The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 65 of 75

How To Improve IT Security In Your Organization

By

On September 24, 2015

In Security

September 24, 2015

IT security is one of the biggest challenges faced by every organization. Considering the different malware and networking threats discovered frequently, the impact of a feeble security policy can be disastrous. Hence, data security should be your company’s top priority, specifically if your business activities involve storing sensitive customer details.

Here are some practical tips that can help to improve IT security in your organization:

  • Establish A Definite Plan: Chalk out a well-defined plan stating the actions that should be taken to evade a data breach. This should include terms and policies regarding which data can or cannot be accessed by the employees. The rules mentioned in the plan should be strictly followed by each and every individual who is a part of the organization. Also, the security policies must be reviewed and updated from time to time.
  • Educate Your Employees: Let your employees know about the potential security risks and the best practices to mitigate them. They should be educated about creating strong passwords, handling spam emails, maintaining data backup etc. Also, there should be a dedicated IT staff that they can turn to in case of any doubts or concerns.
  • Set A Data Storage Policy: You should also implement a data storage policy in the organization. It should have a clear mention of the data that should be stored or deleted from their devices. Keeping files with certain extensions can also increase the risk for a security breach.
  • Ensure Encryption: If you need to store any sensitive customer data such as names, passwords, credit card details, email addresses, bank account numbers etc., make sure they are properly encrypted. Only a limited number of employees should have access to the computers containing this information. You can also consider using two-factor authentication for added protection.
  • Avoid BYOD Culture: With a rise in the work from home culture, the data security risks have also increased manifold. The personal devices used by the employees may not be compliant with your company’s security plan. This provides hackers an easy pathway to gain access to your organization’s confidential data. To prevent this, do not allow employees to use their own devices as long as they are made to comply with the company’s policies. Connecting portable networking devices with the office computers should also be restricted to prevent a malware breach.

We, at Centex Technologies, provide complete IT security solutions to businesses across Central Texas. For more information, you can call us at (855) 375 – 9654.

The KeyRaider iOS Malware: How To Keep Yourself Safe

By

On September 17, 2015

In Security

September 17, 2015

Following the discovery of MAC firmware worm Thunderstrike 2, the cybersecurity experts at Palo Alto Networks along with WeipTech, have released reports of a new iOS malware, KeyRaider. Being responsible for the largest ever account theft caused by a malware, KeyRaider has successfully stolen credentials for more than 225,000 accounts of Apple customers. The Apple devices targeted by KeyRaider were primarily jailbroken, i.e. they permitted the download of unauthorized applications, extensions and themes from sources other than the Apple App Store.

How Does KeyRaider Work?

When a user jailbreaks an Apple device, the malware prompts him to install a third party app from a Cydia repository. Once the app is downloaded, KeyRaider attempts to steal important account credentials and Universally Unique Identifier (UUID) number. It allegedly intercepts random data from iTunes accounts of users who have installed malware-ridden apps on their jailbroken devices.

In addition, the malware even goes a step further to access Apple’s service certificates, disable remote unlock feature and share App store information. This allows other users to use the stolen data in order to purchase premium apps or themes from the Apple Store.

How To Detect And Remove KeyRaider?

The most viable way to keep your Apple device protected against KeyRaider is to keep it updated with the latest software applications. You should also not jailbreak your phone as its removes Apple’s protections and make your device vulnerable against security breaches. However, if you have already jailbroken your phone, here are some of the steps that you should take to protect yourself against KeyRaider:

  • Search ‘Filza File Manager’ on Cydia and install it on your device.
  • Open the app and go to /Library/MobileSubstrate/DynamicLibraries/.
  • Select the first file that has a ‘.dylib’ extension.
  • After opening the file, type in the following keywords into the search bar – wushidou, gotoip4, bamu, getHanzi.
  • If you are able to locate any of these keywords, your device is infected with malware. Make sure you remove the file along with all the ‘.plist’ files in the same name.
  • You should follow the same steps for each ‘.dylib’ file that you find in the directory. Once done, reboot your iOS device.

After you have successfully removed the malware, it is suggested that you change your Apple account password and enable two-factor authentication to keep your device safe.

What Is Data Breach And How To Prevent It

By

On August 31, 2015

In Security

August 31, 2015

A data breach can be defined as an unauthorized access, viewing and retrieval of a database, application or program. The attack is carried out to steal, manipulate or use information for malicious purposes. Data breaches are usually targeted towards large organizations and businesses to steal sensitive, confidential or patented information.

A data breach typically takes place in the following stages:

  • Research: After deciding on a target, the cyber criminals look for network security flaws that can be exploited. This involves researching about the kind of infrastructure a company has.
  • Attack: When the weaknesses have been identified, the hacker initiates a data breach either as a social attack or a network based attack. In the former one, social engineering methods are used to jeopardize the target’s network. This may include spam emails, malware infected IM attachments, installing programs with malicious code etc. A network based attack, on the other hand, is when the cyber criminals use vulnerability exploitation, SQL injection or session hijacking to access the network on which the target computer is operating.
  • Exfiltration: Once the attack is successful, the hacker can easily take out the important data and transfer it into another system. This data may either be used for spiteful purposes or to carry out another attack.

