The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 38 of 48

Frequently Asked Questions About Phishing

By

On October 27, 2016

In Security

27 October, 2016

Phishing is a common form of online identity theft that involves sending fraudulent emails in order to steal the target user’s personal information, credit card details, social security number and other sensitive data. A phishing email is crafted to look legitimate and often creates a sense of urgency to instigate immediate action from the receiver. However, despite the increasing number of phishing attacks, many people are not able to identify fraudulent emails and get tricked into giving out their personal information.

Given below are some frequently asked questions that will help you avoid becoming a victim of phishing attack:

How do I identify a phishing email?

Cybercriminals send out phishing emails masqueraded to be sourced from a legitimate entity, such as a bank or credit card company. Although these emails can be recognized easily by poor grammar and hoaxed email addresses, some of the phishing attempts can be highly sophisticated. The typical characteristics of a phishing email are that they create a sense of urgency and require the user to update his bank account information. Also, fraudulent emails do not address the sender by his name.

What should I do if I receive phishing email?

If you receive a phishing email, make sure you delete it without opening, particularly if it contains any links or attachments. You must remember that banks and financial institutions do not ask for sensitive information over emails. In case you have any doubt regarding the authenticity of the email, contact the sender directly.

How do hackers get my email address?

In most cases, the hackers do not know your email address. They simply send out the emails to randomly generated addresses so that they are likely to reach some customers of a specific bank or credit card company. The hackers may also detect an unprotected email server and send out phishing messages to the addresses on it.

What should I do if I have been scammed by a phisher?

If you suspect being a victim of phishing attack, immediately change your login credentials for the online accounts that may have been potentially compromised. Review your financial statements to identify any unauthorized activity. Inform your bank or credit card provider and request them to block all online transactions from your account.

Centex Technologies is a leading IT security company in Central Texas. For more information on phishing attacks, feel free to call us at (855) 375 – 9654.

The Impact Of BYOD On Data Security

By

On October 20, 2016

In Security

20 October, 2016

In today’s challenging business environment, employees are required to be more flexible and productive. As such, many employers have started to implement a ‘Bring your own device’ (BYOD) policy instead of providing employees with company’s computer systems. BYOD is an innovative business model that offers numerous benefits, such as minimizing hardware costs for the organizations, enabling employees to work from anywhere and staying connected to work even after the office hours. However, despite these benefits, there are a lot of data security risks that BYOD brings for the organizations. Some of them have been listed below:

Insecure Application Usage

When employees use their personal devices for work, your company’s IT department cannot control which applications can or cannot be used. This can be a major security threat to the corporate data, particularly if the employees do not maintain caution while downloading apps or files from the internet. These may contain a malicious code that records the user’s keystrokes or steals data stored on the device.

Lost/Stolen Devices

In case your employee’s device gets stolen or lost, the information stored in it is at risk of unauthorized access. This is particularly true if proper security measures, such as strong password and data encryption policies, are not in place. In some instances, important organizational controls may also be accessed by anyone who has the device.

Wireless Access Points

Some employees configure their mobile devices to detect and connect to the available open networks. Accessing internet from free Wi-Fi hotspots at coffee shops, hotels or internet may put your company’s data at risk. The information transmitted over such networks is not encrypted and all the communication can be intercepted by a hacker.

Access From Non-Employees

The use of employees’ personal devices by the family members is a common scenario. Considering this, there are chances that the data be accidently deleted or shared with unauthorized users in case the employee fails to log out of the application.

Jailbroken And Rooted Devices

Employees who are tech-savvy may also jailbreak their device in order to get the latest app or software program. This removes the limitations imposed by the manufacturer and lowers the security of the mobile device, making it susceptible to hacking attack. Rooted devices are also at risk as they give administrator-level permissions to the device owner, facilitating him to install potentially malicious apps.

For more information and tips on data security for your Central Texas based organization, feel free to contact Centex Technologies at (855) 375 – 9654.

What Are Watering Hole Attacks?

By

On September 9, 2016

In Security

9 September, 2016

Watering hole attack is a relatively new technique used by the hackers and is mainly targeted towards compromising a business’ network security. This type of attack involves exploiting a security vulnerability in a selected website. When the target user visits the website, the attack is initiated and his computer system is infected with the malware. A watering hole attack is quite similar to a drive-by download, except that it is highly targeted and extremely difficult to detect.

How Does A Watering Hole Attack Work?

A watering hole attack typically involves the following steps:

  1. Determine target group
    First, the attacker identifies the target group, who are mainly employees of large business firms and government organizations, to determine the type of websites they are most likely to visit.
  2. Identify Vulnerabilities
    The attacker carefully tests the selected websites for any vulnerabilities that can be exploited. He examines the web servers, ad servers, web apps etc. to pinpoint the security flaws.
  3. Inject Malicious Code
    After the attacker has selected a website to be compromised, he injects a malicious JavaScript or HTML code into it. The code, then, redirects the users to another website that hosts the malware.
  4. Infect The Target Group
    Once the target users visit the website, the malware gets downloaded into their computer systems. It may be in the form of a Remote Access Trojan (RAT) that includes a back door to provide the hacker with complete administrative control of the infected computer.

