Monthly tech talk from BetterWorld's Thought Leaders
July 2023, Reston, VA USA
TECH TALK “Insider Tips to Make Your Business Run Faster, Easier and More Profitable”
INSIDE THIS Newsletter:
1 Is It Time to Ditch the Passwords for More Secure Passkeys?
Life, like technology, is a dance of opportunities. It's our mission to meet challenges, daring adventures, and transform luck, not just in life but in our digital world too.
Join us in this journey, not for a sales pitch, but to explore how we can better secure and optimize your technological potential and play the game of life more effectively together.
- James F. Kenefick
Founder & CEO
Authentication methods have long been dominated by the use of passwords, despite their inherent weaknesses. Given their susceptibility to guessing and theft and a common tendency to reuse the same password across multiple accounts, individuals open themselves to heightened cyber-attack risks.
In the digital age, the overwhelming quantity of passwords that users are required to remember inadvertently promotes risky behavior. This includes the creation of weak passwords and insecure storage practices, all of which provide opportunities for cybercriminals to exploit these vulnerabilities.
Remarkably, 61% of all data breaches involve stolen or hacked login credentials, further highlighting the magnitude of this security issue.
However, recent advancements have presented a more secure and convenient alternative - passkeys. These are increasingly recognized as superior to traditional passwords, offering enhanced security and a streamlined method for account access, signifying a good progression in data protection practices.
Passkeys revolutionize the authentication process by generating a unique code for every login attempt, which is subsequently validated by the respective server. This code is derived from a combination of user-specific and device-specific information, enhancing the security of the login process. Conceptualize passkeys as digital credentials that enable a user to authenticate on a web service or cloud-based account without needing a username and password.
The underlying technology for this system is Web Authentication (WebAuthn), a fundamental element of the FIDO2 authentication protocol. This protocol eschews the traditional unique password methodology in favor of public-key cryptography for user verification, contributing to a more secure and robust authentication process.
The authentication key, pivotal to this system, is securely stored on the user's device—be it a computer, mobile device, or dedicated security key device. Websites or services with passkey functionality enabled, then utilize this key for seamless and secure user login. This advancement provides an innovative and fortified approach to digital security in our increasingly interconnected world.
Advantages of Using Passkeys Instead of Passwords
One advantage of passkeys is that they are more secure than passwords. Passkeys are more difficult to hack. This is true primarily if the key generates from a combination of biometric and device data. Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location. This makes it much harder for hackers to gain access to your accounts.
Another advantage of passkeys over passwords is that they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and time-consuming. Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds.
Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts. It also reduces the likelihood of forgetting or misplacing your password.
Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account. They click on a link that takes them to a disguised login page created to steal their username and password. When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.
Introducing the Insta360 Flow AI Tracking Smartphone Gimbal Stabilizer!
Say goodbye to shaky footage and hello to buttery-smooth cinematic shots with this compact, lightweight stabilizer.
Whether you’re an adrenaline junkie capturing extreme sports or a filmmaker seeking that perfect steady shot, the Insta360 Flow Stabilizer covers you.
Get yours at: https://store.insta360.com/
Data visualization is a powerful tool for communicating complex data. But it is not enough to simply create a graph or chart and call it a day. To truly make use of information, it is important to create insightful reports. Creating holistic and insightful reports requires the use of several data points. One tool that enables this is Microsoft Power BI.
What Is Microsoft Power BI?
Microsoft Power BI is a business intelligence tool. It allows you to connect many data sources to one
dashboard. Using Power BI, you can easily model and visualize data holistically.
Tips for Designing Great Data Visualization Reports
Consider Your Audience
You should design reporting dash-boards with the end user in mind.
EOs and CFOs are interested in different aspects of the business, make the information interesting
What is it that this audience wants to see?
Are they looking for bottom-line sales numbers?
Or do they want to cover insights that can help target productivity gaps?
