions can also help you prevent push-bombing attacks. They will typically combine all logins through a single sign-on solution. Users, then have just one login and MFA prompt to manage, rather than several.

Additionally, businesses can use identity management solutions to install contextual login policies. These enable a higher level of security by adding access enforcement flexibility. The system could automatically block login attempts outside a desired geographic area. It could also block logins during certain times or when other contextual factors aren’t met.

Do You Need Help Improving Your Identity & Access Security?

Multi-factor authentication alone isn’t enough. Companies need several layers of protection to reduce their risk of a cloud breach.

Are you looking for some help to reinforce your access security? Give us a call today to schedule a chat.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments

Is It Time to Ditch the Passwords for More Secure Passkeys?

Free Office Computer illustration and picture

Passwords are the most used method of authentication, but they are also one of the weakest. Passwords are often easy to guess or steal. Also, many people use the same password across several accounts. This makes them vulnerable to cyber-attacks.

The sheer volume of passwords that people need to remember is large. This leads to habits that make it easier for criminals to breach passwords. Such as creating weak passwords and storing passwords in a non-secure way.

61% of all data breaches involve stolen or hacked login credentials.

In recent years a better solution has emerged – passkeys. Passkeys are more secure than passwords. They also provide a more convenient way of logging into your accounts.

What is Passkey Authentication?

Passkeys work by generating a unique code for each login attempt. This code is then validated by the server. This code is created using a combination of information about the user and the device they are using to log in.

You can think of passkeys as a digital credential. A passkey allows someone to authenticate in a web service or a cloud-based account. There is no need to enter a username and password.

This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses public-key cryptography for user verification.

The user’s device stores the authentication key. This can be a computer, mobile device, or security key device. It is then used by sites that have passkeys enabled to log the user in.

Advantages of Using Passkeys Instead of Passwords

More Secure

One advantage of passkeys is that they are more secure than passwords. Passkeys are more difficult to hack. This is true especially if the key generates from a combination of biometric and device data.

Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location. This makes it much harder for hackers to gain access to your accounts.

More Convenient

Another advantage of passkeys over passwords is that they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and time-consuming.

Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds.

Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts. It also reduces the likelihood of forgetting or misplacing your password.

Phishing-Resistant

Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account. They click on a link that takes them to a disguised login page created to steal their username and password.

When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.

Are There Any Disadvantages to Using Passkeys?

Passkeys are definitely looking like the future of authentication technology. But there are some issues that you may run into when adopting them right now.

Passkeys Aren’t Yet Widely Adopted

One of the main disadvantages is that passkeys are not yet widely adopted. Many websites and cloud services still rely on passwords. They don’t have passkey capability yet.

This means that users may have to continue using passwords for some accounts. At least until passkeys become more widely adopted. It could be slightly awkward to use passkeys for some accounts and passwords for others.

Passkeys Need Extra Hardware & Software

One thing about passwords is that they’re free and easy to use. You simply make them up as you sign up for a site.

Passkeys need extra hardware and software to generate and validate the codes. This can be costly for businesses to put in place at first. But there is potential savings from improved security and user experience. These benefits can outweigh the cost of passkeys.

Prepare Now for the Future of Authentication

Passkeys are a more secure and convenient alternative to passwords. They are more difficult to hack, and they provide a more convenient way of logging into your accounts. But passkeys are not yet widely adopted. Additionally, businesses may need to budget for implementation.

Despite these challenges, passkeys represent a promising solution. Specifically, to the problem of weak passwords. They have the potential to improve cybersecurity. As well as boost productivity for businesses and individuals alike.

Need Help Improving Your Identity & Account Security?

Take advantage of the new passkey authentication by exploring it now. It’s the perfect time to ease in and begin putting it in place for your organization.

Give us a call today to schedule a consultation.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments

How to Create Insightful Dashboards in Microsoft Power BI

man in gray long sleeve shirt using Windows 11 computer

Data visualization is a powerful tool for communicating complex data. It presents it in a simple, easily understandable format. But it is not enough to simply create a graph or chart and call it a day. To truly make use of information, it is important to create insightful reports. Reports that effectively communicate the story behind the data.

