Author: rory-admin

Our how to guide on setting up MFA for your organization’s Microsoft 365
In addition to major updates released for Microsoft Windows this month, Microsoft also released their Digital Defense Report for 2023. You can find it here.

One page in the report caught our eye and that’s the five items you can enable that will block 99% of attacks. At the top of the list is enabling multi-factor (MFA). The other four items are: apply Zero Trust principles, use extended detection response (XDR) and anti-virus/malware, keep your systems up to date and protect your data.

We’re zeroing in on enabling MFA today as it’s simple to implement (can be done today) and will increase the security of your account tenfold.

The reason we say this is because the report also outlined that password-based attacks are also up tenfold, from 3 billion attempts per month in 2022 to 30 million per month in 2023. Microsoft says they have blocked an average of 4,000 password attacks per second over the last year. Attacks know many Microsoft users have not enabled MFA and are targeting those users specifically.

It’s not a manual process either, many of these brute force attempts are being enacted by bots. Cyber criminals set these bots up and let them run, reaping the rewards from the stolen accounts they’re able to access. In addition to that, many credentials are still available on the web for a very low cost.

We know many people have “breach fatigue”, news of yet another massive breach is not the major news topic it once was. It can feel much different though when it happens to you directly. If you currently re-use passwords for your accounts, it’s highly likely that password has been offered for sale on the web.

Enabling MFA is strong protection against these methods and more. See our chart on how to set up MFA for your own Microsoft account.

As you can see, it’s pretty easy to enable MFA for your own account but did you know you can also set it up from an organizational level to enable it for your employees?

The steps doing that are as follows:
1. Navigate to the Microsoft 365 admin center at https://admin.microsoft.com.
2. Select Show All, then choose the Azure Active Directory Admin Center.
3. Select Azure Active Directory, Properties, Manage Security defaults.
4. Under Enable Security defaults, select Yes and then Save.
Just to note, you must turn off legacy per-user MFA first before enabling global MFA in your organization. You can find that by navigating to Users > Active Users and you should see a tab on this page for multi-factor authentication. On this page should be a list of your users and you want to set each user to MFA disabled. Then you can loop back to our previous instructions and turn on the global MFA instead.

There are also other global security settings in this section but before testing out different settings we suggest reaching out to your IT provider. MFA is a pretty non-intrusive security setting, but other settings may have unexpected consequences when it comes to you or your employee’s workflow. It’s best to evaluate your security options with a pro.

Don’t have access to an IT pro? Valley Techlogic can assist. We are experts both in the field of cyber of security AND all things Microsoft. See our advertising flyer on our approach to enabling Microsoft 365 MFA for our customers.

You can schedule a consultation with us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
October 13, 2023
If you received a loud phone alert this week at 11:20 PST, you definitely were not alone
At 11:20 PST on Wednesday phones across the nation blared a screeching sound with a prompt on the screen alerting users that this was a test of the National Wireless Emergency Alert system.

In addition to cellphones across the nation this alert was also played on the TV and radio, although EAS (Emergency Alert System) alerts are common this was the first time a cellphone alert was used in conjunction with EAS simultaneously.

The purpose of the EAS system was to be able to warn the public of any threats on a national scale. As television and radio viewership has declined in recent years. Adding cellphone alerts into the mix makes sense from an application level, though many were not aware that this was going to occur before this first alert hit their phones at a deafening volume.

This test was conducted by FEMA and the Federal Communications Commission (FCC) and was conducted using the same systems that send alerts about severe weather or Amber Alerts locally. The tone and volume were chosen in addition to vibration to make the alert accessible to those with disabilities. In many cases the notification was received in English as well as Spanish.

Legislation was passed in 2015 requiring FEMA to conduct nationwide tests every 3 years, so you can extrapolate that another test of this nature will be received in 2026. The test was designed so that even if your phone was able to opt out of alerts for weather etc. they would not be able to opt out of alerts from NWEA.

Although having your phone on airplane mode during the testing window would prevent the alert from reaching your phone. The test was scheduled to last, until dismissed, for 30 minutes. The sound would also not be played for those currently on a call when the alert went out.

There were some claims in advance of this test made by groups concerned that the government will have overarching control of your mobile phone during the test (or afterward) or concerns about their phones security.

