9 Ways to Strengthen the Weak Link in Cybersecurity

9 Ways to Strengthen the Weak Link in Cybersecurity

Pesky Passwords

Ask your IT chief about the weakest link in your organization’s cybersecurity, and you will receive a quick answer: employees. In cyberspace, passwords guard access to systems, email accounts and websites. Like the speakeasies of old, you need to know the password to get in.

But with the ubiquity of password authentication, people suffer password fatigue. People need at least dozens of passwords in both professional and personal lives. The experts say passwords must be long, complex and different. Yet faced with the challenge of remembering them all, many of us succumb to cutting corners.

Employees like to use easy-to-remember passwords. (They might even write them down on post-it notes and stick them on their monitor.) Unfortunately, they often use the same password for multiple sites and systems. But an easy password takes hackers less than a second to crack, and if the user employs the same password repeatedly, they compromise each site or system.

Here is a statistic to get your attention: 80 percent of cyberattacks target authentication credentials, according to Brad LaPorte at High Tide Advisors. It is the easiest way in.

And according to an annual survey by digital security provider NordPass, people still use “12345678” or “Password1” as their password! Maybe your staff avoids those. Instead, they use their name and birth date or your company’s name with the month and year they joined. Some even cleverly substitute a “3” for an “E” or a “1” for an “l.” They are like a middle schooler guarding the basket against an NBA player.

Hackers Advantage

Bad actors are not pimply-faced teenagers manually keying one password after another. Cybercriminals are pimply-faced 20-something pros who automate their attacks. Programs can run thousands of passwords against you in minutes, attempting to break in. Yet people too often don’t even make it challenging. According to InfoSecurity Magazine, 59 percent of people use their name or birth date in their passwords.

One form of attack is called brute force, a numbers game in which a programmed bot “guesses” password after password. It begins with those easy passwords, which can take under a second to guess and breach. A dictionary attack tests actual words, which are finite in number relative to the enormous number of possible assorted random characters you might have used. Note that a programmed dictionary attack will also look for a “3” substituted for an “E.”

In another approach, hackers use lists of passwords purchased on the dark web (sourced from all those corporate security breaches) and run them against a target until they score a hit. Such lists point up the risk for those that use the same password for several different sites and systems. Someone’s already got your password.

Hackers are opportunists and will exploit any targets they can easily breach. But if a company’s systems are sufficiently hardened, the bad guys will move on, except for state actors on a mission. Generally, everyone prefers low-hanging fruit. And all that notwithstanding, remember there are internal fraud perpetrators able to read sticky notes on monitors too.

Password Protection for Systems (including Vendor Files)

The National Institute of Standards and Technology (NIST) periodically publishes guidelines for better password security. In addition, several security specialists offer password guidance in addition to their security audits and protection system. Here are nine ways to strengthen your user authentication.

  1. Complex passwords: Simple passwords are quickly compromised. Users should never use their names, for example, or their birthdate (social media sites announce peoples’ birthdays every day). Passwords are complex when they mix upper and lower case letters, numbers and special characters. However, as noted above, you want to avoid substituting numerals or characters for letters.
  2. Minimum password length: A password should be long. While the standard has been eight characters, a better minimum is 14 characters. Longer passwords are stronger than shorter ones. Each additional character in a password adds exponentially to the challenge of guessing it.
  3. The alphabet advantage: Because there are 26 letters in our alphabet but only ten numerical digits, “tomato” is more challenging to crack than “470982.” (Nevertheless, “tomato” is a word in the dictionary, so it is not a good password.)
  4. Passphrases: Security experts recommend using passphrases rather than passwords. Phrases are longer but can be easier to remember while harder to crack. However, “Maytheforcebewithyou” is not a secure passphrase! Avoid popular catchphrases. Instead, select three or four unrelated but meaningful-to-you words. You can remember them, but they are very challenging to guess.
  5. Password generators: You can use a password generator to provide solid, random passwords for you, though you’ll also want a good password manager to keep track of them, as they are impossible to remember.
  6. Resets: While mandatory periodic password resets had been a recommended practice, NIST says longer passwords or passphrases do not require frequent resets. Still, experts recommend resets, though the intervals between can be longer. When resetting passwords, don’t merely “increment” the old password by changing a numeral at the end. And do not alternate back to a prior password. The reset must be a new password or phrase to be secure.
  7. Do not share: A password is like a toothbrush, not meant to be shared. The experts say share your password with no one. Not your BFF, not your boss, and not your mother!
  8. Different passwords for each authentication: This is hard, but when you use a password in more than one place, you seriously increase your risk. Breaches will continue to happen. Once a criminal gets a password, they can and will try it to access other accounts and systems.
  9. Use 2FA or MFA: Wherever possible, use two-factor or multi-factor authentication. That typically involves sending a confirmation code to a smartphone or requiring bio-authentication (such as providing your fingerprint). With MFA, a password compromise is not enough for the hacker to get into the account or system. So MFA is a powerful security tool to protect your organization and yourself.