Insightful reports help decision-makers understand key trends and patterns. As well as identify areas of opportunity and make informed decisions. If analytics graphs and bar charts are only telling part of the story, it can lead people to wrong decisions.

Creating holistic and insightful reports requires the use of several data points. One tool that enables this is Microsoft Power BI.

What Is Microsoft Power BI?

Microsoft Power BI is a business intelligence tool. It allows you to connect many data sources to one dashboard. Using Power BI, you can easily model and visualize data holistically.

The platform has over 500 different data connectors. These connectors can tap into sources such as Salesforce, Excel, Azure, and more. Users can leverage pre-built report templates to save time in creating data-rich reporting. Teams can also collaborate and share dashboards virtually.

Microsoft Power BI
Image is from Microsoft

Tips for Designing Great Data Visualization Reports

Getting started in Microsoft Power BI entails:

  • Signing up for the software
  • Connecting your data sources
  • Using its tools to create report visualizations

But creating great reports goes beyond that. Below, we’ll go through several tips and best practices for getting the most out of your Power BI output.

Consider Your Audience

You should design reporting dashboards with the end user in mind. What is it that this audience wants to see? Are they looking for bottom-line sales numbers? Or do they want to cover insights that can help target productivity gaps?

The use of clear and concise language and effective visualizations are important. These help to highlight the key takeaways from the data. Customize reports to the audience’s level of technical expertise and business goals.

Don’t Overcomplicate Things

Many times, less is more. If you find that your dashboard looks crowded, you may be adding too many reports. The more you add, the more difficult it is to read the takeaways from the data.

Remove all but the most essential reports. Look for ways to include different data sets in a single report, such as using stacked bar charts. Dashboards should show important data at a glance, so do your best to avoid the need to scroll.

Try Out Different Chart Types

Experiment with presenting your data in different ways. Flip between bar, pie, and other types of charts to find the one that tells the story the best. When building a new dashboard for your organization, get some input. Ask those who will review the reports which chart type works best for them.

Get to Know Power Query

Power Query is a data preparation engine. It can save you a lot of time in developing insightful reports. This engine is used in Microsoft tools like Power BI and Excel.

Take time to learn how to leverage this tool for help with:

  • Connecting a wide range of data sources to the dashboard
  • Previewing data queries
  • Building intuitive queries over many data sources
  • Defining data size, variety, and velocity

Build Maps with Hints to Bing

Bing and Power BI integrate, allowing you to leverage default map coordinates. Use best practices to leverage the mapping power of Bing to improve your geo-coding.

For example, if you want to plot cities on a map, name your columns after the geographic designation. This helps Bing identify exactly what you’re looking for.

Tell People What They Are Looking At

A typical comment heard often when presenting executives with a new report is, “What am I looking at?” Tell your audience what the data means by using features like tooltips and text boxes to add context.

Just one or two sentences can save someone 5-10 minutes of trying to figure out why you gave them this report. That context can get them to a decision faster. It also helps avoid any confusion or misunderstandings about the data.

Use Emphasis Tricks

People usually read left to right and from top to bottom. So put your most important chart at the top, left corner. Follow, with the next most important reports.

If you have specific numbers that need to stand out, increase the font size or bold the text. This ensures that your audience understands the key takeaways.

Use can also use colors to emphasize things like a “High, Mid, Low.” For example, a low level of accidents could be green, a mid-level in yellow, and a high colored red. This provides more visual context to the data.

Need Help with Power Bi or Other Microsoft Products?

We can help you get started or improve your use of Microsoft 365, Power BI, and more. Give us a call today to schedule a chat about leveraging this powerful platform.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments

Best Ways to Use ChatGPT at Your Business (Without Things Getting Out of Hand)

a computer chip with the word gpt printed on it

It’s hard to turn around online these days without running into ChatGPT. Both Bing and Google are levering this advanced artificial intelligence language model. And you can expect it to show up in more business and personal tools that you use every day.

