The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Author: centexitguy Page 72 of 140

Ways To Avoid Banking And Payment Fraud

By

On December 13, 2016

In Security

13 December, 2016

Online banking and payment frauds are increasing at an alarming rate. Moreover, with the continuous emergence of ecommerce websites, more and more people are becoming victims of these fraudulent activities. Though online banking offers a lot of convenience, the security risks that come along with it necessitate the users to be extremely cautious while accessing their financial accounts.

Given below are a few tips that can help to avoid banking and payment fraud:

  • Enable Two Factor Authentication: The best approach is to use two factor authentication for all your online financial accounts. With this, you will have to enter your login credentials, along with the unique one time password (OTP) sent to your mobile number, to confirm any transaction. Thus, even if someone has your username and password, he would not be able to use them unless he gets the OTP.
  • Choose Strong Passwords: Create a strong and hard-to-crack password for your internet banking account. The password should ideally be 6 to 10 characters long and consist of uppercase, lowercase letters, numbers as well as symbols. Also, you should not store your password in your computer system, unless it is properly encrypted.
  • Avoid Clicking Through Emails: Be wary of phishing emails that require you to update your account information online. Also, do not click on any links embedded in such emails. They may contain a malicious code that redirects you to a fake website to record your banking credentials. It is safer to directly type in your bank website’s URL in the browser.
  • Access Your Accounts Securely: Do not access your financial accounts from open Wi-Fi hotspots. These networks do not use encryption and all the information you share can be easily viewed, accessed or modified by the hackers. Also, the website’s URL should begin with ‘HTTPS’ instead of ‘HTTP’ along with a small padlock icon in the address bar.
  • Log Out After Each Session: No matter you are using a personal/public computer system or a smartphone, it a good practice to log out after every online banking session. This will minimize the chances of becoming a victim of session hijacking and cross site scripting attacks. You should also clear the browser cache and history at the end of each session.

We, at Centex Technologies, offer comprehensive internet security solutions across Central Texas. For more tips on preventing online banking and payment fraud, you can call us at (855) 375 – 9654.

Vulnerability Scanning Vs. Penetration Testing

By

On December 6, 2016

In Security

6 December, 2016

Vulnerability scanning and penetration testing (or pen testing) are often used interchangeably in the field of IT security. Though these security tools are co-related, there are some key differences in the purpose for which each of them is carried out. Having a clear understanding is essential for the IT professionals to utilize the available resources judiciously.

Given below is a detailed description of vulnerability scanning and penetration testing:

Vulnerability Scanning

Vulnerability scanning refers to an in-depth and automated scan of the computer systems to identify any potential security flaws. It allows the organizations to evaluate the level of IT security protocols, detect weaknesses and differentiate the ones that can be exploited by the cybercriminals. The scan also involves providing a detailed report stating the steps required to either mitigate or diminish the security threats.

A vulnerability scanning process mainly involves the following steps:

  • Creating a list of the valued assets and resources in a computer system
  • Determining the importance and confidentiality of all the resources
  • Identifying the vulnerabilities, where they are located and categorize them according to their risk of being exploited
  • Eliminating the potential vulnerabilities for the most important files and data

Penetration Testing

Penetration testing involves simulating a cyber-attack to penetrate the corporate network and gain access to the sensitive data. Its main purpose is to determine if any malicious activity is possible and the way it can be carried out by the hackers. The IT security experts conduct a complete scan of the corporate network and attempt to exploit any of the identified vulnerabilities. Subsequently, a detailed report is provided stating what resources were accessed without permission, vulnerabilities that were exploited and how they can be fixed.

Essentially, penetration testing can be of two types, white box and black box. The former one involves the use of pre-disclosed information about the target company’s resources and network vulnerabilities. Black box testing, on the other hand, is performed with little or no knowledge of the security flaws in the target systems.

Though vulnerability scanning and penetration testing serve different objectives, both of them should be performed to improve an organizations’ overall IT security. Vulnerability scan should be carried out monthly and may take less than an hour to be completed. Penetration tests are recommended to be performed annually and may take a few weeks, depending upon its scope.

For more information on the importance of vulnerability scanning and penetration testing for your organization, feel free to contact Centex Technologies at (855) 375 – 9654.

The Most Common Mistakes People Make Online

By

On November 29, 2016

In Security

29 November, 2016

A lot of people spend hours on the internet every day. Right from sending emails, playing games and shopping to social networking and many other tasks, internet has become the lifeblood of people of all age groups. However, despite the extensive upsurge in internet usage, users tend to make a lot of mistakes which can ultimately sabotage their web browsing experience. This may either show up by slowing down the internet or infecting the computer system with a malware.

Given below are some of the most common mistakes people make online:

Browsing On Public Wi-Fi

Though browsing on free public internet hotspots seems convenient, security is a major issue that comes along. These networks do not use encryption and any information shared or received over it can be illegitimately stolen by the hackers. Therefore, online banking accounts, shopping websites, official emails etc. should never be accessed on public Wi-Fi networks.