There are additional steps your IT department can and should take. These recommendations are steps everyone can take to protect their organization, data—including their vendor data—and their accounts from criminals. We log in multiple times and places a day but must not lose sight of the criticality of security. A breach can significantly damage an organization, its employees, vendors and customers with legal, financial and reputational costs.

To find out how VendorInfo can help you protect your vendor information, let’s talk.

Simple to Launch.  Simple to Use.

Request a Demo

Stop Calls and Emails, Enhance
Service and Increase Profit!

InvoiceInfo saves labor hours and cost by helping suppliers and internal staff easily and instantly get answers online to their invoice-payment questions.

If you are like many finance leaders today, you are being challenged to reduce costs more quickly. InvoiceInfo delivers real bottom-line results almost immediately, allowing you to deploy your customer service staff to focus on more productive, bottom-line oriented tasks.

Let us show you how InvoiceInfo's vendor self-service portal can help your organization eliminate invoice inquiry emails and calls while enhancing service to your accounts payable customers.


Get Up and Running Quickly and Seamlessly

InvoiceInfo and VendorInfo are standalone applications that can be up and running in as little as two weeks, with little or no IT resources required.

The faster your online portal is up and running, the sooner you will start reaping the benefits. InvoiceInfo and VendorInfo are dedicated solely to helping AP and procurement departments slash the time and expense of servicing vendors, while improving customer service for their suppliers.

InvoiceInfo and VendorInfo are simple solutions with big results. They are easy to implement and easy to use. Here’s how one customer described the process: “You give vendors a URL, provide instructions about what they need to know and tell them to go use it.” It really is that easy.


Improve Productivity with a Self-Service Solution

For most organizations, deploying a technology solution is a significant investment, and like most investments, the decision point ultimately comes down to the expected return on that investment.

According to a recent benchmark study by The Accounts Payable Network, 60% of AP customer service calls are from vendors while 40% are from internal customers. Vendor issues actually make up even more of the AP call volume than the 60% identified. Many times when a vendor has an issue, the vendor contacts their buyer or purchasing representative, who in turn contacts AP. Even though the call comes from an internal customer, the question originated with the vendor.

Vendor calls affect productivity in your organization exponentially. When vendors call the requisitioner, they are affecting that person’s productivity. Your internal customer’s productivity shrinks when fielding the vendor’s call and again when making the follow up call to AP and getting back to the vendor. Finally, AP’s productivity suffers as a result of the internal customer’s call, the payment status research and the follow-up communication.

With a minimal investment of IT time and talent, you can start reducing customer service calls and expense in a matter of weeks. In addition, you improve vendor relations since you are giving your vendors what they want — answers to their questions immediately — a win-win for everyone involved!


Easy and Economical Solution to Serve Vendors Around the World

InvoiceInfo can help you provide best-in-class customer service to your vendors around the world at a fraction of the cost.

Many organizations today have offices and operations throughout the world and are dealing with many time zones, different languages, and in some cases multiple ERP systems. InvoiceInfo currently supports different languages and can easily work with multiple ERP systems in different locations.

The key to good customer service is to provide the information that the customer wants when they want it. Whether your customer is a vendor waiting for a payment or a colleague that needs information on payment status, they want their information right away. If your organization has vendors and offices in other countries, they can be challenging and expensive to serve. But, with InvoiceInfo, your international vendors and internal customers can access the information they need when they need it.