ChatGPT has revolutionized the way businesses interact with their customers. It has also affected how they get things done. Teams are using it for everything from emails to generating ideas for product names.

The tool’s personalized and informative responses in real-time definitely draw you in. But integrating ChatGPT into your business operations requires careful consideration. You want to ensure that things don’t get out of hand with employees using the tool irresponsibly.

In this article, we explore the best practices for using ChatGPT at your business.

Best Practices for Responsible Use of ChatGPT & Other AI

Understand ChatGPT’s Weaknesses

This is still very new technology, and it makes mistakes. When you first use ChatGPT, you’ll see a warning about this. You shouldn’t use the responses it provides you without human review and editing.

Yes, it can write you an employee device use policy if you ask. But, there may be things in that auto-generated policy that aren’t quite correct. Use it as a prompt, but not as a replacement for human-generated content.

Another weakness is potential bias. As the engine trains on vast amounts of content, it can pick up some bad habits. Thus, you could get biased or shocking responses from ChatGPT. Understand that in human terms, the tool is still a toddler that needs supervision.

Define ChatGPT’s Role

Before integrating ChatGPT into your business, it’s essential to define its role. The role can range from answering customers to generating ideas for new products.

Defining ChatGPT’s role helps you leverage its power. But also ensures you put in guard rails. The technology still is very new, so you don’t want your employees using it for everything.

Determine exactly which tasks the company approves for ChatGPT use and which it does not. This empowers your team to use it where you deem best and avoids improper use.

Consider Customer Privacy

Privacy is a crucial aspect of any business, and ChatGPT should not be an exception. As you integrate the tool into your work, it’s important to consider customer privacy. In fact, in March, Italy banned ChatGPT due to data privacy concerns.

Be aware of any exposure of employee or customer data to ChatGPT. Limit the potential for data leakage.

For example, you can configure ChatGPT to stop collecting customer data. Such as, after data collection reaches a particular threshold.

Ensure Human Oversight

ChatGPT is a powerful tool, but it’s not a substitute for human interaction. It’s crucial to have human oversight to ensure the output it gives is relevant and accurate. Human oversight can help stop inappropriate responses that may negatively impact your business.

Integrate ChatGPT Into Your Existing Customer Service

Integrating ChatGPT into your customer service channels can benefit customers. It can improve customer experience while also reducing workload. You can integrate it into your website, social media, and other support channels. It can provide real-time responses to customer queries. But, again, human beings need to watch ChatGPT and its responses.

Leveraging it intelligently reduces the waiting time for customers. It can also improve their experience with your business.

Measure Performance and Optimize

Measuring ChatGPT’s performance is crucial to ensure that it’s providing value. Measure its performance by analyzing customer satisfaction, response time, and responses handled.

You can also look at productivity statistics. Is using ChatGPT to write the framework for customer emails saving time? Or does it take just as much time for your team to edit responses?

Based on the analysis, you can optimize ChatGPT to improve its performance. This helps it to be a better support for your business.

Be Transparent About Using It

Be transparent if you’re using ChatGPT for email responses or other things. Your customers will appreciate your honesty. For example, you could simply state in your policies the following.

“We leverage AI for certain content, and always edit and fact-check its outputs.”

The use of AI-generated content is a murky area right now. Responsible companies tell their customers exactly where and how they are using it.

Get Help Navigating the Changing World of Business Technology

ChatGPT is an excellent tool for businesses looking to leverage its AI power. But this tool is still in its infancy. Integrating ChatGPT into your business requires careful consideration. You need to ensure that it’s effective and secure.

Need help navigating the changing technology landscape? Give us a call today to schedule a chat about AI, where to leverage it, and business concerns.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments

7 Smart Ways to Secure Your Wireless Printer & Keep Your Home Network Safe

Free Security Cyber illustration and picture

Many people worry about someone hacking their computer. But they’re not really thinking about their wireless printer getting breached. It’s a tool that most individuals use sporadically. For example, when you want to print out tax forms or mailing labels.

