Author Archives: Stacey Ivol

What Makes a Good Password?

Posted on by

Did you know that, according to Pew Research, 39% of people use the same password for everything? Why is that bad? For example, Sony got hacked a few years ago, and what was really interesting was that the incidence of fraud didn’t just happen with Sony, but it went up at target.com and it went up at amazon.com. It went up kind of across the board, about 35 to 40%. And why is that? Because when one thing is hacked, the people that steal the data, actually take all of that information and try to use it online at as many places as they possibly can because they know that about a third of people use the same password for everything.

With that said, it’s really important to have a good password. And not only that, it’s important to have a different password for each account.

What constitutes a strong password? 

A strong password is typically at least 12 characters, and it consists of uppercase letters, lowercase letters, numbers and symbols. Now, we know that’s going to be a little bit difficult to remember. So typically, we recommend using songs or other other things that are familiar with you to remember your passwords. For instance, say you are a Frank Sinatra fan. So, one of your passwords might use the phrase “fly me to the moon”, then adding a symbol and some numbers.

So, make sure that your passwords that you have to remember are something that’s easy for you to remember. 

Using a password manager

The average American has over 120 passwords. Now, you can’t be expected to remember 120 passwords with 12 characters, uppercase letters, lowercase letters, numbers and symbols. One thing that we do recommend is a password manager. With a password manager, you only have to remember one password to get into the password manager, and then you can actually store all of your passwords within the password manager itself. 

What’s really nice about a password manager is it will help you create passwords that are secure as well. When you create a new password, you actually would just click on new, and then it will fill in the password for you if you want it to.

Good password manager examples

We’ve only put Password Manager examples on this list  that have not been compromised in the commercial market. There are some other password managers on the market that have been compromised, so they didn’t make this list. Some examples are Dashlane, 1Password, Bitwarden, Keeper and KeePass. INF and Integrity First Technology Solutions both use KeePass. 

You can see in the photo above, in a password manager you have your list of passwords, then you’ll have your username and your password. So let’s say you want to login to your bank. You will go to your bank’s website, you double click on your username, and then you click paste. And it would go right into the browser and then you would double click on the password, click paste, and then it would sign you in. 

So you just have to remember that one password to open your password manager, and then you have access to all of your usernames and passwords.

Two Factor Authentication

Another thing that goes along with passwords is two factor authentication, or you might have seen it as 2FA. Two factor authentication is an extra layer of security that actually would have helped all those people that had the same password for everything. So not only do you have to enter your username and password, but then there’s an extra step. This is most likely something that you have seen before. You’ll put in your username and password and then they’ll ask if you want to receive a phone call, a text message or an email with your one time verification code. 

Once you choose your verification method, they will send you your verification code just like it’s shown in the picture above. You would put the verification code in and then you can sign in to your account. 

We definitely recommend turning this on when you’re given the opportunity to do so, because it really is a very strong extra layer of protection, and it protects your accounts from hacks. If a company were to get hacked, they would get your username and password but they wouldn’t get access to your two factor authentication, they wouldn’t get access to your phone, or your email, so this would definitely help protect your account from any hack that happened.

The weakest link in the security chain

“Companies spend millions of dollars on firewalls, encryption and secure access devices and it’s money wasted. None of these measures address the weakest link in the security chain.” – Kevin Mitnick. What do you think is the weakest link in the security chain? If you said humans, you are correct!

Questions about anything in this article?  Contact Stacey Ivol at 412-563-2106 or email her at sivol@integrityfirstins.biz

Why Is Encryption Important?

Posted on by

There’s ranges of encryption, but having encryption present is extremely important.

For instance, there was a person from an insurance company who went to a football game in Detroit and when he went to the restroom, he sat his phone down. He didn’t have it locked, and he didn’t have any encryption on it. Whenever he left the restroom, he forgot his phone and they actually ended up having a large data breach because whoever had the phone was able to access all his emails and any files that he had access to.

So device encryption is so important. Something as innocuous as “Oh, I left my phone in the restroom” could cause something huge. So how do you go about implementing that type of encryption?

Encrypting Apple Devices

If you have a Mac, encryption actually comes built in. So all you have to do, if you don’t already have it turned on, is turn on Filevault. You’ll go to your security and privacy settings, go to Filevault, and then you’ll click turn on Filevault. When you turn on Filevault, you’ll be able to see your computer encrypting your data – it’ll just be a little progress bar. 

Every time you then turn on your computer, you’ll have to put in your password twice, once for unlocking the computer and then once for unlocking the encryption. You’ll actually be able to again, see a little progress bar and it’ll say decrypting data. So you’ll see that it sits at rest in an encrypted state. If somebody were to steal your Mac, your data would be encrypted. 

