Was 2016 our last year of passwords?
Yahoo!’s disclosure that hackers might have vacuumed up the passwords of as many as half a billion users lit the floodlights on two gaping issues in IT:
- Passwords run out of steam well before they cross the goal line of today’s security needs
- Sometimes you don’t even know they’re gone, which means you’re vulnerable without realizing it
Wakefield Research recently surveyed IT decision makers and found out that 69% will probably do away with passwords completely in the next five years.
The finding of the report wasn’t surprising, nor were the insights that IT professionals are despairing of evergreen problems:
- Users “securing” their accounts with passwords a child could guess, let alone a script kiddie driving any of a dozen tools available for free download
- Users recycling the same password for different accounts so that one crack exposes many systems. And it’s especially galling for IT when the breach of its system is the result of a breakdown of a system beyond its control, such as all the systems now at risk because Yahoo! customers used the same password for Yahoo! as for their work access.
Alternatives to passwords
Alternatives that solve both these problems are maturing. They typically involve mixing methods like:
- Two-factor authentication involving single-use pass codes pinged to the user’s mobile phone or emailed to them
- Biometrics—commonly fingerprint, eye, voice scanner
- Behavior—recognizing a user’s signature behavior, such as:
- Considering the time and place a user is requesting access and deciding if it’s in keeping with that person’s usual behavior
- Looking at the way the user is handling the device—mouse movement and keystrokes—to sniff out atypical behavior
- Device-specific lockdown—only allowing access to certain systems by particular devices assigned to individual owners
Combinations of these are most effective. It’s easy to see, for instance, that a device that has never been used to access a system at 11pm let alone from another city than HQ should be locked out.
Wakefield Research found the biggest obstacle to scraping standalone passwords was the belief by 42% of respondents that they’d get pushback because of “disruption to users’ daily routine.”
A choice that taps into something enjoyed by many might be the answer—the selfie. Uber is periodically asking its drivers to snap a selfie before accepting ride requests. It runs the selfie through an algorithm to match it against the one on file. Similarly, MasterCard in Europe is asking online shoppers to authenticate themselves with a selfie.
The technology isn’t as mature as some other options—but the selfie of today might yet have its way as the future of security.
Raise a pint to the New Year! We are just one week away from our next After Work Network event! Join the ITP team in Milwaukee at the Northern Brewer. We’re hosting an evening of homebrew and networking. You can register for this free event, here.
Meet other IT people form the Milwaukee area!
‘New Year Cheer with Homebrew Beer’ is a networking and beer brewing event. It is 100% fun and beer-focused. There will not be a sales pitch or information session attached to this event. Come enjoy a few beers and meet interesting people from the area.
From a fruity Hefeweizen to bold, coffee-flavored stouts, learn how science and a passion for beer are combined to create a variety of homebrews. Whether you’re an absolute beginner or ready to go all-grain, this is an event you won’t want to miss. So, come to learn a little, drink some beer, and raise a glass to the new year!
You could win! We’ll also be giving away a Brew Share Enjoy™ Homebrew Starter Kit (valued at $150). The gift includes everything you’ll need to start brewing your own beer at home! Interested in testing out a custom ale? Brew your own with this kit!
The event is being held Thursday, January 19th at the Northern Brewer on Highway 100. The beers will start pouring when the doors open at 5PM, and our 30-minute beer lesson will start at 6PM. You don’t want to miss this one!
Haven’t registered yet? No problem!
Complete the form below to reserve your seat at the event.
The top reason why IT is a struggle for SMB is…
that the wrong technology decision was made. The perfect software turned out to be not-so-perfect. The cloud solution that couldn’t fail, did. The state-of-the art backup system backed up all your data perfectly…but took three days to restore when your system was down. And so on.
The sad truth is that this happens most of the time in small and medium-sized businesses. The story is the same every time. It goes like this… Smart, dedicated people do their diligence, spend countless hours comparing options, asking questions, checking references, and testing things before they make a technology decision. And they still end up with software, systems, and solutions that don’t deliver the efficiency, information, usability, or value they expected.
Why is that?
It’s because no matter how smart and dedicated your people may be, the practice of selecting software, a phone system, or your next cloud vendor is too complex to be done well, occasionally. Furthermore, the true cost of implementing any new system is often uncomfortably expensive, initially. So what do most businesses do? They cheat… Poorly estimate how much the project will cost (estimating the actual cost is not a simple task). They ask people without system selection expertise to choose the system (isn’t this part of the I.T. guy’s job, anyhow?). And they fail to follow processes that are proven to be successful (those cost how much?). This is the recipe most SMBs follow and it’s a bad, expensive, and sometimes crippling decision.
So don’t do it. Just don’t.
Making technology decisions alone is too risky and it will cost the business a lot more in the long run. If you need to engage in the selection of a new system for your business, there are lots of good ones out there, but it’s not the process that wins here – it’s the expertise.
