Scott Zuke
Password Security
Password Security
Scott Zuke
Salesforce

Cybersecurity Awareness Month

Cybersecurity Awareness Month

As we enter Cybersecurity Awareness Month this October, it's a perfect time to reflect on the importance of protecting ourselves in today’s digital world. In an age where so much of our personal, financial, and professional lives are online, it’s more crucial than ever to stay vigilant and aware of the ever-evolving cyber threats that can impact us. This month is dedicated to educating individuals and businesses about the importance of cybersecurity and how to stay safe in the digital realm.

Why Cybersecurity Matters

Cybercrime is on the rise, with hackers becoming increasingly sophisticated in their attacks. Whether it's phishing scams, ransomware, or data breaches, no one is immune from cyber threats. In 2023, the average cost of a data breach was over $4 million, highlighting the severe financial impact of cyberattacks on businesses. However, it's not just businesses at risk; individuals are often targeted through social engineering, identity theft, and malicious software. The consequences of cybercrime can be devastating, including financial loss, compromised personal information, and even emotional distress.

Key Cybersecurity Threats to Watch

Understanding the types of cyber threats you might encounter can help you take steps to defend yourself. Some common threats include:

  • Phishing Attacks: Scammers trick you into revealing personal information through fake emails or websites that appear legitimate.
  • Ransomware: Malware that encrypts your files and demands a ransom to unlock them.
  • Data Breaches: Hackers gain unauthorized access to your data, often stealing sensitive information like credit card numbers or passwords.
  • Social Engineering: Manipulating individuals into giving up confidential information by exploiting trust.
  • IoT Vulnerabilities: As more of our devices become "smart" (think of home assistants or thermostats), they also become new targets for cyberattacks if not properly secured.

Steps You Can Take to Stay Secure

Here are some simple, practical tips to enhance your cybersecurity posture and reduce your risk of becoming a victim:

1. Update Software Regularly

Outdated software is a goldmine for cybercriminals because they can exploit vulnerabilities in older versions. Always keep your operating system, applications, and antivirus software up to date.

2. Use Strong, Unique Passwords

Weak passwords are one of the easiest ways for hackers to gain access to your accounts. Use long, complex passwords, and never reuse them across multiple sites. Consider using a password manager to keep track of them.

3. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring a second form of verification (like a text message or authenticator app) in addition to your password.

4. Be Wary of Phishing Scams

Always double-check the sender's email address and be cautious of any unsolicited communications that ask for personal information. If something feels off, it probably is.

5. Back Up Your Data

In the event of a ransomware attack or other data loss incident, having backups can save you a lot of hassle. Make sure to regularly back up important files and store them securely.

6. Secure Your Devices

Make sure your devices are protected with strong passwords and encryption. This includes smartphones, laptops, and any other device connected to the internet.

Cybersecurity at Work

Cybersecurity doesn’t just apply to your personal life—it’s also critical for businesses of all sizes. In fact, small businesses are often targeted because they may not have the same resources as larger enterprises to defend against cyberattacks. Encourage your organization to:

  • Train Employees: Make sure your employees are aware of common cyber threats and know how to spot them.
  • Create Incident Response Plans: Have a plan in place to respond to a cyberattack or data breach. Quick action can minimize the damage.
  • Implement Secure Policies: Ensure that your company has clear policies on data usage, password management, and access controls.

Get Involved this Cybersecurity Awareness Month

This month is an opportunity to learn, share, and promote good cybersecurity practices. Here are a few ways you can get involved:

  • Join the Conversation: Follow the hashtag #CyberAware on social media for tips and news.
  • Participate in Training: Take advantage of free cybersecurity training resources available online.
  • Host a Cybersecurity Event: Whether at your workplace or in your community, spread awareness by organizing discussions or workshops.

Conclusion

Cybersecurity is everyone’s responsibility. By staying informed, practicing good habits, and sharing what you know, you can help make the digital world safer for yourself and others. Cybersecurity Awareness Month is the perfect time to reflect on your digital habits and take action to protect your online presence.

Stay safe and #BeCyberSmart!

Password Security

Password Security

Passwords suck. Unfortunately, they're still needed. We all know that passwords are used for the important stuff, like banking, but they're also used for things like our kid's lunch money accounts. Many people still use weak passwords, which puts their personal information and security at risk. We're going to dig into the importance of password security and then offer up some tips on how you can improve your password practices.

