The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 31 of 41

The Most Common Mistakes People Make Online

By

On November 29, 2016

In Security

29 November, 2016

A lot of people spend hours on the internet every day. Right from sending emails, playing games and shopping to social networking and many other tasks, internet has become the lifeblood of people of all age groups. However, despite the extensive upsurge in internet usage, users tend to make a lot of mistakes which can ultimately sabotage their web browsing experience. This may either show up by slowing down the internet or infecting the computer system with a malware.

Given below are some of the most common mistakes people make online:

Browsing On Public Wi-Fi

Though browsing on free public internet hotspots seems convenient, security is a major issue that comes along. These networks do not use encryption and any information shared or received over it can be illegitimately stolen by the hackers. Therefore, online banking accounts, shopping websites, official emails etc. should never be accessed on public Wi-Fi networks.

Delaying Browser Updates

When it comes to online security, hackers are not just confined to phishing techniques and malicious websites. You can be a potential victim of online attack if you have not updated your internet browser or other applications to the latest version. Though Google Chrome manages automatic updates at the backend, other browsers may prompt you to download and install the patch. Make sure you do not delay these updates as they help to enhance browsing experience and fix any bugs present in the previous version.

Oversharing On Social Media

Sharing too much of personal information on social networking websites is also a common mistake made by most people. Your email, home address, phone number, social security number, vacation plans, current location etc. may be used by the hackers for social engineering purposes. This information may also be used to gain access to your other online accounts.

Ignoring SSL Certificate Warnings

While browsing the internet, many times a dialogue box pops-up stating ‘Your connection is not private’. Unfortunately, less than half of the users follow this warning and continue visiting the website. With this, you are putting your sensitive information at risk of getting leaked out to the cybercriminals.  Websites that use an SSL certificate encrypt all the information so that it cannot be decoded by anyone except the specified receiver.

Centex Technologies is a leading IT consulting firm providing comprehensive solutions to the businesses in Central Texas. For more information and tips on online security, you can call us at (855) 375 – 9654.

What Are Whaling Attacks And How To Prevent Them?

By

On November 14, 2016

In Security

14 November, 2016

A whaling attack can be defined as a targeted type of phishing attempt to extract important information from high profile users, most commonly the corporate executives, celebrities and political leaders. Just like phishing emails, these attacks involve sending fake emails that claim to be from a legitimate source. The difference is that the content of a whaling email is written in a more professional manner and generally framed in the form of a legal notice, company issue or customer complaint.

Give below are some of the key attributes of a whaling attack:

  • Involves extensive research about the target: The success of a whaling attack largely depends upon gaining the trust of the target user. If the recipient has any doubt about the authenticity of the email, he would not take the desired action. To avoid this, hackers carry out an extensive research to gather maximum information about the target victim. They browse through his social media profiles, company information and other online sources so that a legitimate email can be crafted.
  • Uses A Compromised Account Or Fake Domain: The hackers generally attempt to compromise one of company’s higher level executive’s email account. They may also create a fake domain name that looks similar to the official website of the company. This reduces the chances that the email will be perceived as suspicious.
  • No Use Of Links And Attachments: Unlike phishing attacks, whaling emails do not have any attachments or embedded links. This ensures that the email easily passes through the spam ad phishing filters. Also, the users do not hesitate opening the email perceiving it to be malware laden.

Tips To Prevent Whaling Attacks

  • The senior management, high level employees and financial teams should be educated about the whaling techniques and how to identify spoofed emails. They should also be updated with the common characteristics of a whaling email, such as fake sender names, hoaxed URLs, wire transfer requests etc.
  • Utilize an email filtering system. Whaling emails are sent to look like they have come from someone within the organization. Demarcating emails that are not sent from the company’s corporate network is a good way to identify whaling attacks.
  • Establish a face to face or phone verification process for emails that require money transfer.

We, at Centex Technologies, can help to improve your company’s IT security. For more information, you can call us at (855) 375 – 9654.

Hybrid Cloud Security: Key Considerations

By

On November 5, 2016

In Security

5 November, 2016

Businesses looking to switch to cloud technology often find hybrid cloud as one of the most flexible and efficient options. Incorporating the benefits of both public and private cloud, it allows a smooth combination of the in-house IT resources with the public deployment model. However, just like the other two cloud computing technologies, hybrid cloud also has its own share of security risks. It is important to overcome these challenges to ensure a successful implementation of the technology,

Here are some of the key security risks to be considered while choosing hybrid cloud for your organization:

IT Security Skills

Business owners need to hire a dedicated IT security staff with specialized skills in handling hybrid cloud resources. They must be able to use proper configuration management tools to minimize the likelihood of any error. Knowledge of all the cross-platform tools required to control the hybrid cloud is also important. Concise cloud management policies should be implemented to define access controls for sensitive data, configuration and installation guidelines, reporting etc.