Don’t Overcomplicate Things
Many times, less is more. If you find that your dashboard looks crowded, you may be adding too
many reports. The more you add, the more difficult it is to read the takeaways from the data.
Try Out Different Chart Types
Experiment with presenting your data in different ways. Flip between bar, pie, and other
charts to find the one that best tells the story. Just don’t go overboard. Keep it
simple but exciting.
Get to Know Power Query
Power Query is a data preparation engine. Take time to learn how to leverage this tool for help with:
Connecting a wide range of data sources to the dashboard
Previewing data queries
Building intuitive queries over many data sources
Defining data size, variety, and velocity
Build Maps with Hints to Bing
Bing and Power BI integrate, allowing you to leverage default map coordinates. Use best practices to utilize the mapping power of Bing to improve your geo-coding.
Tell People What They Are Looking At
A typical comment often heard when presenting executives with a new report is, “What am I looking at?” Tell your audience what the data means by using features like tooltips and text boxes to add context.
Use Emphasis Tricks
People usually read left to right and from top to bottom. So put your most crucial chart in the
top left corner. Follow with the subsequent most essential reports.
Cloud account takeover has become a significant problem for organizations. Between 2019 and 2021, account takeover (ATO) rose by 307%. Many organizations use multi-factor authentication (MFA) as a way to stop fraudulent sign-ins. But its effectiveness has spurred workarounds by hackers. One of these is push-bombing.
How Does Push-Bombing Work?
When users enable MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials. Then the system sends an authorization request to the user to complete their login. With push-bombing, hackers start with the user’s credentials and take advantage of that push notification process.
They attempt to log in many times. This sends the legitimate user several push notifications, one after the other. When someone is bombarded with these, it can be easy to click to approve access mistakenly.
Push-bombing is a form of social engineering attack designed to:
Confuse the user
Wear the user down
Trick the user into approving the MFA request to give the hacker access
Ways to Combat Push-Bombing at Your Organization
Reduce Business App “Sprawl”
Adopt Phishing-Resistant MFA Solutions
Enforce Strong Password Policies
Put in Place an Advanced Identity Management Solution
Additionally, businesses can use identity management solutions to install contextual login policies.
ChatGPT has revolutionized the way businesses interact with their customers. It has also affected how they get things done. Teams are using it for everything from emails to generating ideas for product names. The tool’s personalized and informative responses in real-time definitely draw you in. But integrating ChatGPT into your business operations requires careful consideration. You want to ensure that things don’t get out of hand with employees using the tool irresponsibly.
Understand ChatGPT’s Weaknesses
Define ChatGPT’s Role
Consider Customer Privacy
Ensure Human Oversight
Integrate ChatGPT Into Your
Existing Customer Service
Measure Performance and Optimize
Be Transparent About Using It
Many people worry about someone hacking their computer. But they’re not really thinking about their wireless printer getting breached. It’s a tool that most individuals use sporadically. For example, when you want to print out tax forms or mailing labels. Printers tend to be out of sight, out of mind. That is until you need to print something and run out of ink. Well, they’re not out of the mind of hackers. In fact, unsecured printers are a classic way for criminals to gain access to a home network.
Change the Default Login Credentials
Keep Printer Firmware Updated
Use a Network Firewall
Put Your Printer on a Guest Network
Disable Unused Ports or Services
Unplug It When Not in Use
Teach Your Family Cybersecurity Best Practices
Netflix is one of the most popular and well-known streaming services. The platform has become essential to many people’s daily entertainment routines. Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking. Hackers take advantage of “phishing overload.” Once they breach your account, they’re usually quiet for a bit, hoping you’ll mistake the Netflix suspicious login warning for a fake.
Here are some things to do right away if you fear your account is hacked:
Go to the Netflix site & try to log in.
If you can log in, change your password immediately.
If you can log in, remove any strange payment methods
Contact Netflix support and tell them you think you’ve been compromised. (Don’t skip this step)
Watch your bank statements.
Change the password for other accounts that use the same one as your Netflix account.