With InvoiceInfo, you won’t have to staff your customer service team with 24-hour coverage in multiple languages to provide high-quality customer service around the world.


Enhance AP’s Role As a Strategic Partner

Learn how InvoiceInfo can help AP do more with less while continuously improving productivity and bottom-line results.

Many automation technologies such as scanning, workflow, e-invoicing, ACH, and electronic invoicing require significant investments of money, time and talent, making it difficult to get buy-in from upper management. Not InvoiceInfo!

If your goal for your AP department is to reduce costs quickly, call or email us today to learn more about how InvoiceInfo can help you achieve this goal through a quick, inexpensive and easy implementation of a vendor self-service portal.


Enhance Vendor Relationships

InvoiceInfo helps suppliers’ AR departments with simple and convenient access to invoice payment status online at a cost savings for all involved.

It may seem that the organization paying the vendor should hold all the cards in the relationship. But sometimes the opposite is true. Past-due payments and customer service perceptions can harm supplier relationships and disrupt the supply chain.

Your vendors and vendor relationship managers are living in a dynamic, fast-paced environment, so when invoice information is required, it is needed quickly and expected to be of high quality. With InvoiceInfo, your suppliers get answers to invoice inquiries real time, 24/7 with no need to leave messages and wait for responses. Studies show that confidence in data increases when suppliers access invoice and payment information themselves.


Give Procurement and Buyers the Tool They
Need to Respond to Vendors Quickly

Not only can InvoiceInfo be used by suppliers to learn the status of invoice payments, it can also be used internally within your organization.

In addition to reducing calls from vendors regarding invoice status, you can also reduce internal emails and calls from co-workers wanting to learn the status of invoice payment, and save time and effort and boost efficiency and productivity across the organization. Studies show that 40% of AP customer service calls are from internal customers. Many of these are from requisitioners who have received calls or emails from the supplier checking on payment status. These calls are often more expensive for the company because the internal staff member has taken the call or received an email from the supplier, contacted AP for the payment status and had to return the call or email the supplier.

By providing the vendor with a convenient and credible online option to get the answers it needs regarding payment status, you can eliminate multiple calls/emails between the vendor and the requisitioner saving time and money.


Eliminate Difficult Vendor Calls and See
Productivity and Staff Morale Soar

Reduce invoice payment inquiries and “promote” your vendor service team to more satisfying and profit-producing tasks.

By sharply reducing inbound calls and emails regarding receipt and payment status that your AP staff must handle individually, your staff can focus their efforts on more productive, cost-saving activities, learn new tasks, feel more confident and boost their careers.

According to a recent American Express survey on customer service, more than one-third of consumers have lost their temper with a customer service professional in the past year. Of those who lost their temper, three in ten “hung up the phone.” Your staff will no longer have to deal with difficult collectors who can be upsetting and disruptive. Your staff will feel that their time and talents are being put to better use and will feel better about themselves, their jobs and their organization. Reducing these calls can be a real productivity and morale booster for your AP department!


Simplify and Streamline Vendor Onboarding

According to Price Waterhouse Coopers, the average organization spends about $20 in labor to file each paper document, approximately $120 in labor searching for each misfiled document and $220 in re-creation of a document.

Wouldn’t it be great to have all your W-9’s, W-8’s and other registration documents completed online and instantly filed online for easy access when needed? With Vendor Self-Service Onboarding Module, VendorInfo, you can onboard your new vendors in one convenient location and eliminate paperwork and hassles.


Verify the Accuracy of Vendor Information and Stay in Compliance with IRS and Treasury Department Regulations

Government regulators are increasing the complexity of regulations and penalties associated with vendor-related non-compliance.

Penalties for incorrect 1099’s have more than doubled in recent years. Over the last several years, OFAC has levied more than $1 billion in fines against American companies or subsidiaries that did business with restricted businesses, organizations and individuals on its SDN list. In addition to fining these companies, the Treasury Department posts the names of infringing organizations along with fines paid.

VendorInfo Onboarding Module verifies the accuracy of vendor information and helps protect your organization by avoiding embarrassing penalties and fines.

Book Your Live Demo