The system behind how this alert was delivered was constructed after an executive order by then President George W. Bush in 2006. Labeled Integrated Public Alert and Warning System (IPAWS) in a nutshell it’s a code that distributes an alert to supported wireless devices via the internet, though that also unfortunately makes it vulnerable to the same roadblocks that can make internet unavailable (such as being out of network).

The Common Alerting Protocol (CAP) at the heart of the IPAWS system is not unique to the US but is instead a worldwide distributed protocol for both delivering alerts and studying the nature of the alerts that are being broadcast to look for trends and improve safety standards. CAP was adopted worldwide after a Geneva convention in 2006 and has been improved upon ever since.

We realize we just delivered a lot of complicated information but in general, this alert was nothing to worry about and is a sign that the system is working. In the event of a national emergency, it’s important that the public can be warned so that they can take whatever safety measures necessary and to control widespread panic.

This alert is an excellent example of effective communication and on a smaller scale, businesses can use this example to develop strategies in their own business for more effective communication. If you had to reach all your employees quickly, could you? If not, here are four things you can look at to develop a good emergency strategy for your office:

If improving digital communication is something you would like to improve in your business, Valley Techlogic can help. We have experience in creating unified systems that includes increasing communication and collaboration, especially through our partnership with Microsoft. If you’d like to learn more, reach out today to schedule a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
October 6, 2023
In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed
MGM Resorts are a staple on the Las Vegas strip, operating more than two dozen hotels and casinos around the world with nine of them being found in Las Vegas itself. You may have heard of the Bellagio, Mandalay Bay, and the Luxor? These are all MGM properties that host millions of visitors each year.

Now some of those same visitors are wondering if the chain gambled with their private data. It was reported on September 11^th that MGM was facing some kind of “cybersecurity issue” that trickled down to their facilities, with customers facing problems using the digital keys to their hotel rooms to slot machines not functioning as intended.

Guests were left spending hours waiting to check in as the hotels shifted away from digital entry back to manual keys to get guests into the rooms they’d already paid for. It reportedly took 10 days for things to resume normal operations with some problems still occurring here or there.

It’s now being reported that the cause of this hack was a persuasive phone call made by one of the members of a hacker group called “Scattered Spider” which has since claimed ownership of this attack. In a strange turn of events this group does not prioritize technology-based attacks such as malware or phishing but instead mostly engages in “Vishing”.

“Vishing” or voice phishing is when someone calls you pretending to be someone else, they usually are purporting to be from a company you might do business with financially – such as your credit card company or banking institution.

With number spoofing this type of attack can be very effective, and as the MGM attack shows even a massive organization is not necessarily immune from an attack if the bad actors is using the right attack vector for the job. That’s why it’s important to have several safeguards in place when it comes to protecting your systems and data.

It’s alleged that a member of the Scattered Spider group found an MGM employee’s information on LinkedIn and was able to convince a member of their help desk to give them all the access they needed to perform the attack. Someone close to the group has said the original plan was to hack their slot machines but when that plan failed, they moved to plan B which was holding MGM’s data hostage for a payment in Crypto.

Even though they’re now back to normal operations, MGM is not out of the woods yet. Five class action lawsuits have been filed with customers claiming the chain risked their personal identifiable information (PII) by falling for this attack. Two were filed against MGM directly, and three against their partner company Caesars Entertainment. We have talked about the legal ramifications. of cyber attacks before and it’s something companies should definitely be aware of, the insult of being hacked may not end just with the loss of data or systems being damaged – there may be legal consequences as well.

Over 90% of successful attacks have a human element to them, with this most recent attack on MGM included in that figure. Cyber security training can go a long way in preventing cyber threats to your business, but vishing may still catch you or your employees off guard. You may be wondering how someone on the phone could possibly be so convincing that you give them access to your systems or financial accounts. We made a chart on the top 8 steps you need to take to guard against a vishing(voice phishing or)’ smishing (text message phishing) attack on your business.

Of course, as we mentioned the best defense against cyber attacks in general is a layered approach, that way if one wall is breached an attacker would still have to get through several more to do any damage to your business. That’s where a partnership with Valley Techlogic comes in – we take a layered approach to protecting your backups, protecting your systems, and protecting you and your employees from bad actors. Learn more today through a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 29, 2023
Chrome browser extensions we recommend, and ones to avoid
Whether you use Chrome, Edge, Firefox, Opera or something else for your day to day browsing, there are browser extensions (or add-ons) that can make that browsing better – but which ones?