Keep in mind that a system selection for your business isn’t a one or two-person job. It’s a job for a team of people – mostly your people – who all have intimate knowledge in the various areas of your business. And finding the right people internally is half the battle. The other half is finding an individual/company/consultant who has expertise in system selections.
Note that you don’t need to spend heavily on an IT consultant. Many will be happy to simply guide your team through the process. Either way, system selection expertise is a requirement if you want to generate real, long-term value from your technology. And being one of the few who made the right technology decision isn’t a bad deal either, now is it?
This blog originally appeared on ‘The Business Technology Place‘ – a website and blog run by our very own, Joe Ulm. Joe is a Senior Business Development Manager at Information Technology Professionals. You can read this article, and more on his website.
Lifecycle Management for Hardware and Software
When do you know that it’s time to pull the plug on old outdated hardware? On one hand, you want to get the most out of your investment. You want to use the tool until it simply will not work any longer. On the other hand, old equipment is frustratingly slow. It requires more frequent maintenance, and it puts a major drag on productivity.
Lifecycle management is a plan for systematically evaluating your technology environment for equipment and licenses that need to be upgraded or renewed. How long people should keep their equipment, under maintenance, paying for maintenance. What do you do after the 3-year warranty? Should you buy new equipment or just extend the warranty?
Above all, lifecycle management should be what works for your organization. You do not have to plan your cycles based on industry best practices. ‘Desktops should be replaced every 3-5 years.’ It might just make senses to have a desktop in the shipping and receiving area that’s 6 years old…
Software plays a role, too
Software is also a big part of technology lifecycle planning. When it comes to software, the expiration dates of software licenses are examined, and a plan for renewal or cloud subscription migration. Speaking of cloud subscription software, this is why we love Microsoft Office 365 so much. For $20 a month, you don’t have to EVER worry about buying new licenses or doing software updates. These updates and upgrades come automatically and free with their cloud services.
Backing into a budget
Occasionally we get calls that go something like this: ‘I need to spend $40k before the end of the year, because our equipment is old. What should I buy, and what equipment should remain?’. We call this backing into a budget, and it is a good first step in lifecycle planning. When we have a concrete budget to work with, the next step is to evaluate all the existing equipment. What exists, what is end of life, and what can be salvaged? Backing into a budget allows us to create parameters based on current inventory, budget and the needs of the team.
After a full or partial refresh, it’s already time to think about the next cycle. That next equipment upgrade needs to be built into your budget for the following year. Planning ahead will keep your budget in check and create consistency around expectations for equipment upgrades. There is value from a cost standpoint of consistency of hardware at large organizations. This value is driven from leveraging discounts and seasonal deals for to buying many units at a time.
But be sure to gut check
Your lifecycle planning should be reevaluated right before you buy. Take a gut check that this cycle is necessary for the business needs. Here’s any example. Let’s say we had 3 laptops that we bought last cycle as spares. Our court lawyers need laptops in court for internet and email access only. Perhaps the 3 spare laptops can be used to replace the internet-only laptops these lawyers use in court. Be smart. Lifecycle planning is a general guideline, but might not always be necessary. Validate that the number of upgrades necessary are correct on a specific business case level. For smaller organizations, this is easy. At larger organizations it is time intense and more difficult.
Are you ready to be proactive with your hardware and software lifecycle planning? A consultation with our team is a great place to start. We’d be happy to share tips and best practices for getting the most out of your equipment, licenses, and budget. We can assist in putting together a plan and parameters based on your business needs and the age of equipment. We have experience helping businesses of all shapes and sizes plan for the lifecycle of their technology, and we’d love to help you!
Free Azure Workshops for your Team.
Let ITP help you kick some Azure in 2017. This is a new offering in partnership with Microsoft, we are giving away 1-2 day Azure workshops. These sessions are dedicated to educating your team on the many benefits and functionalities of Azure. You’ll get a one-on-one time with an engineer to give you a customized tour of the tool.
These workshops, valued at $4,000, are being paid for by Microsoft. Request an Azure workshop soon! Given the customization of each workshop – we are only able to offer a limited amount of sessions.
Who should attend?
These sessions are designed for the technology leads, directors, CIOs and engineers. We are only able to offer these workshops to cloud-ready customers and prospect. Are you considering migrating your infrastructure to the cloud in 2017? Join us for a free workshop.
What you can expect
The workshop includes an overview and demo of the Microsoft cloud as well as a strategy for purchasing cloud storage and licenses. We’ll preform an in-depth review of your current on premise and cloud services. Then you’ll receive a recommendation for what can and should be moved to the cloud. We’ll share best practices for Azure’s ‘pay as you go’ storage.
Customized to you
Each workshop is customized entirely to your team and technology. Choose from one of four tracks offered: Iaas Foundation, Azure Dev / Test, SharePoint on Azure, and SQL on Azure. You’ll leave your workshop with a solid understanding of the platform, and a proof of concept for your business.
“The Azure workshop helped us understand the functionality of the platform and the options available. The biggest takeaway from the workshop is how we can help our client save money through Azure’s usage billing.”