Now with your iPhone, as long as you have iOS version 8.0 and up, and about 95% of devices do have iOS 8.0 and up, the iPhone actually encrypts as soon as you add a passcode or password. The way to check that you have your passcode or password turned on, number one, is whenever you open your phone, you have to be able to put in a password. And number two, if you go to your settings, and then click on face ID and passcode and you scroll all the way down to the bottom, you’ll see this little sentence that says data protection is enabled. As long as data protection is enabled, that means that your iPhone is sitting encrypted. 

Encrypting Microsoft Devices

Now, let’s say you have a Microsoft device. If you have a Microsoft device with Windows Pro on it, BitLocker is the encryption software that they use. If you have a Windows machine, that is the pro version, all you have to do is go to the Control Panel, look up BitLocker, and then you’ll just turn on BitLocker. And again, a progress bar will show and you’ll see that the device will now have the data sitting encrypted. 

Now, if you have Windows Home and not Windows Pro, you are able to upgrade. The upgrade costs anywhere between $100 to $120, depending upon the sales that they have going on at the time. Once you go from home to pro, then BitLocker will become available, and you can turn BitLocker on and encrypt your Microsoft device. 

Encrypting Android Devices

Finally, if you have Android devices, and you have Android 4.4 or lower under security, what you’ll need to do is add a pin and then enable encryption. If you have an Android device, that is the OS 5.0 or greater, most devices are actually encrypted by default with a password. And all you have to do is again, check your security menu to see that option. Go to your security menu and then scroll down and it will say encryption is on. So as long as you see “encryption on” your Android device is protected. 

Bonus Tip – Set Phone Notifications So They Don’t Appear On Your Lock Screen

Now, as kind of a bonus tip, one thing that can happen that you’ll show data that it’s inadvertent is if your phone is locked and your phone notifications show. So it’s possible that you could have your phone out or on a table or with another client and you could actually have a notification show on your lock screen. 

It might say you have an email from someone, it might show you the first line depending, it can show you all the text from an actual text. Depending upon your situation, you don’t typically want other people to be able to see your notifications. So we recommend turning those off. That way your notifications won’t be visible unless a password is entered. 

Learn how to do this on an Apple device

Learn how to do this on an Android device

Once you set this up, if your phone is off or in lock mode, you will not get any type of notifications that show anything without your password being entered. 

Have any questions about the topic discussed in this article? Contact us today at 412-563-2106.

Cyber Security Challenge Level 4: Always enable multi-factor authentication

Posted on by

Welcome to the level up your cyber security in October program courtesy of integrity first Corporation. 

We’re on level four, the final week, which is enabling multi-factor authentication, or you might know it as two factor authentication. 

Now in computer security an authentication factor is anything you use to authenticate yourself with a system. Using a password is the most common type of authentication. With multi factor authentication, MFA, or two factor authentication 2FA, you use two or more different factors to log in. 

One example is a password and a verification code sent to your smartphone. This is something that’s really common whenever you sign into banks. This is an extra layer of security. So even if one of your factors is stolen, like your password, the hacker doesn’t have access to the other authentication factor like your phone. 

This stops them from accessing your account. As more and more organizations implement multi-factor authentication to strengthen their security practices, you might encounter different types of authentication factors. 

There are three different types you might be asked to provide. So something you know, which are passwords and security questions. Something you have, such as a verification code on your phone or a key card or something you are such as biometrics, like your fingerprint or a scan of your face. The more factors you use, the better your security. 

Having a combination of authentication factors is an even better way to keep your data protected. 

If you have any questions about any of these levels, please contact integrity first Corporation for help.

Cyber Security Challenge Level 3: Update Often

Posted on by

Welcome to level up your cybersecurity in October program from integrity first Corporation. It’s week three, and we’re going to talk about updating your software and the importance of it. 

Hackers can exploit vulnerabilities in unpatched software. When new software updates come out to the public, it allows everyone, especially hackers, to learn about the weaknesses that were there and take advantage of them. 

Public Knowledge of those holes leave you and your organization as easy prey. So what should you do? You should update or patch your software. That makes you less vulnerable to security risks. If an update becomes available on your device, update it properly. Better yet, enable your phone, desktop, laptop to auto update, which will automatically install anything security wise that you might need automatically as soon as it’s available to you. 

In the case of a Red Cross breach as an example, they did not install an update fast enough and gave hackers access to over 50,000 people’s data. This is just one example of many malicious software attacks that happen every day and a perfect reason why you should update your software.

Join us next week for level four!

Cyber Security Challenge Level 2: Passwords – Long, Unique and Complex

Posted on by

Welcome to integrity first Corporation, cybersecurity in October program. In week two, we are going to discuss using strong passwords and perhaps a password manager. 

