Category: Security

Security

  • .corn or .com? Domain scams are getting trickier, here’s how you spot them

    .corn or .com? Domain scams are getting trickier, here’s how you spot them

    It starts with a single typo. You glance at a URL, it looks right, and you click. But what loaded in your browser wasn’t your bank, your HR portal, or your company’s file-sharing platform. It was a meticulously engineered trap, and the people behind it had been waiting for exactly this moment.

    Domain-based deception isn’t new. But the tactics have grown sharper, faster, and far more difficult to spot with the naked eye. With over 300 million registered domain names in the world and new top-level domains being approved at a pace that can be hard to follow, scammers have more raw material than ever to work with.

    Understanding their methods is the first step toward protecting yourself and your organization.

    The anatomy of a fake domain

    Before diving into specific tactics, it helps to understand what scammers are actually trying to do. Their goal is to create a web address that is visually close enough to a legitimate one that a busy, distracted reader won’t notice the difference. They then use that domain to host phishing pages, deliver malware, or intercept credentials.

    The deception typically targets three things: the domain name itself, the top-level domain (the part after the final dot), and the subdomain structure. Sometimes all three are manipulated at once.

    “The goal isn’t to fool careful readers. It’s to exploit the moments when no one is being careful.”

    Typosquatting is the practice of registering domains that are one small error away from a well-known name. A missing letter, a transposed pair, a repeated character. The domains are cheap to register and the potential return is enormous.

    Classic examples include swapping an “i” for an “l,” doubling a letter, or inserting a hyphen where none belongs. More recently, scammers have been exploiting the similarity between certain characters in different scripts, a technique sometimes called homograph or homoglyph spoofing.

    • Legitimate
    • microsoft.com
    • Typosquat
    • rnicros0ft.com
    • Legitimate
    • paypal.com
    • Typosquat
    • paypa1.com

    At normal reading speed, on a small screen, or while skimming an email on your phone, these are nearly indistinguishable. That’s precisely the point.

    The new TLD problem: .corn, .рaypal, and beyond

    For decades, the internet ran on a handful of top-level domains: .com, .net, .org, .gov. Users learned to treat those suffixes as rough signals of legitimacy. That mental shortcut is now being exploited.

    The Internet Corporation for Assigned Names and Numbers (ICANN) has approved hundreds of new generic top-level domains in recent years, including .app, .store, .finance, .cloud, and many more. Alongside these legitimate expansions, bad actors have been quick to spot and abuse visual lookalikes. The domain suffix .corn, for example, is close enough to .com that it has been used in phishing campaigns targeting users who click without examining the full address. Similarly, .co is a legitimate country-code domain for Colombia that has long been used, sometimes legitimately and sometimes deceptively, as a shorthand imitation of .com.

    Watch out for

    .corn instead of .com — a real top-level domain that reads as familiar at a glance.

    .co instead of .com — widely used in legitimate startups, but also a common phishing suffix.

    Internationalized domain names that use Cyrillic or Greek characters which render identically to Latin letters in many fonts.

    Subdomain manipulation, such as paypal.com.account-verify.net, where the real domain is the one after the final dot, not the one you recognize.

    One of the most effective and underappreciated techniques involves manipulating subdomains. Browsers display the full URL, but users have been trained to look for the familiar brand name, not to parse which part of the address actually controls the destination.

    A URL structured as amazon.com.account-secure.xyz places a recognizable brand in what looks like the domain, but the authoritative domain is account-secure.xyz. The scammer owns that, not Amazon.

    This technique is particularly effective in SMS phishing (smishing) attacks, where the entire URL is often truncated and users tap links quickly without examining them.

    Modern browsers support internationalized domain names, which means a domain can be registered using characters from non-Latin scripts. The problem arises when those characters are visually identical, or nearly so, to their Latin counterparts.

    The Cyrillic lowercase “а” and the Latin lowercase “a” look the same in most fonts. The Greek omicron “ο” is visually identical to the Latin “o.” By combining these characters, a scammer can register a domain that renders as “apple.com” in your browser’s address bar but resolves to an entirely different server.

    Browser vendors have implemented some defenses against the most obvious abuses of this technique, but protection remains inconsistent across platforms and character combinations.

    “When it comes down to it, you’re not reading the domain. You’re pattern-matching against a mental image of what it should look like.”

    What’s changed in the last two years is not just the cleverness of individual attacks but the speed and scale at which they can be deployed. Generative AI tools have made it substantially easier for even low-skill operators to spin up convincing phishing pages, generate personalized lure emails, and register dozens of lookalike domains simultaneously.

    So what can you do about it? Security researchers have observed campaigns where hundreds of typosquatted domains are registered in a single day, each pointing to a slightly different variant of a phishing page tailored to a specific target sector. Financial institutions, healthcare providers, and enterprise software platforms are the most frequent targets, but no industry is immune.

