5 Deceptively Simple Ways to Prevent Brute-Force Attacks
It’s National Cyber Security Awareness Month (NCSAM). First brought to life in 2004 by the National Cyber Security Division (NCSD), a part of the Department of Homeland Security, the observance’s tagline is: our shared responsibility. The goal? To promote cyberthreat prevention methods that everyone can adopt.
Every year I wonder if the NCSD picked October because of Halloween. When you stop and think about it, cyberthreats like brute-force attacks are the stuff of IT service provider nightmares.
Of course, most of us know the reality: cyberthreats don’t wait for a certain time of year to wreak havoc on our systems. They strike at the least opportune times–which is any time!
Brute-force attacks are something the NCSD works hard to educate the public about, in part because they can be a leading cause of stress for technology solution providers. They are one of the most common forms of attack for hackers looking to get their hands on passwords, credentials, and other sensitive data.
Automated software allows would-be data thieves to make consecutive guesses and, through trial-and-error, crack into passwords and other encrypted data. We’re not talking guesses by the dozen, or even hundreds…software like this can produce millions of guesses in seconds.
Fortunately, there are 5 simple—and incredibly effective—steps you and your team can take to combat this kind of cyberthreat.
Step 1: Refer to NCSAM’s Tagline
That’s right. The first thing you can do is remember that cyber security is our shared responsibility. Take the time to educate your end users. Walk them through repairs during a session. Offer insight, encourage them to look for red flags, and give examples of what to do (or what not to do).
This is a great opportunity to reinforce your expertise and credibility, and reassure them that you’re behind the scenes fighting digital bad guys and saving the day.
Remoting in? No problem. End your remote access session with a simple email that explains the fix and provides a little helpful guidance for next time. The NCSD has tons of educational resources to help people make smarter, safer decisions while they’re online.
Step 2: Use Complex Passwords
Your users might think “bullmoose1977” is an obscure password. Or they might think it’s too cumbersome to have to enter a password with 8 characters (one lowercase, one uppercase, one number, and at least one special character…you know the drill).
But the fact is: the longer and more complex the password, the longer it will take to crack.
Set up requirements for long, complex passwords using a mix of different characters – no birthdays, addresses, old phone numbers, or pet names allowed! If you create a login for a user, set up additional requirements that make them change their password after the first login so they aren’t using a default password.
The key is to make sure every user has a unique password. Otherwise, it’s that much easier for a hacker to infiltrate multiple accounts once they’ve cracked into the first one.
Step 3: Account Lock-Outs
Remote access software worth its salt should allow support teams to configure lockout passwords after a certain number of failed attempts. It’s as straightforward as it sounds, but doing this can effectively prevent an attacker from being able to continue their attempts to guess a password and gain access to private accounts. Simple, but effective.
Step 4: Turn on Multi-Factor Authentication (MFA)
You want to put as many stumbling blocks in the way of a cyber-criminal as possible, right? That’s what MFA does. This preventative method employs a combination of answers to something you know, something you have, something you are prompts to authenticate access into a system.
Questions can range from “where did you go to high school” all the way to biometric methods like fingerprints, and can combine passwords with technology by using text messages or emails as an additional authentication step.
So, even if a cyber-criminal can ID a password, they’d have to jump through hoops to gain access to your account. And that’s exactly what you want.
Step 5: Restrict IP Addresses
If you want your users to only be able to access the software from certain locations or IP addresses, set up safeguards that eliminate outside access by restricting access to only the IP addresses you authorize.
Putting this into action will prevent others from accessing the login page from unauthorized IP addresses, and can even block certain IP addresses if there’s an existing range of known IP addresses that pose a potential threat.
The Next Steps for Remote Support Teams
Once you put these 5 techniques into action, you’ll be well ahead of any attempts to hack into your information. After that, it’s time to reassess your remote support software’s security capabilities. When you’re evaluating your existing tool, or if you’re in the market for one, ask yourself these questions about its security features:
- Do they scale with my needs?
- Are they built on cyber security best practices?
- Are there safeguards in place out of the box?
If the answer to any of those is “no,” then it’s time to start looking for alternatives. After all the hard work you put into serving your clients and protecting your sensitive data, you don’t want to them (or your company) to fall prey to a cyberattack.
Let’s make your candy consumption scariest thing about this October. Stay safe out there!