24 September, 2016
Due to the advancement in technology, financial institutions are rapidly shifting their mode of transactions to the internet. Though online banking offers much more convenience and saves you the hassles of visiting the bank, the indiscernible risks associated with it cannot be overlooked. Before accessing your account online or transferring funds over the internet, it is essential that you understand the risks involved to keep yourself protected.
Discussed below are some of the potential security risks of online banking:
Most banks implement strong security measures to prevent hacking attacks, but your personal computer may not be fully protected. Once you access your account, all your personal information, including account number, social security number, PIN etc., is at risk. The hackers may infect your computer with a malware or use social engineering techniques to acquire your banking details and conduct fraudulent transactions.
Phishing is another common attack in which the hacker sends fake emails to compel the users to give out their personal information. These emails often create a sense of urgency and require the user to click on a specific link. When the user clicks on the link, he is redirected to a fake website that looks similar to the bank’s login page. As soon as the user enters his online banking credentials, the information is transmitted to the hacker to be used for malicious purposes.
Your computer system may have a malicious script installed that stealthily records and stores all the keystrokes of the user. This information is then sent to the hacker to get unauthorized access to your online banking account or other websites that require login credentials.
Man-In-The-Browser (MITB) Attack
This type of attack is similar to the man-in-the-middle attack. However, an MITB attack involves the use of Trojan horses to infect the user’s internet browser. The Trojan may be installed by tricking the user to download a software claiming to be a legitimate update. When the user initiates a financial transaction, the Trojan alters the form fields and information submitted to the bank’s website. This change is not visible to user and takes place before SSL encoding. As a result, the hacker gets control of the user’s banking interface, while bypassing all the stringent authentication mechanisms.
Centex Technologies is a leading IT security company in Central Texas. For more information on online banking threats and security measures, feel free to call us at (855) 375 – 9654.
16 September, 2016
Information security is the essence of every organization. With the recent hacking attacks targeted at big business firms, it has become even more important to protect the confidential data. However, despite spending a lot of resources on IT security, entrepreneurs often overlook the risk posed by uninformed personnel within the organization. Proper security training is essential to make them familiar with the latest forms of data breach and the precautions they need to take in order to prevent such attacks.
Given below are some reasons why information security training is important in organizations:
Avoid Potential Risk
When employees attend the IT training classes, they get to know the basics of online browsing risks and safety. This can minimize the potential risks that may arise due to any phishing or social engineering techniques used by the hackers. During the training, the employees can also be made to face a simulated hacking attack, in which they understand the consequences that the entire organization may have the bear.
Train Employees To Stay Safe On The Internet
With proper training, employees can learn about the best practices to improve their online browsing experience, both on the personal and professional front. They will be more careful while downloading any files or program, opening email attachments, using social media accounts, sharing important information over the internet etc. All these will benefit the organization in the long run.
Build A Secure Internal Environment
When you provide complete information security training to all the employees, it maintains an overall secure environment within the organization. They will understand the company’s security policies in a better way and coordinate with the IT staff in case an issue arises. With this, in the event of data breach, the management will be able to take immediate action and diminish the associated financial costs as well as loss of company’s intellectual property.
Responsibility For Company Data
Information security training will also inform employees about their duties and accountabilities towards maintaining confidentiality of the company’s data. They will know what type of data can be shared and with whom. Strong password practices, data encryption, file management and other related polices will be more dedicatedly followed when the employees are aware of their legal and regulatory obligations towards the integrity of the organization’s resources.
We, at Centex Technologies, provide complete information security training to the business firms in Central Texas. For more information, you can call us at (855) 375 – 9654.
9 September, 2016
Watering hole attack is a relatively new technique used by the hackers and is mainly targeted towards compromising a business’ network security. This type of attack involves exploiting a security vulnerability in a selected website. When the target user visits the website, the attack is initiated and his computer system is infected with the malware. A watering hole attack is quite similar to a drive-by download, except that it is highly targeted and extremely difficult to detect.
How Does A Watering Hole Attack Work?
A watering hole attack typically involves the following steps:
- Determine target group
First, the attacker identifies the target group, who are mainly employees of large business firms and government organizations, to determine the type of websites they are most likely to visit.
- Identify Vulnerabilities
The attacker carefully tests the selected websites for any vulnerabilities that can be exploited. He examines the web servers, ad servers, web apps etc. to pinpoint the security flaws.
- Inject Malicious Code
- Infect The Target Group
Once the target users visit the website, the malware gets downloaded into their computer systems. It may be in the form of a Remote Access Trojan (RAT) that includes a back door to provide the hacker with complete administrative control of the infected computer.
Tip To Prevent Watering Hole Attacks?
Regular Updating Of Software
Hackers tend to initiate a watering hole attack by exploiting zero-day vulnerabilities in the computer software. Thus, it is recommended to keep your system updated with the latest patches released by genuine software vendors.
