The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 1 of 69

Apple Expands End-to-End Encryption to iCloud Backup & Photos

By

On January 30, 2023

In Security

Apple has been at the forefront of providing solutions to protect its users from cyberattacks. In the latest update issued by Apple, the mobile device manufacturer has extended its cyber security measures to cover services and apps including iCloud Backup and Photos.

The security update will also extend the protection blanket to iMessages, Notes, and Apple ID. With this update, the end-to-end encryption capability of iCloud will extend from 14 to 23 sensitive data categories. This update will help businesses to adopt Apple devices for multiple business activities.

Let us understand some important aspects of this security update.

  1. Contact Key Verification for iMessages: iMessages is an in-built messaging app for Apple devices, commonly used for communication with financial institutions and subscription platforms. The app’s messaging often includes sensitive information such as ‘One Time Passwords’ for financial transactions, making it important to secure. Apple offers end-to-end encryption for iMessages, which has been further enhanced by the addition of iMessage Contact Key Verification. This feature allows users to confirm the identity of the person they are communicating with by comparing a verification code using FaceTime or a secure call and also alerts both users if a breach occurs.
  2. iCloud Data Security: Apple offers Advanced Data Protection (ADP) to users to ensure the security of their cloud data. Users, who opt for ADP, can enable end-to-end encryption of data stored in their Cloud such that it can only be decrypted on the user’s trusted devices. ADP earlier included end-to-end encryption for sensitive data categories such as Health data. However, the latest cyber security update extends the end-to-end encryption to a number of sensitive data categories like iCloud Backup, Photos, and Notes. Some categories containing sensitive data such as iCloud Mail, Contacts, and Calendar have not been included in the update as these apps often operate in coordination with other global systems.
  3. Security Keys: Apple ID offers two-factor authentication since 2015. Under this authentication process, the user can set two different authentication methods such as device password and a trusted mobile number for verification at the time of signing in to the Apple ID or account recovery. The new update takes the security feature a notch up by allowing the users to choose a hardware security key as one of the authentication factors. The hardware security key may be NFC key, or any other third-party hardware. The authentication process will require the user to insert the hardware security key into the device in order to log in. This will further prevent hackers from gaining access to the second authentication factor for ID access.

Centex Technologies provides IT security solutions for enterprises. For more information, contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.

 

 

Why Students Are Easy Targets For Cyberattacks

By

On January 28, 2023

In Security

The Internet has given rise to diverse learning opportunities for students. It has taken down the location barriers and has made it easier for students to connect with their peers, consult subject experts, and use online study material on a global stage. While this has increased their exposure to a wide range of opportunities, it has also piqued the interest of cybercriminals.

Why Are Hackers Interested in Students?

A major misconception in reference to cyber security is that hackers are motivated by financial gains alone and thus target large organizations only. While direct financial gains are the major motivating force behind cyber-attacks, the attackers may target individuals for other motives, such as identity theft, personality maligning, stalking, etc. These motives may or may not end in financial gains.

These are some of the reasons why hackers target students are:

  1. Easy Target: Students pose as easy targets for hackers. They are not highly aware of the latest cyber threats, making them easy prey. Additionally, school networks are protected by IT professionals. However, it is not practically possible for school IT professionals to protect the student-owned device. With inadequate security measures, student devices are at a high risk of cyber-attacks.
  2. Multiple Devices: Students generally use multiple internet-accessing devices such as smartphones, laptops, tablets, desktops, and smartwatches. As the number and types of devices increases, it enlarges the attack surface for hackers. This increases the probability of becoming a victim to a cyber-attack.
  3. Social Media: Students share pictures, routine activity, and life updates on social media. This offers hackers an opportunity to track their activity and steal personal information. This information can be used to build fake profiles and launch attacks such as identity theft, stalking, cyber-bullying, etc.
  4. Clean Credit History: Students have a clean credit history. Hackers target students’ credit history and use it to get credit approvals, take out loans, etc.

How Do Hackers Target Students?

Hackers use diverse types of cyber-attacks to target students. Common cyber-attacks targeting students are:

  1. Data Theft: Students enter their details when logging in to online learning portals, shopping sites, etc. Hackers target such portals to get information and further use for malicious activities.
  2. Phishing: Phishing attacks are launched by sending an authentic-looking email or message containing a malicious link. Once students click the link, they are directed to a malicious website where their information is collected or malware is downloaded on their system.
  3. Scholarship Scams: Hackers design fake websites or pages that promise students a scholarship in exchange for a fee. This type of attack is used to steal both financial and personal details entered by the students.
  4. Filesharing Risks: Hackers trick users into using free Peer-to-Peer filesharing services that expose the device to viruses or malware.
  5. Webcam Hacking: This is a spyware or stalking attack. Also known as Camfecting, hackers encourage students to download malicious links containing spyware. Once installed, hackers gain access to the webcam of the infected device.
  6. Social Engineering: Social engineering attacks are performed by monitoring social media activity or hacking social media accounts. This type of attack is aimed at tarnishing reputation or blackmailing.

Contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454 for information on how to safeguard personal devices and online accounts from cyberattacks.

What is Data Masking & How To Implement It?

By

On January 25, 2023

In Security

A data breach is one of the most common cyber attacks experienced by organizations. A data breach costs the loss of finances, reputation, and credibility to the organization. As per a survey, in 2021 average data breach costs was $4.35 million, which was a 12.7% increase from 2020.