All browser options these days have a dedicated section in your settings options to find extensions that are compatible with that particular browser. See our chart below for the steps to finding it in each of the browser options mentioned above.

Reaching the extension store is really just the first step, actually choosing extensions that will make browsing more pleasant or more efficient for you is a whole other ball game. There are extensions for changing the appearance of your browser, adding functionality (like highlighting specific tabs) blocking ads and more.

Since Chrome dwarfs the competition in market share (with a whopping 63.56% of traffic worldwide coming from Chrome) we’re going to focus on Chrome, but in most cases there will be a direct analog for these found in other browsers.

Top 5 Chrome Browser Extensions We Recommend (And Actually Use Ourselves):
1. LastPass: LastPass is a subscription-based password storage vault, and it has an extension that makes logging into your accounts super easy. For one low annual fee they will safeguard all of your passwords and via the extension, you can autofill those into sites you use to login. It will also alert you if you’re usually a duplicated password (giving you the option to make better choices there) and if you want to change that duplicated password – it also comes with a password generator built in.
2. Ghostery: There are a lot of adblocker options available, but Ghostery is unobtrusive and also blocks something many of the other ones miss, trackers. If you’ve ever had an ad seemingly follow you around it’s because websites will deposit a “cookie” onto your computer through your browsing that then allows you to be tracked across the web. Ghostery puts these sneaky ads in their place and blocks that practice altogether.
3. Loom: If you’ve ever wanted to quickly show staff how to navigate a website or service you use in your business, Loom can help. Loom lets you quickly record video and screen captures directly from your Chrome browser. You can also file share via Loom so you can send the videos you make directly via the same extension.
4. Buffer: Managing your social media content and enacting a strategy that allows you to be consistent is harder than it sounds. When you get into the grind of your day it’s very easy to forget that daily Facebook post or to check in on that new LinkedIn campaign you started. Buffer allows you to publish, review analytics, add content ideas to a calendar and review social engagement all under ONE platform found directly in your browser.
5. Dark Reader: This is a Chrome extension your retinas will appreciate. As a dark mode fan it can be glaring when you hit a website that doesn’t have a dark mode option, luckily there’s a Chrome extension that adds the Chrome Dark Theme to every site you visit.
So now that we’ve covered some extensions we do recommend, what about ones we don’t? In general, it’s good to think of the extension stores as being similar to the application stores found on your mobile phone. These are added by independent developers and as with the Android/Apple shops there can be unscrupulous additions included with the intended features, like collecting your data or abusing your systems resources.

As such we suggest using your best judgement when downloading and if you’re ever unsure, reach out to your tech support team to confirm. If you need guidance for this or other technology topics in your business, Valley Techlogic is here to help.

We’ve been providing our technical expertise to businesses in the Central California area since 2004, reach out today to schedule a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 22, 2023
Our Top 10 Technology Myths and Urban Legends, Debunked
The advent of the internet brought an influx of information right to our fingertips, and unfortunately not everything that proliferates on the internet is factual.