– Jorel Digman, Pandata Group
Considering the cloud? Get schooled in Azure with a 1-2 day workshop, hosted by Microsoft and Information Technology Professionals. This $4,000 workshop is offered to you for free. Learn more and request a workshop.
Raise a Glass for a Free Homebrew Class
Good Times are Brewing at ITP’s After Work Network Event. Join us in January for our next networking event! We’ll be taking over the Northern Brewer for a unique sampling and beer brewing experience. The ‘New Year Cheer with Homebrew Beer’ event is being held Thursday, January 19th at the Northern Brewer in Milwaukee!
Meet other IT people form the Milwaukee area! ‘New Year Cheer with Homebrew Beer’ is a networking and beer brewing event. It is 100% fun and beer focused. There will not be a sales pitch or information session attached to this event. Come enjoy a few beers and meet interesting people from the area.
From a fruity Hefeweizen to bold, coffee-flavored stouts, learn how science and a passion for beer are combined to create a variety of homebrews. Whether you’re an absolute beginner or ready to go all-grain, this is an event you won’t want to miss. So, come learn a little, drink some beer, and raise a glass to the new year!
You can win! We’ll be giving away a ‘Brew Share Enjoy’ home brewing kit. The kit includes everything you’ll need to create your first batch of beer. With a 5-gallon kettle, a glass carboy and your first recipe – this is a great gift for yourself or another beer enthusiast in your life. The kit is a $150 value – and we’ll be raffling it off at the end of the event!
Get more details about the event on the ‘New Year Cheer with Homebrew Beer’ page or….
Register for this event here >>>
How to Achieve a Successful Technology Project Rollout
You did your research. You found the right technology and the right company to help you deploy it. You negotiated the pricing well and you made sure the technology project budget could handle some overages. The project timeline is set and you hired a project manager to keep everything on track. You’re all set.This time the project is going to go off without a hitch, right?
Except it didn’t. Why? Because there was no communication plan.
Aside from good technical work, communication is the most important piece of any project. A spreadsheet of project tasks and e-mails sent by exhausted technical people on Sunday night are no substitute for a good communication plan.
There are three groups of people we need to communicate with during a technology project: management, users, and the technical team. Each group of people requires different types of project communication. Communications need to be designed to deliver the information each group needs. If the communications to users is too technical, they might feel overwhelmed and possibly ignore these messages. If communications to management is too high level, they will feel uninformed. Feeling out of the loop hurts the perception of a project, regardless of how well the technical work was done.
Here’s a simple 4-step approach to a meeting the communication needs of everyone while not adding tons of time to the project itself.
- Clarify what needs to be communicated to all 3 groups:
- Management needs to know when there is variance in the project timeline, availability of systems, or project costs.
- Users need to know when the system will be up, down, what to expect, and what to do if something isn’t working.
- The technical team needs to know the project expectations, the end result that is required, and who to contact if things change.
- Establish your communication timeline – establish what you want people to know, and when you want them to know it. For example, users often need to be reminded multiple times of when the project will begin and when the system will be unavailable. A big part of any project’s success is setting expectations well. Letting people know early and often goes a long way to accomplishing that.
- Decide on your tools/medium for communication – e-mail and spreadsheets can both be valuable, but intranet sites, user guides, and printed instructions can all be valuable as well. Ultimately there are tons of communications tools that can be used to not only communicate well to everyone, but also save time for everyone.
- Write whatever communications you can before the project starts – for most technology projects you can write all the communications that will occur before the project “goes live.” Additionally, outlines of the post deployment communication and who-to-contact communications can be developed prior to the start of the project.
Follow these steps and everyone will be well informed throughout the project – and for most people in your company that will mean a better project. Want a hand in developing a roll out plan for your project? We can help develop a solid execution plan for your project and a effective communications plan for your team. Contact our team to discuss your project and how we can help >>>
Missed our ‘Cybersecurity for School Districts’ webinar? No problem.
This webinar training session is now available anytime in our resource library. Stream this session or share it with a co-worker. Simply complete the form below to access this content anytime, on-demand.
Considering stronger cybersecurity for your school? Here’s why it should take top priority:
School districts across the nation are being increasingly targeted for sophisticated cyber-attacks. Estimated at $294 per affected record, the education sector has the second-highest cost of restoration after a data breach. That’s why it’s so important school leaders receive the proper training on how to keep their student’s data safe. Join Information Technology Professionals for a 30-minute training session to help prepare for these ever-evolving cyber-threats.
Every single day, educational organizations collect sensitive data from students and staff. This information in the wrong hands would be debilitating both in money and time lost, to the school system. Has your school district properly prepared for the threat of cybersecurity? Is your team trained to avoid cyber traps and phishing emails?
During this session we cover steps school districts can take to protect student and staff data and sensitive information. We discuss best practices for getting teachers and staff on the same page for creating strong passwords, protecting login credentials, and accessing critical systems securely.
Keep your student data safe. Confirm that you’ve got the right tools and services in place by participating in this training session.