Such an increase in the number of data breaches has made it essential for organizations to implement data security strategies such as data masking.

What Is Data Masking?

Data masking can be defined as the process of masking the original data and creating its replica by using different characters and symbols. The replica of the data is similar in structure and format to the original data; however, the data values are different.

Types of data that can be protected using data masking include:

  • Personally Identifiable Information
  • Protected Health Information
  • Credit Card Information
  • Intellectual Property

Organizations can use different types of data masking techniques to secure data.

Types of Data Masking:

  • On-the-Fly Data Masking
  • Dynamic Data Masking
  • Static Data Masking
  • Deterministic Data Masking
  • Statical Data Obfuscation

Why Do Organizations Need To Implement Data Masking?

Data masking is an essential cyber security strategy that offers the following benefits to organizations:

  • It is essential to comply with regulations such as HIPAA.
  • Data masking minimizes exposure of sensitive data.
  • Allows organizations to decide how much data they want to reveal.
  • Ensures transparency of applications allowing data masking based on the user level.

While the benefits of data masking emphasize the importance of including it in the cyber security strategy of an organization, its efficiency depends upon the techniques used to implement data masking.

How Can Organizations Implement Data Masking?

There are multiple ways for organizations to implement data masking in their cyber security strategies. Some ways of data masking are:

  1. Data Pseudonymization: In this data masking technique, cyber security professionals identify the sensitive information in the dataset. The sensitive information might include details such as name, email, contact information, financial information, trade secrets, etc. After identification, the data is replaced by pseudo value while rest of the data remains same. This allows de-identification of data that can be reversed, if needed.
  2. Data Anonymization: This technique allows the cyber security teams to secure sensitive information by using data encryption methods. After encryption, the identifiers that connect data to any user are deleted to prevent hackers from gaining access to the masked data or user activity.
  3. Data Shuffling: Under this technique, the values of data entities in the columns of a data set are shuffled either vertically or across different columns. In simpler terms, no change is made to the data values, however the value of an element is assigned to another element and vice versa. The purpose of data shuffling is to ensure permutation of data elements in a way such that no correlation can be derived among the data elements.
  4. Tokenization: Tokenization is done by replacing actual value of data elements with values that look similar but do not have any actual meaning. For example, in a data set of employee salaries, the values of salaries may be replaced with tokens of numerical values that are not actual salary amounts.
  5. Averaging: This technique is used when it is required to maintain actual total value of a column in the data set. The values of individual elements are replaced with an average value such that the sum of all values in the column still remains same.

Centex Technologies assists businesses by providing different data security solutions. To know more, contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.

Expert Tips for Safe Internet Banking

By

On January 19, 2023

In Security

PDF Version: Expert-Tips-for-Safe-Internet-Banking

Top Cyber Security Defense Tips for MSP Businesses

By

On December 28, 2022

In Security

MSP – Managed Service Provider can be defined as a third-party business providing services to manage its client’s IT infrastructure and systems remotely. To provide services seamlessly, Managed Services Providers are required to gain access to clients’ systems, data, and information (user locations, infrastructure, IT structure, and network). A cyber security breach can expose clients’ data and compromise the system’s security.

The cyber security of a managed service provider is connected with that of its clients, highlighting the significance of a cyber-security defensive strategy for MSPs.

Consequences of a cyber-security incident on the MSP network.

  1. Loss of Reputation: A data breach can result in a loss of client trust, which can be a big blow to the business.
  2. Loss of Business: Loss of trust and reputation can provoke some clients to stop doing business with the MSP and shift to a new service provider.
  3. Financial Loss: Loss of clients causes financial loss for a managed service provider. Additionally, the business has to spend financial resources on restoring its systems and network and might be required to pay legal penalties associated with the mishandling of client data.

Best practices and defense strategies for MSPs:

  1. Manage Vulnerability: Ensure that client systems and networks are routinely scanned and tested to detect obsolete systems and identify areas that require updates or patches. Vulnerability management aids in the prevention of zero-day attacks by stopping cybercriminals from obtaining access and exploiting vulnerabilities.
  2. Threat Detection: Firewalls and intrusion detection systems are crucial for detecting threats. They aid in identifying and blocking potentially hazardous traffic using advanced settings.
  3. Preventing Targeted Attacks: Some common examples of targeted attacks against Managed Service Providers include password spraying, brute force attacks, and phishing. These targeted attacks can be avoided by encouraging users and employees to practice password and internet usage recommendations.
  4. Zero Trust Model: A zero trust model bases authorization on carefully examining each access request. Additionally, to stop the lateral spread of the attack, the organization’s network should be divided, and components should be independent of each other.
  5. Streamlined Offboarding: Offboarding process refers to removing accounts and tools that will not be used by the organization in the future. These may include accounts of employees leaving the organization. It is important to delete shared accounts and revoke access of transitioning employees. Organizations should perform regular audits to detect any dead accounts or network ports.
  6. Backups: MSPs should maintain regular data backups and encourage their clients to do the same. This helps maintain business operations by restoring the data and infrastructure in case of a cyber-attack or data breach.

To know more about cyber security defense tips for MSP businesses, contact Centex Technologies. You can contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)