The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 59 of 79

What Are Whaling Attacks And How To Prevent Them?

By

On November 14, 2016

In Security

14 November, 2016

A whaling attack can be defined as a targeted type of phishing attempt to extract important information from high profile users, most commonly the corporate executives, celebrities and political leaders. Just like phishing emails, these attacks involve sending fake emails that claim to be from a legitimate source. The difference is that the content of a whaling email is written in a more professional manner and generally framed in the form of a legal notice, company issue or customer complaint.

Give below are some of the key attributes of a whaling attack:

  • Involves extensive research about the target: The success of a whaling attack largely depends upon gaining the trust of the target user. If the recipient has any doubt about the authenticity of the email, he would not take the desired action. To avoid this, hackers carry out an extensive research to gather maximum information about the target victim. They browse through his social media profiles, company information and other online sources so that a legitimate email can be crafted.
  • Uses A Compromised Account Or Fake Domain: The hackers generally attempt to compromise one of company’s higher level executive’s email account. They may also create a fake domain name that looks similar to the official website of the company. This reduces the chances that the email will be perceived as suspicious.
  • No Use Of Links And Attachments: Unlike phishing attacks, whaling emails do not have any attachments or embedded links. This ensures that the email easily passes through the spam ad phishing filters. Also, the users do not hesitate opening the email perceiving it to be malware laden.

Tips To Prevent Whaling Attacks

  • The senior management, high level employees and financial teams should be educated about the whaling techniques and how to identify spoofed emails. They should also be updated with the common characteristics of a whaling email, such as fake sender names, hoaxed URLs, wire transfer requests etc.
  • Utilize an email filtering system. Whaling emails are sent to look like they have come from someone within the organization. Demarcating emails that are not sent from the company’s corporate network is a good way to identify whaling attacks.
  • Establish a face to face or phone verification process for emails that require money transfer.

We, at Centex Technologies, can help to improve your company’s IT security. For more information, you can call us at (855) 375 – 9654.

Hybrid Cloud Security: Key Considerations

By

On November 5, 2016

In Security

5 November, 2016

Businesses looking to switch to cloud technology often find hybrid cloud as one of the most flexible and efficient options. Incorporating the benefits of both public and private cloud, it allows a smooth combination of the in-house IT resources with the public deployment model. However, just like the other two cloud computing technologies, hybrid cloud also has its own share of security risks. It is important to overcome these challenges to ensure a successful implementation of the technology,

Here are some of the key security risks to be considered while choosing hybrid cloud for your organization:

IT Security Skills

Business owners need to hire a dedicated IT security staff with specialized skills in handling hybrid cloud resources. They must be able to use proper configuration management tools to minimize the likelihood of any error. Knowledge of all the cross-platform tools required to control the hybrid cloud is also important. Concise cloud management policies should be implemented to define access controls for sensitive data, configuration and installation guidelines, reporting etc.

Poorly Defined SLAs

With so many hybrid cloud service providers available today, understanding the service level agreements (SLAs) has become critical. Access permissions and data security measures must be clearly specified in the SLA. Get information on the availability and performance of your cloud model during maximum load times. The SLA should also state the services for which you can use the public cloud and up to what limits.

Accountability

Both the organization and service provider are accountable for maintaining a secure hybrid cloud environment. The vendor is basically responsible to ensure system integrity, access controls, data encryption, virtualization and network security. Consumers, on the other hand, need to implement stringent policies to secure their in-house resources.

Poor Data Redundancy

The lack of proper data redundancy can also be a major security threat in hybrid cloud. It is imperative to maintain redundant copies of the important files in both public and private data centers. With this, you can minimize downtime in case there is an outage in any of them.
Implementing a hybrid cloud strategy involves a complete redressal of both technical and security issues to reap the maximum benefits out of this technology.

For more information on hybrid cloud and how it can be used to streamline your business operations, feel free to contact Centex Technologies. We can be reached at (855) 375 – 9654.

Frequently Asked Questions About Phishing

By

On October 27, 2016

In Security

27 October, 2016

Phishing is a common form of online identity theft that involves sending fraudulent emails in order to steal the target user’s personal information, credit card details, social security number and other sensitive data. A phishing email is crafted to look legitimate and often creates a sense of urgency to instigate immediate action from the receiver. However, despite the increasing number of phishing attacks, many people are not able to identify fraudulent emails and get tricked into giving out their personal information.

Given below are some frequently asked questions that will help you avoid becoming a victim of phishing attack:

How do I identify a phishing email?

Cybercriminals send out phishing emails masqueraded to be sourced from a legitimate entity, such as a bank or credit card company. Although these emails can be recognized easily by poor grammar and hoaxed email addresses, some of the phishing attempts can be highly sophisticated. The typical characteristics of a phishing email are that they create a sense of urgency and require the user to update his bank account information. Also, fraudulent emails do not address the sender by his name.