Delaying Browser Updates

When it comes to online security, hackers are not just confined to phishing techniques and malicious websites. You can be a potential victim of online attack if you have not updated your internet browser or other applications to the latest version. Though Google Chrome manages automatic updates at the backend, other browsers may prompt you to download and install the patch. Make sure you do not delay these updates as they help to enhance browsing experience and fix any bugs present in the previous version.

Oversharing On Social Media

Sharing too much of personal information on social networking websites is also a common mistake made by most people. Your email, home address, phone number, social security number, vacation plans, current location etc. may be used by the hackers for social engineering purposes. This information may also be used to gain access to your other online accounts.

Ignoring SSL Certificate Warnings

While browsing the internet, many times a dialogue box pops-up stating ‘Your connection is not private’. Unfortunately, less than half of the users follow this warning and continue visiting the website. With this, you are putting your sensitive information at risk of getting leaked out to the cybercriminals.  Websites that use an SSL certificate encrypt all the information so that it cannot be decoded by anyone except the specified receiver.

Centex Technologies is a leading IT consulting firm providing comprehensive solutions to the businesses in Central Texas. For more information and tips on online security, you can call us at (855) 375 – 9654.

Debunking Myths About SSL And HTTPS

By

On November 21, 2016

In Security

21 November, 2016

HTTPS (Hyper Text Transfer Protocol Secure) and SSL (Secure Sockets Layer) certificates have provided an effective means to keep your information secure over the internet. However, many enterprises still rely on the public cloud and other unsecure web applications. This is mainly because of the common misconceptions related to the management, cost, usability and benefits of these network security protocols. It is important to debunk the myths about SSL certificates and HTTPS protocols so that organizations can secure their online resources.

MYTH: SSL Certificates Are Expensive
FACT: This is one of the major reasons why most entrepreneurs avoid getting SSL certificate for their website. However, if you research thoroughly, there are many low cost SSL certificate providers on the internet. You should consider your requirements in terms of features and mobile compatibility to get the right SSL certificate.

MYTH: HTTPS Slows Down A Website
FACT: HTTPS does not have any visible impact on the load time of the website. Though the connection with the server may take some time due to the data encryption process, it can be resolved by upgrading the processor.

MYTH: HTTPS Is Required Only For The Login Pages
FACT: Another common myth is that HTTPS is required for the website’s login or home page only. In actual fact, if you do not secure other pages of your website, you are actually increasing the likelihood of session hijacking, particularly if the users are connected to an open Wi-Fi network. Any information shared by the users can be easily viewed, accessed and manipulated by the hackers.

MYTH: HTTPS Websites Involve No Content Caching
FACT: Many people claim that websites using HTTPS cannot be cached by the web browsers. However, if you use response headers, you can prompt the browser to cache the content in your website. The response headers to be used may differ for each web browser.

MYTH: SSL Will Not Affect Your Website’s SEO
FACT: In an attempt to improve online security, Google officially announced that websites using HTTPS will be ranked high in results pages. This has encouraged most webmasters to switch from HTTP to HTTPS to avoid having a negative impact on their website’s ranking. Also, users are more likely to visit websites that are encrypted, particularly if they are required to their sensitive information such as username, password, credit card details etc.

For more information about the importance of SSL and HTTPS for websites, feel free to contact Centex Technologies at (855) 375 – 9654.

What Are Whaling Attacks And How To Prevent Them?

By

On November 14, 2016

In Security

14 November, 2016

A whaling attack can be defined as a targeted type of phishing attempt to extract important information from high profile users, most commonly the corporate executives, celebrities and political leaders. Just like phishing emails, these attacks involve sending fake emails that claim to be from a legitimate source. The difference is that the content of a whaling email is written in a more professional manner and generally framed in the form of a legal notice, company issue or customer complaint.

Give below are some of the key attributes of a whaling attack:

  • Involves extensive research about the target: The success of a whaling attack largely depends upon gaining the trust of the target user. If the recipient has any doubt about the authenticity of the email, he would not take the desired action. To avoid this, hackers carry out an extensive research to gather maximum information about the target victim. They browse through his social media profiles, company information and other online sources so that a legitimate email can be crafted.
  • Uses A Compromised Account Or Fake Domain: The hackers generally attempt to compromise one of company’s higher level executive’s email account. They may also create a fake domain name that looks similar to the official website of the company. This reduces the chances that the email will be perceived as suspicious.
  • No Use Of Links And Attachments: Unlike phishing attacks, whaling emails do not have any attachments or embedded links. This ensures that the email easily passes through the spam ad phishing filters. Also, the users do not hesitate opening the email perceiving it to be malware laden.

Tips To Prevent Whaling Attacks

  • The senior management, high level employees and financial teams should be educated about the whaling techniques and how to identify spoofed emails. They should also be updated with the common characteristics of a whaling email, such as fake sender names, hoaxed URLs, wire transfer requests etc.
  • Utilize an email filtering system. Whaling emails are sent to look like they have come from someone within the organization. Demarcating emails that are not sent from the company’s corporate network is a good way to identify whaling attacks.
  • Establish a face to face or phone verification process for emails that require money transfer.

We, at Centex Technologies, can help to improve your company’s IT security. For more information, you can call us at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)