The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 37 of 41

Data Encryption: Threats And Best Practices

By

On November 28, 2015

In Security

November 28, 2015

Data encryption has long been known to be one of the most effective and important techniques to safeguard information in a corporate setting. It allows the users to translate sensitive digital data that is stored on a computer system or transmitted across the company’s network. The encrypted data, known as ciphertext, can only be accessed by authorized users who have the password required for decryption. Here are some of the reasons every organization needs data encryption:

  • Risk of unauthorized users viewing sensitive data: Sharing important files and data are critical for teamwork. However, all employees might not be clear about who is authorized to view what kind of information. Whether accidently or purposely, giving unauthorized users access to confidential data can endanger your organization’s’ IT security.
  • Risk of employees viewing undeleted data: Ideally, the information that is not required should be deleted from the computer. However, this might not be possible for the data stored on the cloud as there may be additional copies present as backup which can be accessed by other people.
  • Risk of sharing unencrypted sensitive data: Businesses that require storing sensitive personal and financial information of clients or customers may invite serious legal implications without proper data encryption.

Tips to implement a successful data encryption strategy

  • Evaluate your security goals: Before devising an encryption strategy, you need to figure out what all you want to protect. This may include all the hard drives, removable storage devices, employees’ personal laptops or any other kind of system. You must also get yourself familiar with all the data governance policies and compliance mandates applicable for your business.
  • Enforce removable media encryption: With USB flash drives and portable hard disks holding a massive amount of data, securing only the computer systems does not seem to be enough. You must ensure that all information transferred from one source to another on the company’s network is properly encrypted.
  • Maintain comprehensive audits: You must maintain a comprehensive log of every time any sensitive information is accessed. The name of the employee, data accessed, purpose and time of use should be recorded.
  • Access control: Ascertain that only the authorized users are able to view the encrypted data. Also, limit the number of times that data can be accessed each day. For a successful encryption strategy, you must implement an appropriate balance of file permissions, passwords and two-factor authentication.

We, at Centex Technologies, can help to implement an effective data encryption policy in your Central Texas based organization. For more information, you can call us at (972) 375 – 9654.

Social Engineering Attacks And How To Prevent Them

By

On November 23, 2015

In Security

November 23, 2015

Social engineering is a non-technical method of attack in which the hacker attempts to convince users to break normal security practices. The type of information generally sought by hackers includes bank account information, password, credit card details etc. Certain social engineering attacks also involve sending malware-laden email attachments to gain control over the user’s computer.

Types Of Social Engineering Attacks

  • Phishing: This is probably the most common form of social engineering attack. The hacker sends an e-mail, IM or text message that appears to be coming from a legitimate and credible institution, company, bank etc.  A phishing scam is carried out to obtain a user’s personal information such as name, address, social security number, bank account details etc.
  • Pretexting: In this, the attacker creates a plausible backstory to gain access to confidential information. For instance, the user may receive a call or email claiming to be from a bank and asking about his credit card details or account number to verify identity.
  • Baiting: These attacks are often presented in the form of attractive offers and schemes to the users once they enter their login credentials. People who fall a prey to the bait may infect their computer system with malicious software, leak out the financial information stored on the computer and generate new malware exploits.
  • Quid Pro Quo: This attack may involve an attacker who spam calls people and claims to be from an IT company. The user may be asked to disable his anti-virus program in exchange for a quick fix for his computer issue. Subsequently, the attacker may install a malware on the system in the guise of a software update.
  • Tailgating: This involves an attacker getting access to a restricted area of an organization through an authorized employee. Tailgating may also be carried out by borrowing someone’s computer or laptop for some work but actually installing malicious software.

Tips To Prevent Social Engineering Attacks

  • Beware of unsolicited IMs, emails or phone calls
  • Keep your anti-virus software updated
  • Do not give out your personal information, such as user name, password, credit card number, social security number etc. to anyone
  • Ignore phone calls or emails asking for financial information or passwords
  • Do not download attachments or open embedded links from unknown senders
  • Check website URLs before opening
  • Reject requests for online tech support
  • Lock your laptop or computer while leaving your workstation
  • Use two factor authentication to log in to all your online accounts

For more information on preventing social engineering attacks, contact Centex Technologies at (972) 375 – 9654.

Internet Of Things: Security Risks And Challenges

By

On November 9, 2015

In Security

November 9, 2015

The term – Internet of Things (IoT) essentially refers to a uniquely identifiable network of physical objects, such as wearable gadgets, smart phones, TVs, electronic appliances, cars etc., that are rooted with software, sensors and internet connectivity. These devices are able to connect and share information without requiring a machine-to-machine or human-to-machine interaction. While they can be a game changer in terms of the way we live our daily lives, being in nascent stage, IoT devices are still quite vulnerable to hacking attacks.