With “fake news” undoubtedly being one of the official buzz word phrases of the 2020’s, how close are you reviewing these common place technology tropes? These are the top 10 technology myths and urban legends we see as a technology provider:
1. Privacy/Incognito mode is DEFINITELY private: We’re sorry to say, if you think everything you’re doing in a private/incognito browser is hidden from view you would be incorrect. The way this mode works is it hides your browsing history from other people who may use your computer, but your ISP definitely can still see what you’re doing and depending on what’s been set up at work, possibly your IT Team/employer as well.
2. Leaving your phone plugged in destroys your battery: Nope this one is also false, we’re not sure how the idea of “over charging” a battery came to be but there’s zero evidence that leaving your phone or laptop on a charger for an extended period of time will have a long-term effect on your device’s battery.
3. At the same time, don’t let your device die completely before charging it: Letting a battery discharge completely before charging it again will not improve your phone’s battery life. Just charge your devices when they need a charge and let these myths about batter life go.
4. Mac/Linux devices (basically anything not Windows) are virus proof: Nope again, the bad news is if a device has access to the internet, it’s going to be a target for hackers. If even your smart fridge Isn’t safe, what makes you think any computer or cellphone would be?
5. Force killing apps save resources and speeds up your computer: If you have ever opened your computers task manager you’ve probably seen a lot of processes running, and you may have even force closed some of these processes to “speed” up your computer. It doesn’t really work that way unfortunately, many of the processes you see are background processes that your computer needs to run. Your computer will just open them again automatically, effectively making this activity a waste of time. You can, however, close applications you’re not using the regular way (and if you’re still having issues, it might be time to look at upgrading your device).
6. Full bars mean the best service: We’ve heard it time and again, “I have four bars!” someone will exclaim, indicating that their cellphone service has reached its full potential. More bars just mean stronger signal strength, but unfortunately for you if you’re in a heavily populated urban area it means you’re sharing that same strong signal strength with everyone else in the area. Mobile service, just like any other internet service, is subject to bandwidth load so even with a strong signal you may still experience slow service depending on where you are and how many other people are around.
7. You shouldn’t shut your computer down at night: This is another head scratcher for us, but we still see folks who believe they shouldn’t shut their computer down when they walk away for the evening. We’re happy to report that shutting down your computer will not harm it, in fact reducing the load on it each day by turning it off at night may even extend the life of your device.
8. Magnets will wipe your data/destroy your device: There’s a little bit of truth to this one but it’s run amok for so long that the truth has been obfuscated for most folks – we’re happy to report your device will NOT be destroyed by a common refrigerator magnet. However, a really big industrial magnet could do some damage, so we suggest not placing your computer near one of those.
9. Cellphones etc. can give you cancer: Nope, this one has been completely debunked. The radiofrequency that is emitted by your cellphone, tablet, laptop etc will NOT give you cancer.
10. I’m a small business/single person, no hacker will bother with me: This is unfortunately, quite untrue. It’s estimated half a million U.S. accounts are hacked each day – many of these are just regular folks or small business owners like yourself.
We hope this article helped in quashing some of these myths for you but if you have any other technical urban legends you’re not sure about, we’d be happy to weigh in (just jump on our live chat and ask away!).

If the last one was a scary one for you and you’re a business owner in California, Valley Techlogic can assist. We provide cyber security services for our clients that make sure they won’t be part of that frightening statistic. Learn more through a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 15, 2023
Maximizing your tax deduction potential with Section 179
It’s September which means we’re almost to the fourth quarter where most businesses look ahead towards end of year activities, it’s not unusual for us to see an increased interest in locking down new equipment and upgrades before year end.

Each year we begin promoting the benefits of Section 179, you can learn more about it in our updated guide for 2023 or continue reading.

In a nutshell, Section 179 is a tax savings benefit that allows you to deduct the cost of equipment you use for work from your (in some cases up to 100% of the total cost) from your tax expenses. When used correctly, this means you can purchase upgrades for your business and receive that money right back into your business when you file the following year.

Section 179 is a permanent part of the tax code here in the United States but that doesn’t mean it’s static. Each year the deduction limits are adjusted for inflation. You can see on the chart below what this year’s limits are.

You can choose to take the deduction in one lump sum or take a deduction for depreciation each year instead – it’s completely up to you.

What equipment or technology purchases qualify for Section 179?
1. New Equipment: This includes computers (as long as they’re used in your business at least 50 of the time), servers, backup devices, phone system hardware and more.
2. Components: Such as hard drives and solid-state drives, RAM, video cards, monitors and more.
3. Refurbished Equipment: You don’t have to buy new equipment to qualify for Section 179, in fact if you’re in the market for a new server and have been debating new vs refurbished, we have an article where we weigh in here. Equipment can also be financed or leased and still qualify.
4. Software: If you’re looking to purchase software upgrades for your business this year – such as upgrading an older copy of Windows to the latest version – these would also qualify.
6. Professional Services: Even professional services like ours can possibly be deducted under Section 179.
We find many businesses are looking to make purchases before the year end because that’s when a clearer picture of their financials is available but be warned. For a purchase to qualify in 2023 these purchases must be made before December 31^st. Even if the purchase was planned as part of this year’s budget, if it’s purchased January or later it will not count for this year’s taxes.

If you’re looking for the exact math on a potential purchase and the savings you will net, we can recommend this calculator, it has been updated for 2023. It’s also important to note that the ceiling for your particular business is your net income, you cannot deduct more money than you made that year, however you can carry the deduction forward to the next year.