To create a strong password, there are a few tips and tricks to remember. The reason that you want a strong password is it’ll help you keep your data secure. In fact, according to IDtheftcenter.org studies have found that a passwords guessability by hacking software decreases exponentially with every additional character. 

Creating something that’s easy to remember, but hard to guess is key to a successful password. 

Perhaps you’ll want to incorporate a favorite song, a favorite quote, your favorite sports player into a password and it becomes more complex and difficult to guess. You’ll want to make sure that it’s at least 12 characters long, has uppercase and lowercase letters in it, has at least two numbers, and it has at least one symbol in it. 

One thing that I commonly suggest is use the lyrics to one of your favorite songs like flymetothemoon!12 or something along those lines. You want to make sure that it’s something that might be a little bit more difficult for someone to perhaps put in, guess, or even have machine learning guess. 

The other thing is, you’ll want to have a unique password for each account. 

The average American has over 90 passwords. So one thing that you’ll want to do or look into is a password manager app that can help you remember your passwords. A password manager is basically a secure vault for all of your passwords. Basically like a glorified post-it note that sticks on your computer, but a lot more secure. 

You only have to remember the one password to get into your Password Manager app, which will allow you and your computer to access the rest of your passwords for all of your logins. 

Typically, depending upon the application that you purchase, you can access these passwords on your phone, tablet, laptop or desktop. This also means you can and should create different passwords for every single online account that you have. This should keep you ahead of any hackers.

Let INF know if you have any questions and join us next week for Level Three.

Cyber Security Challenge Level 1: How To Spot A Phishing Email

Posted on by

Welcome to integrity first corporations cyber security in October program. Week one, we’re going to talk about recognizing and reporting phishing. 

A few quick facts: cybercriminals sent over 3.3 billion phishing emails last year. This caused over 4000 data breaches then exposed over 22 billion personal records. 

But it’s not enough to know that phishing emails are out there. You also need to be able to recognize them and report them. 

So today, we’re just going to quickly review a few of the highly used phishing email types and tactics. 

The first type is a reward or a free gift message. Free things are really enticing, but they can also be dangerous. If you get an email saying you won a free TV or click here to enter a prize drawing, you need to be on high alert. Hackers are definitely trying to bait you into clicking a malicious link. 

The second type is a login or password message. Another type of phishing email will ask you to verify your account by logging into a fake web page or updating your credentials on this fake web page. These emails will collect your username and password which gives a hacker instant access to your account. 

A third phishing email type is an urgent message. An urgent message email is designed to get you to act fast. It might tell you that your account was hacked or it’ll be deactivated; click here to restore it. Fear makes people do things without thinking, so slow down and make sure that this urgent message is from who you think it’s from. 

The final type of common message is internal messages. This type of phishing is also called spoofing. Hackers will try to impersonate or spoof people at your company, like your HR rep, somebody in your IT department, or maybe even a co-worker. An internal phishing message email might ask you to click on a link to read and sign a policy, read a new document about company wide updates, or even handover sensitive information via purchase. 

If you think you’ve encountered a phishing email, you need to follow your company’s procedures for recording it. Once the right people are notified, they can help you to determine if it’s a phishing email. Whatever you do, do not click on the links, don’t reply to the email and don’t send it to anyone else.

We’ll see you next week for Level Two.

How To Reset Your Password For The INF ShareFile Portal

Posted on by

In this article, we’re going to review what to do if you forgot your password to the INF ShareFile portal. The first thing to do is not worry, it only takes a few minutes to reset the password.

To start that process, go to integrityfirstins.sharefile.com and click on the forgot password link. Now, you’ll want to enter your email address in the field.

The email address that you’re going to want to use is the email address that is associated with your legal malpractice application. That’s most likely the email address that INF used to give you access to the portal. Once you have your email in, click the I’m not a robot, and go through the rigmarole that Google is going to require to prove that you are in fact human. Click Send.

This should result in a Reset Password email being sent to your email address.

Go to your inbox and you might have to do a refresh to see that email come in. Click on that email and you can see that there is a reset your password now link contained within the text of the message.

If you do not receive the reset ShareFile password email in your inbox, you’ll definitely want to check your spam folder, there is a chance that your email provider may look upon the reset ShareFile password email as spam.

Click on the reset your password now link.

ShareFile reset password

You can see for security purposes, INF has a few password requirements. The password needs to have at least one uppercase letter, one lowercase letter, two numbers, a special character and it has to be at least 12 characters in length. So select a new password that you’ll want to use for the portal.

Make sure that you typed them the same and then click on Reset password. You can see ShareFile will confirm your account password has been reset. Now if you want to sign in to the portal, click on back to sign in. Put in your email address, put in that new password and click on Sign In. 

If you have any questions about password reset process, email Stacey Ivol at sivol@integrityfirstins.biz or call at 412-563-2106. 