Here are some of the security risks associated with Internet of Things:

  • Data Breach: With the lack timely updation of security software, IoT devices can be at risk for exposing sensitive information to cybercriminals that can be used for malicious purposes. Hackers can stalk the different devices in an IoT network and steal the data shared between them. Data breaches can be a serious threat to the virtual security of individuals and organizations that use such devices.
  • Botnets: These are a group of remote computers, smart appliances and network connected electronic gadgets working together to achieve an illegal goal. The bots are usually transferred to these devices through insecure internet ports or spam downloads. A malicious code is used to infect the IoT devices and exploit the software on which they operate.
  • Cross-Device Access: IoT devices generally connect to a computer system, Wi-Fi network or smartphone to operate. This provides an additional route hackers can take to gain access to the information stored on all systems connected with the IoT device. By installing a malicious program or code on an IoT device, the attacker can get hold of entire network and system files. It also makes users vulnerable to a man-in-the-middle attack where hackers can intercept or modify information shared between two IoT devices.
  • Dos Attacks: A Denial of Service (DoS) attack involves using the bandwidth, network resource, CPU time etc. of a malware infected computer. The hacker attempts to flood the infected computer network with a huge amount of traffic that causes its functioning to cease. With Internet of Things, the hackers are easily able to access a number of interconnected devices through a single path.
  • Ransomware: This is malware based attack that limits or restricts the user’s access to an infected device unless he pays a certain sum of ransom to the hacker. With the increasing use of interconnected IoT devices, the risk for ransomware attacks has also escalated manifold.

We, at Centex Technologies, provide complete cybersecurity solutions to the business firms in Central Texas. For more information, you can call at (972) 375 – 9654.

Steps To Optimize Your Firewall Configuration

By

On October 28, 2015

In Security

October 28, 2015

Firewall is an essential part of your organization’s network security. It works by monitoring all the incoming and outgoing traffic on your network to restrict any unauthorized access. It can also limit exposure by camouflaging internal network information from the public internet. Though its importance is well-known, many people do not optimize their firewall settings efficiently. Majority of the cyber-attacks occur mainly because of flaws in a network’s firewall configuration.

Here are some steps that you need to follow to optimize your firewall configuration:

  • Filter Outbound Traffic: You must constantly monitor your server to detect and remove any unwanted or unauthorized traffic. Denied or dropped outbound requests hitting the firewall should also be tracked. Subsequently, the network administrators should reconfigure the firewall to prevent such unauthorized servers, thereby eliminating load from the firewall.
  • Minimize Privileges: You should set specific configuration polices to filter traffic on your organization’s network. Each user should be given the least level of privileges that are absolutely required for him to work efficiently. This will reduce the chances of a potential data breach. You should also review your firewall policies frequently to determine any new applications and the connectivity they need
  • Run Only Required Services: Many organizations face security issues due to outdated or unrequired services running on their firewall. The best way to overcome this is to strengthen device security and ensuring that the firewall configurations are compliant before they can be used on the organization network. By modifying your device’s settings according to their functioning and usage, you can improve its security and minimize the chances of running a malicious service on your firewall.
  • Standardize Authentication Mechanisms: You should enforce the same authentication mechanisms across all your organization’s branches, even in remote locations. If not, the employees will be able to access online accounts with weak passwords without any limit on login failures on entering incorrect details. In such situations, hackers find an easy way to access the organization network through remote locations. Having a standardized authentication policy will minimize this risk and improve security.

It is important that you continuously monitor your organization’s firewall settings. However, by following these steps, you can improve overall network security and significantly lower the chances of a hacking attack.

We, at Centex Technologies, can help to optimize your organization’s IT security. For more information, you can call us at (972) 375 – 9654.

Tips To Stay Safe When Sharing Files Online

By

On October 16, 2015

In Security

October 16, 2015

Online file sharing is a feature that allows the users to send or receive documents in a quick and convenient manner. However, every new technology comes with its own set of challenges. With the increasing cyber threats and data breach incidences, internet safety has become an important concern than ever. Staying alert and following the required safety practices can help to minimize the occurrence of a data breach.

Here are some of the tips that can help you stay safe when sharing files over the internet:

  • Choose Strong Passwords: Although it is a much known security practice, unsecure or weak passwords are still the cause in most cases of hacking attacks. Ideally, you must create a separate password for each online account that you manage. Make sure your password is at least 12 characters long with a combination of lower and upper case alphabets, numbers as well as symbols. Names, date of births or common legible words are easy to interpret and hence, should not be used as passwords.
  • Use Two Factor Authentication: Safeguarding your files with a two-step authentication provides an added layer of security. Besides the user name and password, an additional verification element is required to gain access to the files. These may include a one-time password sent on the individual’s phone, verification links sent through emails, answering a security question or performing a biometric scan of an authorized user.
  • Encrypt Files: Sharing files without proper encryption puts them at risk for a breach. Encryption will make sure that even if a hacker has gained access to your files, he would not be able to open and read it. Only the authorized individuals will have the key to decode the file so as to make it comprehensible.
  • Avoid Downloading Unknown Files: Apart from the files that you send, you also need to be cautious with the ones you receive online. It is important that you download only those files that are sent from trusted sources. Additionally, you must be more careful while downloading email attachments with .exe, .com, .bat, .zip and .vbs extensions. These may contain malicious codes, viruses or programs aimed at stealing information from your computer.
  • Install And Run Security Software: You must install and constantly update your anti-virus and firewall software to defend against viruses that you may get from shared files. Even when you download files from a trusted source, make sure you run an anti-virus scan to prevent breach of your important documents stored on the computer.

For more online file sharing tips, you can contact Centex Technologies at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)