We’ve spent some time discussing what does qualify under Section 179, but what about what doesn’t? The following items would not qualify under Section 179:
1. Intangible Assets: This would include things like patents or copyrights as an example.
2. Land: You cannot purchase land and claim a deduction for Section 179.
3. Purchased from family: Unfortunately, you cannot claim purchases that are made through a family member. Even if the product itself would normally qualify, if the item was purchased through a sibling, parent’s or spouses’ separate business it will not qualify.
Interested in making technology upgrades in your business and utilizing Section 179 in 2023? Valley Techlogic can help, we offer procurement services as well as technology solutions that are covered by this very useful tax code. Learn more today by scheduling a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 8, 2023
Threat actors attack on cloud company leads to customers data being wiped completely
Last week a Danish cloud provider called CloudNordic suffered a cyber attack that led to them losing all of their customers data in one fell swoop.

The hackers who gained access to CloudNordic’s system immediately issued a financial demand that the company was unable and unwilling to meet and led to all of their data being encrypted by the hackers. The company said that no evidence of being hacked was left behind other than the encrypted data.

This hack also effected their sister company, AzeroCloud, and both companies released identical statements on the ongoing issues they’re facing after this event, you can see the statement below translated to English from Danish.

In an effort to start over the company has establish a new name and new servers and have offered to restore their clients to servers with the same name as they had previously, though they’ve also included instructions for customers who want to move their domains to new hosts.

CloudNordic suspects the attack occurred while they were moving data centers, exposing them to already infected systems. As they were mid-migration it allowed the attackers access to their systems and even their own backups.

CloudNordic states “”The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,”.

They’ve stated while the data was scrambled during the attack, they don’t believe the attackers copied customers data as is typical with ransomware attacks, so it’s unlikely individual customers will be targeted to be ransomed back their data.

No known ransomware group has so far taken credit for this attack. The company CloudNordic and their sister company AzeroCloud have both said they plan to try to rebuild from here without access to their previous data.

At Valley Techlogic, backups are an important puzzle piece when it comes to maintaining the security of your business. For many businesses, a cyber event where all of your data is lost would be difficult to impossible to recover from. Many businesses that suffer attacks like these end up going out of business.

That’s why we created our triple layer backup plan, TechVault.

With TechVault you not only have an onsite copy of your data, there’s also a cloud backup and what we call an archival backup.

This archival backup is what makes this program we’ve created special, as it’s write once read many. Basically, the data can be copied back to you as many times as needed but once it’s on there, it cannot be deleted.

This, in addition to the 24/7 monitoring we provide as well as firewall, antivirus and other protections means your data is virtually bullet proof.

If you would like to learn more about what makes Valley Techlogic a cyber security leader in the Central Valley, schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 1, 2023
Looking to up your online platform game? These 5 tools will help you run your online business better
If you’re running a business in 2023 you know that having an online presence is often the key to growth (and if you need advice on that we’ve written about it before), but how much of your workflow is presently in the digital workspace?

We still see plenty of businesses that are still working off pen and paper, eschewing digital files for a wall of file cabinets and communicating via fax rather than email (did you know that you can receive fax via email now)?

There’s nothing wrong with being old school, but it can slow down the kind of progress you’re hoping to make with your business. Nowadays, people expect an instantaneous response to their questions or concerns and if you’re not used to communicating that way it can cause them to look for a service that will, and automation can cement workflows that would otherwise be hit or miss when left up to an individual (like your marketing efforts via email).

In a nutshell, it’s a good idea to bring as much of your business into the digital world as you possibly can. That doesn’t mean you can’t keep the techniques that helped you build your client base in the first place – but throwing a modern digital spin on them may help you reach more clients AND impress them.