Watering hole attacks involve following a definite network path to exploit the security flaws in a website. Vulnerability shielding or virtual patching, allows the administrators to monitor traffic and identify any aberrations from the usual protocols. This, in turn, helps to prevent vulnerability exploits.
Using Virtual Private Network
The highly targeted nature of watering hole attacks makes the malware to be active only when a specific set of users visit the website. When you access the internet through a virtual private network (VPN), it hides your IP address and other tracking data so that the malware does not perceive you as a targeted victim.
For more information on watering hole attacks, feel free to contact Centex Technologies at (855) 375 – 9654.
29 August, 2016
Mobile security is becoming an important issue for the organizations to address. There is no denying the fact that mobile devices help to save time and increase employee efficiency to a great extent. However, the potential security risks posed by these devices cannot be overlooked. It is seen that most employees use the same mobile device for personal and official purposes. It means that connecting to an unsecure network or downloading a malicious app puts both type of data at risk.
Listed below are some tips to improve mobile security in an organization:
- Use Strong Passwords: A lengthy and difficult password is the first line of defense against a potential data breach. Therefore, encourage your employees to keep their devices protected with a strong password. Besides the basic mobile security options like PIN numbers or patterns, they should opt for more sophisticated ones like fingerprint scanner, facial recognition, voice recognition etc.
- Install Anti-Malware Software: Owing to the ignorance of users, hackers are constantly targeting mobile operating systems to initiate a malware attack. It is important that the devices used by your employees to connect to the corporate network have an anti-malware software installed. They should also regularly update the software to stay protected against the recent forms of malware.
- Avoid Unsecured Wi-Fi: Many organizations today are allowing employees to work from remote locations, which increases the risk of your company’s important data being accessed and shared over public Wi-Fi connections. Make sure your employees are aware of the potential security risks and access corporate data through secure Wi-Fi networks only.
- Encrypt Confidential Data: Encryption of sensitive information sent and received on mobile devices can go a long way in improving your company’s cyber security. Organizations can implement encryption policies according to the employee groups or the level of data confidentiality.
- Choose Mobile Applications Carefully: You should limit or block the use of third party software on mobile devices being used for official communications. This can help to prevent the occurrence of a breach resulting from unintentional drive-by downloads or installation of applications having backdoors to transmit company’s information to the hackers. Employees should be allowed to install only reliable and a limited number of apps from a legitimate source.
- Create Secured Mobile Gateways: You can consider directing mobile traffic through a special gateway with targeted security controls, such as firewalls, web content filtering and data loss prevention. This will restrict the employees from using the company’s internal network for personal communications, thereby preventing unwanted software downloads.
For more tips on improving your organization’s mobile security, you can contact Centex Technologies at (855) 375 – 9654.
23 August, 2016
Business organizations are a worthwhile target for the hackers to carry out phishing scams. Whether it is to steal passwords, employee details or any other sensitive data, just a single click from an ignorant employee is sufficient to give out the information sought by the hackers. Though most phishing emails are detected by spam filters, it is important for the employees to understand the risks and consequences to avoid falling victim to such attacks.
Listed below are some steps organizations should take to guard against phishing scams:
Initiate A Security Awareness Program
The reason why phishing attacks have a high success rate is because they target the end users, i.e. people who have little or no technical knowledge about data security. Therefore, educating your employees about this aspect can help to decrease the probability of a potential data breach. As phishing attacks mainly involve a fake email, malicious attachment or ad, unsolicited friend request on social media etc., security awareness program will help your employees identify such suspicious activities more easily.
Keep Software Regularly Updated
Though security software do not offer complete protection against phishing attacks, they can prevent application downloads or website redirects that seem to be potentially dangerous. Hence, it is important to install and update anti-virus, anti-malware and anti-spyware software on all the computers in the organization. The same rule applies to the operating system and other programs installed on the systems. Keeping the software patched will protect you against the latest security threats and vulnerabilities.
Use Layered Security
Make sure your organization’s confidential information is protected by multiple layers of security. With this, even if a phishing attack is successful, the hackers would not be able to gain access to all the data stored on the victim’s computer system. Use secure user IDs and passwords, followed by data encryption, access control protocols, user activity monitoring and other such types of layered security.
Follow Best Password Practices
Encourage your employees to follow the best practices when it comes to maintaining confidentiality of their official email accounts. Make sure they create strong passwords and change them at frequent intervals. Also, the login credentials should be stored in an encrypted format in the computer system. By combining difficult and lengthy passwords with two-factor authentication, you can considerably reduce the consequences of a phishing attack.
For more tips on preventing and managing phishing attacks, feel free to contact Centex Technologies. We can be reached at (855) 375 – 9654.