Archive for November, 2015

Data Encryption: Threats And Best Practices

November 28, 2015

Data encryption has long been known to be one of the most effective and important techniques to safeguard information in a corporate setting. It allows the users to translate sensitive digital data that is stored on a computer system or transmitted across the company’s network. The encrypted data, known as ciphertext, can only be accessed by authorized users who have the password required for decryption. Here are some of the reasons every organization needs data encryption:

  • Risk of unauthorized users viewing sensitive data: Sharing important files and data are critical for teamwork. However, all employees might not be clear about who is authorized to view what kind of information. Whether accidently or purposely, giving unauthorized users access to confidential data can endanger your organization’s’ IT security.
  • Risk of employees viewing undeleted data: Ideally, the information that is not required should be deleted from the computer. However, this might not be possible for the data stored on the cloud as there may be additional copies present as backup which can be accessed by other people.
  • Risk of sharing unencrypted sensitive data: Businesses that require storing sensitive personal and financial information of clients or customers may invite serious legal implications without proper data encryption.

Tips to implement a successful data encryption strategy

  • Evaluate your security goals: Before devising an encryption strategy, you need to figure out what all you want to protect. This may include all the hard drives, removable storage devices, employees’ personal laptops or any other kind of system. You must also get yourself familiar with all the data governance policies and compliance mandates applicable for your business.
  • Enforce removable media encryption: With USB flash drives and portable hard disks holding a massive amount of data, securing only the computer systems does not seem to be enough. You must ensure that all information transferred from one source to another on the company’s network is properly encrypted.
  • Maintain comprehensive audits: You must maintain a comprehensive log of every time any sensitive information is accessed. The name of the employee, data accessed, purpose and time of use should be recorded.
  • Access control: Ascertain that only the authorized users are able to view the encrypted data. Also, limit the number of times that data can be accessed each day. For a successful encryption strategy, you must implement an appropriate balance of file permissions, passwords and two-factor authentication.

We, at Centex Technologies, can help to implement an effective data encryption policy in your Central Texas based organization. For more information, you can call us at (972) 375 – 9654.

,

No Comments

Social Engineering Attacks And How To Prevent Them

November 23, 2015

Social engineering is a non-technical method of attack in which the hacker attempts to convince users to break normal security practices. The type of information generally sought by hackers includes bank account information, password, credit card details etc. Certain social engineering attacks also involve sending malware-laden email attachments to gain control over the user’s computer.

Types Of Social Engineering Attacks

  • Phishing: This is probably the most common form of social engineering attack. The hacker sends an e-mail, IM or text message that appears to be coming from a legitimate and credible institution, company, bank etc.  A phishing scam is carried out to obtain a user’s personal information such as name, address, social security number, bank account details etc.
  • Pretexting: In this, the attacker creates a plausible backstory to gain access to confidential information. For instance, the user may receive a call or email claiming to be from a bank and asking about his credit card details or account number to verify identity.
  • Baiting: These attacks are often presented in the form of attractive offers and schemes to the users once they enter their login credentials. People who fall a prey to the bait may infect their computer system with malicious software, leak out the financial information stored on the computer and generate new malware exploits.
  • Quid Pro Quo: This attack may involve an attacker who spam calls people and claims to be from an IT company. The user may be asked to disable his anti-virus program in exchange for a quick fix for his computer issue. Subsequently, the attacker may install a malware on the system in the guise of a software update.
  • Tailgating: This involves an attacker getting access to a restricted area of an organization through an authorized employee. Tailgating may also be carried out by borrowing someone’s computer or laptop for some work but actually installing malicious software.

Tips To Prevent Social Engineering Attacks

  • Beware of unsolicited IMs, emails or phone calls
  • Keep your anti-virus software updated
  • Do not give out your personal information, such as user name, password, credit card number, social security number etc. to anyone
  • Ignore phone calls or emails asking for financial information or passwords
  • Do not download attachments or open embedded links from unknown senders
  • Check website URLs before opening
  • Reject requests for online tech support
  • Lock your laptop or computer while leaving your workstation
  • Use two factor authentication to log in to all your online accounts

For more information on preventing social engineering attacks, contact Centex Technologies at (972) 375 – 9654.