So, what are the five tools you should be looking into when it comes to upping your technological game?
1. First there are marketing tools, such as a CRM (Customer Relationship Management). Beyond being a handy client database, many CRMs provide automated processes for tracking activities with those clients (such as phone calls or emails). It’s also a collaborative tool for your employees, if your employee Susan is wondering if Client A was called last week, she can just check the CRM rather than ask everyone in the office.
2. Website building tools are also another great option for expanding your business, especially if you don’t currently have a website. It doesn’t have to be a complicated or expensive process, depending on your needs it could be as simple as a one page informational that includes items like your location, hours, and contact information. Making sure your business can be found in a web search is an important part of attracting new customers.
3. If you’re still handling paper checks for all of your transactions and are left waiting for payments to come in the mail, we ask – why? Online payment processing options have grown dramatically, and they could not be easier to use, for you OR your clients. We think it’s always a good idea to give people more options to give you their money as well.
4. Branding for your business doesn’t have to be complicated. If you have a company logo that’s really all you need to get started using tools like Canva or Adobe Express. There are many pre-loaded templates for you to use to advertise your business, you just add your logo and download to post on your social media pages (we’ve written about improving your social media presence as well).
5. Communication tools are another big area you can improve your business technologically, not just with your clients but with your employees as well. Online meetings grew in popularity in the last few years, and we think they’re still an excellent way to keep in touch with clients who might otherwise not want to expend the time or effort on an in-person meeting. You can also use chat programs to touch base with employees without interrupting their workflow with a phone call or visit to their office. We use Microsoft Teams here at Valley Techlogic but there are many great and versatile options available now.
Of course, the best way to improve your business’ technological prowess is to engage with a technical provider that can knows the ins and outs of today’s modern technology and can best support your efforts to grow your business. That’s where Valley Techlogic comes in.

Interested in learning more? Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 25, 2023
Discord.io data breach sees 760,000 users information stolen and an end to the service
If you’re not familiar with Discord, it’s a chat service that first opened to the public in 2015 and quickly grew in popularity having a base of 3 million users just one year later in 2016. Now in 2023 there are over 150 million users, and the platform has been valued at $7 billion.

Discord filled a niche that had been previously left vacant since chat services like AOL and MSN were discontinued. In the early 2000’s to 2010’s forum-based communication rose in popularity and left many chat rooms empty.

Now as trends have changed, chat has seen a resurgence in popularity with Discord acting as a vector for many special interest groups to gather and discuss their hobbies, or for consumers to follow live updates about a product they’re interested in and even speak directly with its creators and get an inside look into the development process. No matter what your interest is, gaming, home improvement, DIY, art, music – there’s probably a Discord channel dedicated to it.

Discord.io was a third-party website that allowed users to find and share chat channels, we’re unfortunately saying was because after the breach they announced their services would be closed for the “foreseeable future”.

On the website it says “”We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,”. They’ve also listed the information that was released in the breach which included users encrypted passwords, their email and username, and even billing and payment information if they partook in a premium membership through the site.

While they’re not directly associated with Discord, this breach will still have an effect on Discord itself not just because this service has been discontinued but because of the overlapping data Discord and a Discord-centric third party application will have.

The unfortunate rub of it is when you utilize third party vendors for the products and services you use you’re sharing the same information with them as you are with everyone else, and a breach through an outside vendor can effect you as much as a breach to your business directly.

That’s why it’s important to vet your vendors and have protections in place to limit the effects a data breach can have. Protections can include:
1. If the breach involves financial data that could be used for identity theft, consider freezing your credit. This will limit the damage someone can do with your identifying information. If you’re not ready or aren’t able to freeze your credit, then we suggest credit monitoring at the very least (often provided for free by banking and credit card companies).
2. Don’t use the same password from one account to another. As we mentioned, password data was leaked in the Discord.io breach. While it’s encrypted data which is a good protection, many of these passwords will be cracked, and the people who purchased this information will try the password on users other accounts such as their email. If you use a different password for all of your accounts in unison with a password manager then a password leaked in a breach will only effect one account, greatly limiting the damage that can be done.
3. Similarly to above, to protect your accounts from intrusion you SHOULD be using MFA (Multi-Factor Authentication). We recently posted another article outlining the benefits of MFA, but in a nutshell if a hacker has gotten enough information about you from data breaches they may be able to utilize it to gain access to your accounts – even WITHOUT a password. MFA will stop most hackers in their tracks.
Even with protecting yourself, it’s still a good idea to try to limit the funnel of information about you or your business that can unknowingly end up on the web through third party breaches. Here are 5 additional ways to protect your data:

Want to learn more about how to recover from a data breach, boost your cyber security readiness, or gain additional insight in the kinds of questions you should be asking your vendors about your data? Valley Techlogic can cover all these topics and more. Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 18, 2023
BEC Scams are becoming increasingly more common, and the payouts more lucrative
BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

So how do you protect yourself from a Business Email Compromise scam in 2023?
1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.
Many of the defense strategies against a BEC attack involve employee training. Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 11, 2023