How To Use the INF ShareFile Portal

Posted on by

 Do you know that you have 24/7 access to your legal malpractice insurance policies and your completed applications that you filed through Integrity First Corp? All of this information is contained on the Integrity First Corporation online portal. The portal was designed with you in mind and for your convenience. But you’ll never know how convenient this online portal is unless you use it.

In this article, we explain how simple and convenient it actually is to use the portal.

Why do we use the ShareFile portal?

the answer is simple. We want to make your documents as easy for you to get to as possible, while keeping them as safe as we can. ShareFile encrypts everything in this client portal with 256 bit encryption. In non tech speak, that just means your files are really, really safe in our cloud.

Accessing the ShareFile portal

The first thing you’ll want to do is log in to the portal. To do that, you’ll go to integrityfirstins.sharefile.com. You can always find the portal on our website.

Your username is your email address. So you’ll just want to put in your email address, then you’ll want to enter your password. If you forgot your password, you can click on the Forgot Password link. We cover how to reset your password in this article.

Now, click on Sign In and you’ll be taken into the folders that you have access to within the INF ShareFile portal.

As you can see this example user has access to one folder. And they have a renewal month of May, which is 05 then the name of the company, and then the month and date of LPL renewal. Now within the folder itself, you can see that we have the policies and the renewal apps from 2018 all the way up to 2022.

The other thing that we have access to at all times is the INF privacy statement. Anytime you want to see the on a privacy statement, or any policy or renewal that you may have questions about, just click into that document. ShareFile will open it for you, you can view it in this viewer below or you can also download or print the document.

If a client were to call you and ask you for your renewal, or if you are at a closing and they want to see a copy of your policy, all you have to do is hop into ShareFile, click on the policy that you want, download it and send it to them.

The other thing that’s really cool is that you can actually be notified when INF uploads anything into your ShareFile portal. So if you want those emails sent to you, you’ll just click this checkbox in the red square below.

You’ll receive an email anytime INF uploads a policy, renewal, makes a change to the privacy statement or makes any changes whatsoever. It’s not clicked by default because we know that not everyone wants those notices, but if you do, definitely check this checkbox. 

If you have any questions on using or entering the portal, please send Stacey Ivol an email at sivol@integrityfirstins.biz or call at 412-563-2106. 

Hackers Have Now Exposed Over 8 Billion Username and Password Combinations – Were Your Credentials Among Them?

Posted on by
Hackers Have Now Exposed Over 8 Billion Username and Password Combinations

The week of June 7th may have seen the biggest release of hacked data ever published to the dark web.  Hackers publicly released over 8 billion username and password combinations!

A 100GB list of data assumed to be stolen during various hacks was posted to a popular hacker forum.  This is now being referred to as the “RockYou2020” list.

Want To Check To See If You Were A Part Of This?

Check here to see if your data was part of this dump: https://cybernews.com/personal-data-leak-check/

To use this tool, all you must do is enter your email or phone number.  The tool can safely access the hacked username and password combinations on the dark web.  It will let you know if your data is found.

What To Do If Your Data Was A Part Of The Released Data

If the tool tells you that your data was compromised, you should start mitigation steps immediately.  Go to every account that uses the exposed username/password and change the password.  Be sure to use different passwords for each account that are considered to be “strong”.

Want to know what makes a strong password?  A rule of thumb is to create a password that has the following 6 characteristics:

  1. More than 12 characters
  2. Contains at least 1 uppercase character
  3. Contains at least 1 lowercase character
  4. Contains at least 1 number
  5. Contains at least 1 symbol
  6. Contains no “real” words that could be guessed via a dictionary attack (where they go through a list of words from the dictionary and try to guess your password)

In addition, you’ll want to be sure to look for any unexpected activity within the account.  Make sure that all of your personal information is correct and that no money has been transferred unexpectedly.

If given the option, turn on the “Two-Factor Authentication” (or “2FA”) option associated with the account.  This will require you to enter a code from your cell phone or email to authenticate who you are.  2FA protects your accounts from hacker dumps like this.

Yes, this is a pain.  However, it’s better to have your personal and financial data protected. 

How To Protect Your Data Easily Using Password Managers

There are ways to make tasks associated with passwords easier.  According to a study by NordPass, the average person has 100+ online passwords.  Who can remember that many passwords?

INF recommends using a password manager like KeePass or 1Password.  A password manager will help you create and remember well-formed passwords for all of your accounts.  In fact, you can copy and paste from these managers, so you don’t have to type anything going forward.

These password managers can also be installed on your phone.  This makes browsing the web a breeze when you need to access your passwords.

Is There Anything That You Can Do To Protect Your Business Further?

Yes, you can protect your business with a cyber liability policy.  These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more. 

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.