LogMeIn Introduces New Security Features

security

Well configured remote access solutions, like LogMeIn, increase productivity with no adverse impact on network security.  As we continue to advance our security features, we are committed to ensuring the ease-of-use for users combined with components that promote secure, safe, and wise use of our products.

According to recent research[1], security concerns are the number one roadblock for businesses moving to the cloud.  Taking the appropriate steps to secure your business is often simple –but 55% of businesses do not require two-step verification to ensure that extra layer of security and authentication[2].  Further, over half of businesses rely on either in-app prompts to direct users on updates and password strength or rely on employees to establish password strength and change passwords on their own[3].

With this in mind, we are excited to announce several new advancements to our Login Policy features that add additional security to prevent unauthorized access to your LogMeIn account and offer several verification options for end-users to gain instant access so that they are better equipped to be productive from anywhere. This is particularly important for those companies in regulated industries that require HIPAA and PCI compliance.[4]

What’s new with Login Policy?

Password Strength
Two new options are available for Password strength: ‘Standard’ and ‘Strong’.  Applying a “Strong” password policy will force users to create a robust, secure password meeting the following requirements.

  • Seven characters or more
  • Made of capital letters, lowercase letters, and numbers
  • Required change every 90 days
  • Does not match user’s LogMeIn ID
  • Does not match the LogMeIn ID or any of the user’s four most recent passwords

Your users will be affected at their next login after the feature has been enabled. If users have a password that does not meet the requirements, they will be forced to change their password.

Forced Two-Factor Authentication
Two-factor authentication adds a second layer of protection to your LogMeIn account.  Now, administrators can require this feature for all users. This added security process prompts users to enter a one-time security code with their password whenever they sign in.  Users have the opportunity to set this up from either a mobile authenticator app or via SMS text message.  Additionally – if the primary method is unavailable, users will be able to request a code via a backup.

All methods of two-factor are available for use. Users can use:

  • Security Codes via SMS
  • Google Authenticator (or Android/Windows equivalent)
  • Emailed Security Codes
  • LogMeIn Authenticator App  – NEW

login policy

 

 

 

 

 

 

 

 

 

 

 

LogMeIn Authentication App

pmi-app-icon-appstore_1024x1024

To make our end users experience as fast and simple as possible, we now have our own LogMeIn Authenticator app which can be used to simplify the second factor authentication to a single gesture.

The LogMeIn Authentication App is a dedicated two-step verification tool for use with LogMeIn accounts[5]. Using LogMeIn Authenticator, users can verify their identity by tapping the notification that they receive when attempting to sign in to their LogMeIn account. The app will also generate security codes as a secondary verification solution when your phone is offline.

 

For a detailed overview of these Login Policy enhancements, check out our online guide for updates on Password Strength and Two-Step Verification or login now. Also download the LogMeIn Authentication App today!

lmiquote

 

[1] Edge Strategies and LogMeIn
[2] Ponemon Research and LogMeIn
[3] ESG Research
[4]  When used and configured properly, the technical security features employed by LogMeIn assist companies with their HIPAA and PCI compliance requirements. In combination with User Access through Group/Computer permissions, LogMeIn allows you to get HIPAA and PCI ready.
[5] Please note it will not work with external sites/apps.

         

What your organization can do to avoid getting phished

As you are probably well aware, phishing attacks are on the rise all around the world. Organizations must take extra steps to make sure that they protect themselves as well as their customers against this threat.

As Attila mentioned in his post earlier this week, LogMeIn employs SPF, DKIM and DMARC on every email it sends from a @logmein.com address.

The combination of these three technologies allows the recipient server to validate that:

  1. The email was sent from a server authorized by LogMeIn
  2. The contents of the email has not been manipulated

The key point is that the check is done on your organization’s email servers. They have to support DMARC, SPF and SKIM in order to filter out phishing emails.

Most major email providers, including Gmail, Yahoo mail, and Outlook.com checks for these records and will put phishing emails appearing to come from a @logmein.com address into the Spam folder. Be wary of slighter variations of the domain part. If you see an email from logme.in.com or logmeein.com or some other variation of our domain, you can safely delete it.

If your organization maintains its own email servers, and you receive these phishing emails please ask your email administrator to set up SPF, DKIM and DMARC. You are going to save yourself from a lot of headache.

And as always, follow the best practices for email.

Does your organization use DMARC? If it does not, what is the reason?  Please leave a comment and share your thoughts.

         

Update.me – Collaboration, innovation, and engagement

Week of April 03

Virtual collaboration tools in the workplace have become a mainstream topic of conversation in global news articles and blogs.  As the youngest members of the millennial generation grow up and enter the workforce, companies are heavily considering their work styles and communication preferences – including the technology and tools they use. Here are a few articles this week that talk about virtual collaboration, including why it’s preferred over a competitive work environment, and how it can work better than face-to-face communication.

04_03_um_INCWhy Collaboration Wins Over Competition
Millennials who will make up 50 percent of the workforce by 2020, overwhelmingly prefer a collaborative workplace over a competitive one. This infographic shows how collaboration wins in the workforce, and how advances in cloud and video technology are empowering employees by staggering numbers.

Tags: #collaboration #millennials
Follow: @inc

 

04_03_um_HBR

Collaborating Online is Sometimes Better than Face-to-Face
When given the choice, most workers would prefer a face-to-face conversation as a method of communication, to enhance productivity and communication. However, there are some benefits to choosing online collaboration first, including appealing to various work styles, and convening dispersed teams.

Tags: #virtualmeeting #productivity
Follow: @HarvardBiz

 

04_03_um_socialmedmonthlyMake Your Online Meeting More Social
Given that there are a lot of potentially sucky meetings out there, we like this post about how to jazz up your next global online meeting, including skits, toasts, and starting with some humor.

Tags: #socialmedia #virtualmeeting
Follow: @socialmediamos

         

How to Wake Yourself Up in the Afternoon, Without Caffeine

jmblog

It happens like some sick narcoleptic clock work: every day around 3 PM, your body yearns for a very inconvenient nap. Don’t worry, you aren’t the only one dozing off: nearly 40% of U.S. adults fall asleep unintentionally during the day – it could have something to do with sucky meetings. The answer isn’t an IV drip of coffee straight into your bloodstream (in fact, that might make it worse).

Instead, here are some decaffeinated tips that’ll help you conquer that pesky afternoon fatigue.

Take a Sunshower
Your internal rhythms vibe well with daylight, so if you find yourself nodding off at your desk, simply open the shades and position yourself where you can get as much Vitamin D nourishment as possible. If the day is looking bleak, artificial light can work too. Using a service like join.me allows you to work from a sunny, remote location and still get just as much done.

Take a Nap
No for real: if your body is shutting down and all these methods are no match for your sleepy little face, ten minutes of zzzs should do the trick. It’s a quick reset button so you can finish out the day. Just find a quiet desk and crawl into your own personal cave. If you don’t want to hunker down proximate to your boss, you can work remotely.

Start DJing Your Afternoon
Put on the headphones and stream your most upbeat, energetic music. Sound vibrations can stimulate your brain waves and jolt your entire body into a more wakeful state.

Want to see some more? Click here for the full list on Lifehacker.com.