Tip To Prevent Watering Hole Attacks?

Regular Updating Of Software
Hackers tend to initiate a watering hole attack by exploiting zero-day vulnerabilities in the computer software. Thus, it is recommended to keep your system updated with the latest patches released by genuine software vendors.

Vulnerability Shielding
Watering hole attacks involve following a definite network path to exploit the security flaws in a website. Vulnerability shielding or virtual patching, allows the administrators to monitor traffic and identify any aberrations from the usual protocols. This, in turn, helps to prevent vulnerability exploits.

Using Virtual Private Network
The highly targeted nature of watering hole attacks makes the malware to be active only when a specific set of users visit the website. When you access the internet through a virtual private network (VPN), it hides your IP address and other tracking data so that the malware does not perceive you as a targeted victim.

For more information on watering hole attacks, feel free to contact Centex Technologies at (855) 375 – 9654.

How Can Organizations Guard Against Phishing Scams?

By

On August 23, 2016

In Security

23 August, 2016

Business organizations are a worthwhile target for the hackers to carry out phishing scams. Whether it is to steal passwords, employee details or any other sensitive data, just a single click from an ignorant employee is sufficient to give out the information sought by the hackers. Though most phishing emails are detected by spam filters, it is important for the employees to understand the risks and consequences to avoid falling victim to such attacks.

Listed below are some steps organizations should take to guard against phishing scams:

Initiate A Security Awareness Program

The reason why phishing attacks have a high success rate is because they target the end users, i.e. people who have little or no technical knowledge about data security. Therefore, educating your employees about this aspect can help to decrease the probability of a potential data breach. As phishing attacks mainly involve a fake email, malicious attachment or ad, unsolicited friend request on social media etc., security awareness program will help your employees identify such suspicious activities more easily.

Keep Software Regularly Updated

Though security software do not offer complete protection against phishing attacks, they can prevent application downloads or website redirects that seem to be potentially dangerous. Hence, it is important to install and update anti-virus, anti-malware and anti-spyware software on all the computers in the organization. The same rule applies to the operating system and other programs installed on the systems. Keeping the software patched will protect you against the latest security threats and vulnerabilities.

Use Layered Security

Make sure your organization’s confidential information is protected by multiple layers of security. With this, even if a phishing attack is successful, the hackers would not be able to gain access to all the data stored on the victim’s computer system. Use secure user IDs and passwords, followed by data encryption, access control protocols, user activity monitoring and other such types of layered security.

Follow Best Password Practices

Encourage your employees to follow the best practices when it comes to maintaining confidentiality of their official email accounts. Make sure they create strong passwords and change them at frequent intervals. Also, the login credentials should be stored in an encrypted format in the computer system. By combining difficult and lengthy passwords with two-factor authentication, you can considerably reduce the consequences of a phishing attack.

For more tips on preventing and managing phishing attacks, feel free to contact Centex Technologies. We can be reached at (855) 375 – 9654.

What Is Cryptography?

By

On August 15, 2016

In Security

15 August, 2016

Cryptography is a form of information security technique that involves converting cleartext into an indecipherable format, known as ciphertext, so that it can be securely transmitted over the internet. It ensures that the encrypted information can be read and processed only by the user it is actually intended for. Cryptography software makes use of mathematical algorithms to encrypt information and requires the user to enter a key in order to change it back to plain text.

Types Of Cryptographic Algorithms

  • Secret Key Cryptography: Also known as symmetric key cryptography, it uses the same key for both encryption and decryption of information. The key is known only to the sender and receiver.
  • Public Key Cryptography: In this, the sender encrypts the information using a public key and the receiver can decode it through a private key. It is also referred to as asymmetric key cryptography.
  • Hash Functions: This form of cryptography does not involve the use of any key. Hash functions, also called one-way encryption or message digests, are mainly aimed at ensuring data integrity. In this, the plain text is converted in the form of a fixed length hash value. If the data is modified at any stage, the hash value gets changed and indicates unauthorized access.

Benefits Of Cryptography

  • Confidentiality: It prevents the information from being accessed by anyone else except the end user.
  • Data Integrity: It safeguards the data against undetected modifications, either during transmission or after being stored on the computer.
  • Authentication: Both sender and receiver can authenticate each other’s identity.
    Non-Repudiation: The sender cannot deny the authorship of the information at a later stage.

Drawbacks Of Cryptography

  • A strongly encrypted information may make it difficult even for the authorized users to access it if they do not have the key.
  • The sender cannot allow selective access to the information with the use of cryptography.
  • Cryptographic algorithms are based on complex mathematical computations. Thus, it may slow down your computer’s speed to encrypt and decrypt the data.
  • Cryptography is a time consuming process. It takes too long to create the code and transmit it to the receiver.
  • It does not protect the information from other potential threats arising out of poor infrastructure and security procedures.

Centex Technologies provides efficient IT security solutions to the business firms in Central Texas. For more information, feel free to call us at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)