Printers tend to be out of sight, out of mind. That is until you need to print something and run out of ink. Well, they’re not out of the mind of hackers. In fact, unsecured printers are a classic way for criminals to gain access to a home network.

To illustrate this point, Cybernews purposely hacked printers. It hijacked nearly 28,000 unsecured printers globally. The success rate was 56%. What did it do once it gained access? Ironically, it made the printers print out a guide on printer security.

Are you wondering how exposed your network is from your printer? We’ve got some security tips below to help. These tips can enable you to better secure your network, which keeps data on all devices more secure.

1. Change the Default Login Credentials

When you buy a new printer, it will likely have included default information. Manufacturers give you a way to connect and set up your device. This usually involves default login information.

Immediately change that information during set up. Hackers use a master list of all these defaults. They plug it into an automated script and just keep trying them all until they get a hit. Change these, and make sure you create a strong password.

2. Keep Printer Firmware Updated

Keeping firmware updated is vital to keeping your printer secure. Hardware needs updating just like computers, software, and apps do. Those updates often contain important security patches.

Firmware updates aren’t usually as visible as software updates. Software and OS updates usually give you a popup notification. But updates to the drivers and firmware that run printers, aren’t so visible.

Some of the places you can check for firmware updates are:

  • The PC manufacturer’s utility app on a connected device
  • The printer’s information panel
  • The printer manufacturer’s app installed on a PC

3. Use a Network Firewall

A network firewall is important to ensure the monitoring of traffic. Firewalls can block suspicious activity to keep hackers out of your network. You should configure the firewall to watch incoming and outgoing printer traffic.

4. Put Your Printer on a Guest Network

Most of today’s home routers allow you to set up a guest network. This is a separate Wi-Fi that runs from the same router you use for your main network. It’s harder for hackers to get from one network to another.

Keeping a less secure device separated from computers and phones improves security. You can still print to your printer from devices on another network. You just need to have things configured correctly. If you need help with that, just let us know.

5. Disable Unused Ports or Services

IoT devices, like printers, often have many ways to connect. You may not need all the ports or services that come with your printer. These ports are risk areas where hackers could find a way in.

It’s best to disable any ports and sharing features that you don’t need. This reduces the risk of a breach.

6. Unplug It When Not in Use

Most home printers aren’t used as much as work printers. People may only use them once a month or a few times a year. If you’re not using your printer constantly, unplug it when not in use.

One surefire way to cut off a hacker’s access is to unplug the device. When it’s shut down, no access is available at all.

7. Teach Your Family Cybersecurity Best Practices

Your printer is one device on your network. Most families connect several devices to their home Wi-Fi. In 2022, the average number of connected devices per U.S. household was 22.

Families need to know and adopt good cyber habits. This keeps everyone’s data more secure. It also helps you avoid costly identity theft breaches. Or the takeover of things like baby monitors.

Some standard best practices to follow for good cyber hygiene are:

  • Always use strong passwords. (at least 10-12 characters & include a mix of letters, numbers, and symbols)
  • Keep software & firmware on devices updated
  • Use multi-factor authentication wherever possible
  • Enable device firewalls & other protections
  • All devices that should have a good antivirus installed
  • Never login to an account from a link you receive via email or text
  • Learn how to identify phishing & get a second opinion before clicking
  • Get a security checkup from a pro at least every year or two

Get Some Help Keeping Your Family’s Data Secure

IT pros don’t only work with businesses. We also help families ensure their data is safe & devices are running smoothly. Give us a call today to schedule a home security checkup.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments

6 Immediate Steps You Should Take If Your Netflix Account is Hacked

Free Person Holding a Remote Control Stock Photo

Netflix is one of the most popular and well-known streaming services. It has nearly 231 million subscribers around the world. It has been growing steadily for almost a decade.