Tips To Prevent Data Breach

  • Be Careful With Passwords: Make sure you do not store passwords for any website or servers. You should also avoid using same passwords for any two accounts. Also, consider using two-factor authentication for all accounts that contain sensitive business information. Thus, you will require a password along with a personal authentication method, such as OTP or biometric scan to access the account.
  • Use Data Encryption: You must mandate encryption of all personal or official information that is transmitted over the organization’s internet network. The IT staff should be directed to encrypt all software and hardware at all times, including the devices issued to the employees.
  • Outsource Payment Processing: In order to safeguard your customers’ financial data, you should consider outsourcing your payment processing system. Whether it is for point-of-sale or online banking, hiring a credible PCI complaint dealer will ensure better and dedicated protection of the data.
  • Educate Employees: You must implement and let the employees know about the data security policy of the organization. Restrict the usage of computer only for official purposes and confine access to unsuitable websites. You must also educate the employees about their responsibilities with regard to protecting and maintaining confidentiality of any information.

We, at Centex Technologies, provide complete data security solutions to the businesses in Central Texas. For more information, you can call us at (855) 375 – 9654.

Windows 10 – Safety Features That Make Us Want To Upgrade

By

On August 25, 2015

In Security

August 25, 2015

Microsoft operating system updates are designed to resolve issues concerned with the previous version as well as making computing easier for the end-users. Keeping in line, Windows 10 comes with many new features and applications to improve functionality. As far as security is concerned, this latest OS comes pre-loaded with several updates in order to protect users from hacking attacks.

Here are some of the important features in Windows 10 that can enhance user security:

  • Two-Factor Authentication: Windows 10 has incorporated two essential safety features to protect the privacy of users – Windows Hello and an update of Windows Passport. The former one involves a two factor authentication method for the users to view any stored data. They will be required to enter one validation element as well as a PIN number or a biometric feature such as retina or fingerprint scan. Taking it a step further, Windows Passport allows the users to enter the biometric authentication element to access the entire system. This eliminates the need to remember easy-to-hack passwords.
  • “On-The-Fly” Encryption: For people who use personal devices for work, this feature will provide additional security to safeguard their office data. The encryption feature called ‘Data Loss Prevention’ will recognize the data associated with your work, separate it from other files and encrypt it using the updated version of ‘BitLocker’. Anything found to be work-related is placed into a safer portal.
  • Device Guard: This feature in Windows 10 will help to determine if a file is safe or contains any sort of malware. The Device Guard will quickly scan all the programs and data to detect any potential threat. If found, the user will be alerted and left to decide if he wants to open the file or not.
  • Edge Browser: With Windows 10, Microsoft is also releasing its improved and safer browser, Edge. Initially named as Project Spartan, Edge is designed to make up for the security flaws in Internet Explorer. The browser will allow users to access websites through their Windows Passport authentication code instead of the passwords. Additionally, Edge will not support ActiveX updates and work in a sandbox mode to protect against malware or hacking attacks.
  • Automatic Antivirus Update: Installing Windows 10 will also automatically update your antivirus software. Your previous anti-virus will be removed and then re-installed to the latest version with updated malware, virus as well as spyware definitions. In case your anti-virus subscription has ended, the system will install Windows Defender.

The safety features in Windows 10 will be of great help for the large business firms in managing a complex networking infrastructure and maintaining IT security.

All You Need To Know About The Thunderstrike 2 Virus

By

On August 18, 2015

In Security

August 18, 2015

Apple devices have long been known to be secure against virus and malware attacks. However, a team of security researchers have claimed to discover the first firmware worm, Thunderstrike 2 that can spread between different Mac computers without any internet connection. The recently discovered firmware attack has been known to be a sequel to Thunderstrike, a proof-of-concept MAC vulnerability found earlier this year.

Thunderstrike 2 virus has been created by a security engineer, Trammell Hudson and Xeno Kovah, owner of a firmware security consultancy LegbaCore. The virus infects Mac computers at the firmware level, which makes it resistant to security and software updates.

How Thunderstrike 2 Works?

Unlike the initial version of the virus, Thunderstrike 2 can infect a Mac computer undetectably through a malicious email or website and hides inside the firmware. Once the system is infected, the virus can easily replicate itself to other Macs by way of several peripheral devices such as Apple Thunderbolt connected to the USB or Ethernet port, RAID controllers, external hard drives etc. The virus is capable of targeting air-gapped systems that are difficult to infect through active network connections.

According to Xeno Kovah, “The Thunderstrike 2 attack is really hard to detect and it can be difficult for the users to safeguard their Mac computers against a virus operating at the firmware level. For most users, the situation might even make the users dispense with their systems as they do not have the wherewithal to physically open up the system and re-encode the firmware chip.”

Adding further, he states, “People are not aware that these small peripheral devices actually have the potential to infect their firmware. A worm started from another corner of the world and spreading very low and slow can easily get into their systems. If they are unaware about the security threats present at this level, they are more likely to get the virus that can completely sabotage their system.”

How To Remove The Virus?

According to the security researchers, the virus can only be removed at the hardware level of the Mac computers, which makes the entire process quite complex. Apple has already been notified about the firmware virus and the company has not yet fixed the vulnerabilities than can allow similar types of attacks on Macs.

For the meantime, the users are advised not to click on links, download files or install plugins from unreliable sources.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)