Why Password Security is Crucial

Passwords protect your sensitive information, from your emails and financial data to personal details stored on social media accounts. A weak password can open the door for hackers to:

  • Steal Personal Information: Hackers can gain access to your private information, such as banking details, social security numbers, and addresses.
  • Identity Theft: A compromised password could lead to identity theft, allowing attackers to impersonate you, take out loans, or make purchases in your name.
  • Access Multiple Accounts: If you use the same password across different services, one breached password could grant a hacker access to multiple accounts.
  • Damage Your Reputation: In cases where hackers gain access to your social media or work accounts, they can post harmful or false information, damaging your reputation both personally and professionally.

Given the potential consequences of a hacked password, it’s clear that securing your passwords is vital.

Common Mistakes People Make with Passwords

Before diving into tips for better password security, it’s important to understand some common mistakes people make with their passwords:

  • Using Weak Passwords: Simple passwords like "123456," "password," or your name are easy to guess.
  • Reusing Passwords: Many people use the same password across multiple platforms, which means a breach on one site could compromise multiple accounts.
  • Not Using Multi-Factor Authentication (MFA): MFA provides an extra layer of security, but many users still rely solely on passwords without enabling this feature.
  • Not Changing Passwords Regularly: If a hacker has access to your old passwords, failing to change them can leave your accounts vulnerable over time.

Best Practices for Strong Password Security

Improving your password security doesn’t have to be complicated. By following these simple tips, you can significantly reduce the risk of your accounts being compromised.

1. Use Strong, Unique Passwords

The first step to better security is creating a strong, unique password for each account. A strong password should:

  • Be at least 12 characters long.
  • Include a combination of uppercase and lowercase letters, numbers, and special characters.
  • Avoid using easily guessable information like birthdays, names, or common words.

2. Use a Password Manager

Remembering complex passwords for every account can be challenging. That’s where password managers come in. These tools generate and store strong passwords for you, so you only need to remember one master password. This not only helps you create more secure passwords but also ensures you’re not reusing them across different accounts.

"But I have a system..."

I used to use a "system" as well. It's easy to fall into a trap of just changing a number at the end of the password or using "3" in place of "E". These approaches are better than simple passwords, but they're still not random.

Which is more secure?

Co.QsTy_MKu!_snoN*RDVBFUsgb8fjQe

OR

Angelina12!

If you must create your own password, mix things up with special characters

a9Ng3l1na12_!

Most password managers can produce memorable passwords as well.

3. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an extra layer of protection beyond just your password. With MFA enabled, even if someone obtains your password, they still need to verify their identity through a second method, such as a text message or authentication app. Whenever possible, enable MFA on your accounts to significantly boost your security.

4. Change Your Passwords Regularly

While strong passwords are essential, it's equally important to change them periodically. If an account is ever compromised, updating your passwords regularly will limit a hacker’s ability to access your accounts over time.

5. Be Wary of Phishing Scams

Phishing attacks are a common tactic for stealing passwords. These attacks typically involve fake emails or websites that trick you into entering your password. Be cautious when clicking on links from unsolicited emails or messages. Always verify the authenticity of the sender before providing any sensitive information.

The Cost of a Weak Password

The consequences of poor password security can be costly and far-reaching. Here are a few real-world examples of what can happen if your passwords are not properly secured:

  • Financial Loss: A hacked banking or credit card account can lead to fraudulent transactions, which may result in significant financial losses before the breach is detected.
  • Loss of Privacy: A compromised email or social media account can expose private messages, personal photos, and sensitive information to the public or cybercriminals.
  • Reputation Damage: Cybercriminals who gain access to your social media or professional accounts can tarnish your reputation by posting harmful content or stealing confidential work-related information.
  • Data Breaches: If a hacker gains access to your work accounts, they could potentially compromise sensitive company data, leading to legal repercussions and financial damages.

Conclusion: Take Control of Your Passwords

Passwords are a critical part of your digital security, and taking the time to create and manage them properly can save you from significant harm. By using strong, unique passwords, enabling MFA, and staying vigilant against phishing attacks, you can protect yourself from cybercriminals and keep your online accounts secure.

Remember, password security is a habit, not a one-time task. By following these best practices and staying aware of potential threats, you can protect your digital life and enjoy greater peace of mind online. Stay secure!

What do we do?

I seem to be good at finding wormholes. I guess that’s just part of being a small business. While a large corporation can send things down the hall (or across the globe) to the compliance department, us little guys just change our hat. We have been developing software for decades. We love to provide business solutions. That’s truly What we do. The software we’ve been developing is primarily bespoke type stuff. We update a form or screen. We might add some complex pricing logic. We might create a Windows Service that does x, y and z, but it’s typically for just one customer. Those annoying security nags are just that, annoying…yet we put up with them. Well, we’ll putting an end to that. It’s time to start code signing. I’ve done code signing in the past, but not with a CA provided credential. Anyway, fast forward through the purchase of a FIPS token and I’m ready to layout the dollars to get the cert. We need to have a DUNS. That’s a new one for us. We don’t carry inventory and haven’t had to carry a note with the bank. We are actually signing up with Kompass, which is another business directory that appears to be quite solid. That’s where some of the wormhole comes in. We have to describe our business. Fair enough. We make software, but more specifically, we provide business solutions. Then they wanted a picture of our service. I literally took a pic of some code. We’ll see if that is satisfactory.