Poorly Defined SLAs

With so many hybrid cloud service providers available today, understanding the service level agreements (SLAs) has become critical. Access permissions and data security measures must be clearly specified in the SLA. Get information on the availability and performance of your cloud model during maximum load times. The SLA should also state the services for which you can use the public cloud and up to what limits.

Accountability

Both the organization and service provider are accountable for maintaining a secure hybrid cloud environment. The vendor is basically responsible to ensure system integrity, access controls, data encryption, virtualization and network security. Consumers, on the other hand, need to implement stringent policies to secure their in-house resources.

Poor Data Redundancy

The lack of proper data redundancy can also be a major security threat in hybrid cloud. It is imperative to maintain redundant copies of the important files in both public and private data centers. With this, you can minimize downtime in case there is an outage in any of them.
Implementing a hybrid cloud strategy involves a complete redressal of both technical and security issues to reap the maximum benefits out of this technology.

For more information on hybrid cloud and how it can be used to streamline your business operations, feel free to contact Centex Technologies. We can be reached at (855) 375 – 9654.

Frequently Asked Questions About Phishing

By

On October 27, 2016

In Security

27 October, 2016

Phishing is a common form of online identity theft that involves sending fraudulent emails in order to steal the target user’s personal information, credit card details, social security number and other sensitive data. A phishing email is crafted to look legitimate and often creates a sense of urgency to instigate immediate action from the receiver. However, despite the increasing number of phishing attacks, many people are not able to identify fraudulent emails and get tricked into giving out their personal information.

Given below are some frequently asked questions that will help you avoid becoming a victim of phishing attack:

How do I identify a phishing email?

Cybercriminals send out phishing emails masqueraded to be sourced from a legitimate entity, such as a bank or credit card company. Although these emails can be recognized easily by poor grammar and hoaxed email addresses, some of the phishing attempts can be highly sophisticated. The typical characteristics of a phishing email are that they create a sense of urgency and require the user to update his bank account information. Also, fraudulent emails do not address the sender by his name.

What should I do if I receive phishing email?

If you receive a phishing email, make sure you delete it without opening, particularly if it contains any links or attachments. You must remember that banks and financial institutions do not ask for sensitive information over emails. In case you have any doubt regarding the authenticity of the email, contact the sender directly.

How do hackers get my email address?

In most cases, the hackers do not know your email address. They simply send out the emails to randomly generated addresses so that they are likely to reach some customers of a specific bank or credit card company. The hackers may also detect an unprotected email server and send out phishing messages to the addresses on it.

What should I do if I have been scammed by a phisher?

If you suspect being a victim of phishing attack, immediately change your login credentials for the online accounts that may have been potentially compromised. Review your financial statements to identify any unauthorized activity. Inform your bank or credit card provider and request them to block all online transactions from your account.

Centex Technologies is a leading IT security company in Central Texas. For more information on phishing attacks, feel free to call us at (855) 375 – 9654.

The Impact Of BYOD On Data Security

By

On October 20, 2016

In Security

20 October, 2016

In today’s challenging business environment, employees are required to be more flexible and productive. As such, many employers have started to implement a ‘Bring your own device’ (BYOD) policy instead of providing employees with company’s computer systems. BYOD is an innovative business model that offers numerous benefits, such as minimizing hardware costs for the organizations, enabling employees to work from anywhere and staying connected to work even after the office hours. However, despite these benefits, there are a lot of data security risks that BYOD brings for the organizations. Some of them have been listed below:

Insecure Application Usage

When employees use their personal devices for work, your company’s IT department cannot control which applications can or cannot be used. This can be a major security threat to the corporate data, particularly if the employees do not maintain caution while downloading apps or files from the internet. These may contain a malicious code that records the user’s keystrokes or steals data stored on the device.

Lost/Stolen Devices

In case your employee’s device gets stolen or lost, the information stored in it is at risk of unauthorized access. This is particularly true if proper security measures, such as strong password and data encryption policies, are not in place. In some instances, important organizational controls may also be accessed by anyone who has the device.

Wireless Access Points

Some employees configure their mobile devices to detect and connect to the available open networks. Accessing internet from free Wi-Fi hotspots at coffee shops, hotels or internet may put your company’s data at risk. The information transmitted over such networks is not encrypted and all the communication can be intercepted by a hacker.

Access From Non-Employees

The use of employees’ personal devices by the family members is a common scenario. Considering this, there are chances that the data be accidently deleted or shared with unauthorized users in case the employee fails to log out of the application.

Jailbroken And Rooted Devices

Employees who are tech-savvy may also jailbreak their device in order to get the latest app or software program. This removes the limitations imposed by the manufacturer and lowers the security of the mobile device, making it susceptible to hacking attack. Rooted devices are also at risk as they give administrator-level permissions to the device owner, facilitating him to install potentially malicious apps.

For more information and tips on data security for your Central Texas based organization, feel free to contact Centex Technologies at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)