What should I do if I receive phishing email?

If you receive a phishing email, make sure you delete it without opening, particularly if it contains any links or attachments. You must remember that banks and financial institutions do not ask for sensitive information over emails. In case you have any doubt regarding the authenticity of the email, contact the sender directly.

How do hackers get my email address?

In most cases, the hackers do not know your email address. They simply send out the emails to randomly generated addresses so that they are likely to reach some customers of a specific bank or credit card company. The hackers may also detect an unprotected email server and send out phishing messages to the addresses on it.

What should I do if I have been scammed by a phisher?

If you suspect being a victim of phishing attack, immediately change your login credentials for the online accounts that may have been potentially compromised. Review your financial statements to identify any unauthorized activity. Inform your bank or credit card provider and request them to block all online transactions from your account.

Centex Technologies is a leading IT security company in Central Texas. For more information on phishing attacks, feel free to call us at (855) 375 – 9654.

The Impact Of BYOD On Data Security

By

On October 20, 2016

In Security

20 October, 2016

In today’s challenging business environment, employees are required to be more flexible and productive. As such, many employers have started to implement a ‘Bring your own device’ (BYOD) policy instead of providing employees with company’s computer systems. BYOD is an innovative business model that offers numerous benefits, such as minimizing hardware costs for the organizations, enabling employees to work from anywhere and staying connected to work even after the office hours. However, despite these benefits, there are a lot of data security risks that BYOD brings for the organizations. Some of them have been listed below:

Insecure Application Usage

When employees use their personal devices for work, your company’s IT department cannot control which applications can or cannot be used. This can be a major security threat to the corporate data, particularly if the employees do not maintain caution while downloading apps or files from the internet. These may contain a malicious code that records the user’s keystrokes or steals data stored on the device.

Lost/Stolen Devices

In case your employee’s device gets stolen or lost, the information stored in it is at risk of unauthorized access. This is particularly true if proper security measures, such as strong password and data encryption policies, are not in place. In some instances, important organizational controls may also be accessed by anyone who has the device.

Wireless Access Points

Some employees configure their mobile devices to detect and connect to the available open networks. Accessing internet from free Wi-Fi hotspots at coffee shops, hotels or internet may put your company’s data at risk. The information transmitted over such networks is not encrypted and all the communication can be intercepted by a hacker.

Access From Non-Employees

The use of employees’ personal devices by the family members is a common scenario. Considering this, there are chances that the data be accidently deleted or shared with unauthorized users in case the employee fails to log out of the application.

Jailbroken And Rooted Devices

Employees who are tech-savvy may also jailbreak their device in order to get the latest app or software program. This removes the limitations imposed by the manufacturer and lowers the security of the mobile device, making it susceptible to hacking attack. Rooted devices are also at risk as they give administrator-level permissions to the device owner, facilitating him to install potentially malicious apps.

For more information and tips on data security for your Central Texas based organization, feel free to contact Centex Technologies at (855) 375 – 9654.

Tips For Effective Patch Management

By

On October 13, 2016

In Security

13 October, 2016

Patch management is a complex process that involves maintaining and applying upgrades to various software applications installed on an organization’s computer systems. These patches may either be released to fix a security issue or to improve the functionality of a software. Even a single unpatched computer can make the entire corporate network vulnerable to online security threats. Therefore, implementing a patch management policy is important to handle this process efficiently.

Given below are some tips for effective patch management in an organization:

Know Your Network

The ultimate objective of patch management is to secure every computer and mobile device accessing the organizations’ network. However, analyzing the software installed on all computers can be tedious and time consuming. Poorly managed assets can easily turn into the network’s weakest links and lead to hacking attacks. Therefore, you should consider automating the analysis and deployment of patches. With this, you can manage the application of patches to all the computers through a single system.

Plan Your Approach

Even if you have automated the patch management process, you must devise a plan to keep everything in streamlined order. Group the computer systems according to different departments or users. Following a systematic approach will ensure timely and effective patch upgradation on all computer systems. Begin by installing updates on computer systems that are more sensitive to the problem addressed by the patch. IT team or the tech savvy employees should use the patches first so that they can identify and report if any problem is detected.

Conduct Regular Scans

Patch management is not a one-time process. It is an ongoing activity that requires continuous scanning and assessment of resources by the IT managers. This is essential to identify systems that do not support automated patch management and need to be manually updated. The patches should also be tested before deployment as they may lead to problems if not properly applied.

Rely On A Single Source For Patches

Another way to simplify your patch management is to rely on a single solution for all the software and applications. This will help to lower the complications involved in the process as you do not have to maintain and learn the procedures as well as techniques of multiple solutions. It will also reduce overall operating costs and facilitate end-user communications.

We, at Centex Technologies, provide efficient IT security solutions to the organizations in Central Texas. For more information, you can call us at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)