We REALLY like delivering business solutions. We have been going down the path toward delivering at scale. This requires a different line of thinking. We are excited.

Bun - crazy fast javascript

I’m old enough to remember when Javascript was primarily used to make something blink on your website. The days of blinky websites and AOL are long behind us. Javascript is now used throughout the tech stack. This heavy usage has exposed some warts. Overly complicated Javascript libraries have a tendency to introduce lots of latency.

Bun is a modern JavaScript runtime like Node or Deno focused on speed, and performance. It is an all-in-one tool (runtime, bundler, package manager, transpiler).

I haven’t spent a lot of time using Bun yet, but it is plenty impressive. They’ve done a nice job focusing on this being a “drop in” replacement for Node or Deno.

Take a look for yourself. I played with Bun and used Hassan’s article to mess around. https://www.thisdot.co/blog/a-look-at-bun-sh-the-modern-javascript-runtime

Do you EDI?

 

We’ve been doing EDI for a long time. Like many others, I sorta fell into EDI. I was working at GM in the early 90s and “EDI” consisted of flat files exchanged with the MRPII system. Although it was a rudimentary system, I learned quickly about supporting the business via ASNs, electronic pull requests, and many other automotive documents. Since those early days, we have went on to support numerous X12 and EDIFACT implementations. Typically we rely on an outside translator/VAN to route the files, then we handle the complexities of integrating with the ERP system.

Electronic Data Interchange (EDI) means different things to different people. We pride ourselves on cutting through the complexities and focusing on the results. Our goal is to get you saving time and money as soon as possible.

EDI is daunting. EDI used to be implemented because a trading partner was requiring it. If you wanted to be a Walmart vendor, you needed to have EDI. This need was quickly met by using web-based EDI. Unfortunately, this often means that you just doubled your workload. Enter the data in the ERP, then enter it in the website…then hoping your data accuracy was up to par. This week we turned on an EDI system for a customer that received 70+ Walmart orders on the first day. The time savings are immense. What used to be done because it was “required” is now just common sense.

We can help. You might be surprised how quick the payback is on an EDI project.

Coworking in Huddles

Dreamforce 2022 has been pretty interesting so far. I would have loved to attend it and see the Chili Peppers in person, but I’ll have to stick with virtual attendance for now.

I was excited to see some of the new features coming to Slack. The big news has been Canvas. I want to talk about something more immediate. Salesforce is adding video to Huddles.

I’ve used Huddles off and on since they rolled it out. It’s usually a quick follow-up after multiple back and forth emails. The ability to share a screen has been great. When a customer already has Slack, it’s a no-brainer. The inclusion of video should make this even better.


https://slack.com/help/articles/8810358407955-New--Coworking-in-huddles

Stay tuned. We continue to use Slack and will continue to take on the improved features.

Is changing your password enough? Is MFA enough?

It’s a scary time in the IT world. I have observed lots of post where IT folks quipped that it “might be a good time to become a Walmart greeter”. IT is a daunting (yet rewarding) career in the best of times. When you have threats like Log4Shell popping up, it’s just brutal.

We’re here to help, whatever that might mean. Seriously, we’re a small business too and we’re trying to navigate the same rough waters that everyone else is.

M1 Macs

I am one of the many that patiently waited the many years for Apple to (re)introduce a true Pro class macbook. I received my 16” Macbook Pro last week and I have been slowly grinding through the process of switching to a new machine. I use Windows machines as well, but I prefer to work on a MBP for heavy duty programming.

I noticed the speed improvement, but I was harboring at least a little buyers remorse/guilt over such a big purchase. This was over $3k - would it prove to be a good value?

Today (Monday 11/1) is the first day that I’ve brought the new machine to the office. My trusty 2017 MBP is connected remotely so I could pull config settings, etc as needed.

The reason I’m writing this blog entry is because of my experience with compiling qt5. Qt compiles often take hours. This obviously varies with a lot of things, but hardware has the biggest impact. I compiled 5.15 in minutes. I was shocked at how fast it completed. I actually assumed that something was wrong, so I did a make distclean and tried again. I didn’t actually time it, but it couldn’t have been more than 10-15 minutes.

My wife is usually the one supporting these type of purchases. These are the tools I need to do my job. I should be able to more responsibly support our customers by investing in the best tools.