,

No Comments

Credit Card Phishing Scams And How To Protect Against Them

November 17, 2015

With credit card becoming the most preferred mode of payment these days, phishing scams have also risen massively. Phishing is a form of hacking attack wherein cyber criminals contact the users in the guise of legitimate and credible companies to extract their credit card information. Once the details are obtained, the cyber criminals use it for malicious purposes.

Here are some of the common ways through which credit card phishing scams are carried out:

  • Fake Emails: Phishing attacks usually involve fake emails that create a sense of urgency or require the user to visit certain website immediately. These emails usually have a form to fill personal information, including credit card number or bank account details.
  • Malware Installed On Computer: The cyber criminals may download and install malware on the user’s computer through malicious advertizements, pop-ups, email attachments or simply by visiting a spam website. Once your computer is infected, the malware will steal your credit card information and send it to the hacker whenever you make an online transaction.
  • Spam Links: The user may receive a spoofed email with an embedded link to a website that appears to be legitimate. These websites usually requires confirmation of the user’s credit card number, expiration date and security code.
  • Fake Phone Calls: The hackers may also make a forged phone call impersonating a known credit card company or bank customer service executive and ask the user to verify his credit card details.

Tips To Protect Against Credit Card Phishing Scams:

  • Install and frequently update the anti-virus software, spam filter and spyware remover on your computer.
  • Do not share your credit card details with anyone and choose a strong as well as lengthy password for all online accounts.
  • Never use public computer systems or Wi-Fi networks for online banking or shopping.
  • Even if you receive a legitimate email with an embedded URL, do not click on the link. Instead, manually type in the website address in your browser to visit a genuine site.
  • Install software and applications only from credible sources.
  • Regularly check your credit card statements and if you find any suspicious purchases, immediately bring it to the notice of your bank.
  • Use zero liability cards as far as possible to avoid being accountable for unauthorized transactions ion your credit card.
  • Verify a website’s security by confirming that its URL starts with ‘https’ instead of ‘http’.

For more information on protection from credit card phishing scams, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Internet Of Things: Security Risks And Challenges

November 9, 2015

The term – Internet of Things (IoT) essentially refers to a uniquely identifiable network of physical objects, such as wearable gadgets, smart phones, TVs, electronic appliances, cars etc., that are rooted with software, sensors and internet connectivity. These devices are able to connect and share information without requiring a machine-to-machine or human-to-machine interaction. While they can be a game changer in terms of the way we live our daily lives, being in nascent stage, IoT devices are still quite vulnerable to hacking attacks.

Here are some of the security risks associated with Internet of Things:

  • Data Breach: With the lack timely updation of security software, IoT devices can be at risk for exposing sensitive information to cybercriminals that can be used for malicious purposes. Hackers can stalk the different devices in an IoT network and steal the data shared between them. Data breaches can be a serious threat to the virtual security of individuals and organizations that use such devices.
  • Botnets: These are a group of remote computers, smart appliances and network connected electronic gadgets working together to achieve an illegal goal. The bots are usually transferred to these devices through insecure internet ports or spam downloads. A malicious code is used to infect the IoT devices and exploit the software on which they operate.
  • Cross-Device Access: IoT devices generally connect to a computer system, Wi-Fi network or smartphone to operate. This provides an additional route hackers can take to gain access to the information stored on all systems connected with the IoT device. By installing a malicious program or code on an IoT device, the attacker can get hold of entire network and system files. It also makes users vulnerable to a man-in-the-middle attack where hackers can intercept or modify information shared between two IoT devices.
  • Dos Attacks: A Denial of Service (DoS) attack involves using the bandwidth, network resource, CPU time etc. of a malware infected computer. The hacker attempts to flood the infected computer network with a huge amount of traffic that causes its functioning to cease. With Internet of Things, the hackers are easily able to access a number of interconnected devices through a single path.
  • Ransomware: This is malware based attack that limits or restricts the user’s access to an infected device unless he pays a certain sum of ransom to the hacker. With the increasing use of interconnected IoT devices, the risk for ransomware attacks has also escalated manifold.

We, at Centex Technologies, provide complete cybersecurity solutions to the business firms in Central Texas. For more information, you can call at (972) 375 – 9654.

,

No Comments