The platform has become an essential part of many people’s daily entertainment routines. They fire up their devices, log in, and pick right back up on their favorite shows.

Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking. It’s a baked-in risk when you have a service that is only protected by a username and password.

If you experience an account hack, it can be shocking, confusing, and infuriating. You may not know exactly what to do and may react without thinking first. This is a dangerous space to be in because it can cause you to do things that only make things worse.

In this article, we’ll give you the steps to take when you suspect someone has hacked your Netflix account. Let’s first cover how hackers typically operate when deploying an account takeover.

How Does a Netflix Hack Typically Work?

Phishing overload is a problem that hackers take advantage of in these types of breaches. People receive fake emails all the time that spoof brands like Netflix. One common phishing ploy is an email stating, “There has been suspicious activity on your account.” It will include a link to log in to a spoofed site that looks like the brand’s normal login page. This is a classic trick to steal your login credentials.

Hacked Netflix accounts typically go for $12 each on the dark web.

People get numb to these emails because they get so many of them. They tend to tune them out, knowing that clicking on them could be dangerous. Hackers take advantage of this, hoping you’ll ignore the real ones from Netflix that warn you of a suspicious login (theirs!).

They lay low and don’t take any action yet that will lock you out. They wait for you to receive a few more of these emails, so you’ll completely ignore them. Then they attempt a takeover.

Accounts hacks can go in various ways. Here is one typical scenario of a Netflix hack:

  • The account owner gets an email about a suspicious login. Often it will be from a different country.
  • They may log into their Netflix account to see if there are any unknown devices logged in. Usually, none will show yet. The hacker logs back out. The goal is to get you to check and see that nothing is wrong, and assume the real notice is phishing.
  • This same scenario may happen 2-4 more times in the span of a month.
  • Once the hacker feels the user is ignoring the Netflix warnings, they’ll make their move.
  • They add their credit card to your account. This is so they can call Netflix and give them a method of verification.
  • They may increase your subscription plan to a higher level.
  • They also usually replace any user profile names on your account with numbers (1, 2, 3, etc.)
  • At this point, the account owner will typically receive an email. It will note a change in account information. This could be the account email, password, phone number, etc.
  • The hacker is now trying to lock the account owner out of their account.

What Do You Do If Someone Has Hacked Your Netflix Account?

1. Go to the Netflix site & try to log in.

If you suspect a hacked account, visit the Netflix site directly from your browser. Do not go through a link you received via email, DM, or SMS.

See if you can log in using your password. You may be able to if you caught the hacker before they’ve locked you out. If not, then skip to Step 4 below, calling Netflix support.

2. If you can log in, change your password immediately.

If you can log into your account, change the password right away. Ensure it’s a strong password that is at least 10-12 characters in length. It should also include a combination of letters, numbers, and symbols.

Do not use a variation of the breached password. You should not use any part of your old password to create the new one.

3. If you can log in, remove any strange payment methods

If you can still access your account and settings, go to the payment methods area. Often hackers will add another payment card to your account. They use it to verify the account to Netflix support.

Remove any strange payment method that is not yours. But if you remove your own payment card, you will need another way to verify your account with Netflix. So, at this point, you may want to call before you do that.

4. Call Netflix support. (Don’t skip this step)

Everyone’s experience may be different. Some users that have gone through a hack have praised the fast and helpful support from Netflix.

Contact Netflix support whether you have or have not succeeded in logging in. There may be things the hacker has done that you aren’t aware of. They may have changed subscription information.

Let the support representative know you think you’re the victim of an account hack. They’ll walk you through the process of undoing what the hacker has done.

5. Watch your bank statements.

Continue to watch your bank statements for any unusual charges. You should do this after any account hack.

6. Change the password for other accounts that used the same one as your Netflix account.

People often use the same or the nearly same password for several accounts. Make sure to change the password for any accounts that used the one that was just hacked.

Get Help Securing Your Passwords & Accounts

Don’t wait until a hack happens to you. Give us a call today to schedule a chat about our password security solutions.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

/0 Comments