    The threat landscape is complicated, but the protective behaviors that matter most are straightforward. Most successful domain spoofing attacks succeed not because the victim was foolish but because the conditions for clicking without thinking were carefully engineered.

    Practical checklist

    • Hover over links before clicking to see the full destination URL, and read it from right to left, starting after the final dot.
    • Use a password manager that matches credentials to specific domains. If the URL is wrong, the manager won’t fill, which is your first warning.
    • Enable multi-factor authentication everywhere. A stolen password is far less useful when a second factor is required.
    • Treat any link sent via SMS, messaging apps, or email as suspect by default. Navigate to sensitive sites by typing the address directly or using bookmarks.
    • Report suspicious domains to your IT or security team. Early detection of a campaign targeting your organization can protect colleagues who haven’t seen it yet.

    Domain-based attacks are successful because they exploit something deeply human: the tendency to use heuristics rather than careful analysis when under time pressure or cognitive load. Scammers are not usually trying to outsmart technically sophisticated users in their most alert moments. They’re engineering the conditions under which even careful people make mistakes.

    The defensive answer is partly technical, partly procedural, and partly cultural. Security-aware organizations train people to slow down at the moment of a click, not just to use the right tools. That pause, the habit of looking twice at a URL before entering credentials, is often the difference between a near miss and a breach.

    The next time a link looks almost right, trust that instinct. Almost right is how these attacks work, and education on this topic is the best way to stop scammers in their tracks. Below is a free resource on this topic to share with your team:

    For specific guidance on protecting your organization, consult a qualified cybersecurity professional. If you need assistance in administering cyber security services (including Security Awareness Training) within your organization, Valley Techlogic can help. Learn more today through a consultation.

  • When the business is you, how data brokers create and sell detailed information based on your browsing history

    When the business is you, how data brokers create and sell detailed information based on your browsing history

    This week, John Oliver of “Last Week Tonight with John Oliver” aired an eye-opening segment on the world of data brokers and how easy it is to create a very detailed profile about an individual simply from their online browsing history. We suggest watching that segment (which can be found on YouTube) but we also wanted to touch base on this topic ourselves and explain what happens, why this happens, and what you can do to browse safely (and privately) online.

    There are really five clear ways data brokers capture your information online. The first is browser cookies. A cookie is a piece of information that a website stores on your device that it can than retrieve at a later time. Most websites you visit now ask you to give them permission to store cookies and most of us do so without thinking about it because the process of declining can be complicated (or perhaps you won’t be allowed on the site without doing so).

    Data brokers both buy these cookies and also place cookies on your devices themselves, which allows them to offer you highly targeted advertising. We have two solutions to this once, Chrome and Firefox both have “Do Not Track” options which will not allow the cookies to track you from site to site. There’s also a browser extension called Ghostery which gives you the option of blocking trackers.

    The second way data brokers are able to obtain information about you is through mobile applications. Many mobile applications that are “free” are not really free, you’re paying for them through the wealth of information that’s gained about you, such as your GPS data or even your private pictures and videos on your device (as many of these applications ask for “permission” for every service on your phone).

    The solution to this one is to always research the applications you download on your phone, and never give them more permissions than they need. That “white noise” application you downloaded does not need permission to your location data for instance.

    The third way may seem obvious if you stop to think about it, social media. Data brokers will scrape social media sites for information about you to “complete” their profiles on you. The easiest way to combat this is to think twice about what you’re sharing online, information such as your birthdate or where you work not only put you at risk for receiving very targeted spam – it’s also a cyber security hazard.

    The fourth way is just public records. Court documents, census data, property records, vehicle registration records, marriage and divorce records are all public and all available to data brokers at their leisure. The best way to combat this one is to address the other ones we’ve mentioned so they cannot use this information combined with the above to create a highly detailed information package on you (a singular piece of data is less useful than a full picture). You can also sign up for alerts from Google so if your name is mentioned on the web you’ll be notified.

    The fifth way may surprise you, but it’s your credit card company. Data brokers are able to buy your “anonymized” credit card data directly from your credit card company. They can then combine this data with receipts they may have accessed in other ways and your social media posts “Look at what I just bought!” and voila, data brokers now know how you’re spending your money (and what they should try to sell you next).

    There Isn’t a good way to combat the last one and it illustrates the point the best, we need more restrictions on how our data is used and who is allowed to collect it. Some states are leading the way with this, such as the California Consumer Privacy Act (CCPA) which gives consumers more control over their online data (and the ability to remove it).

    We’ve created this chart to give you five things you can do RIGHT NOW to protect your privacy online.

    Small Version of The Privacy Tips Chart
    Click to grab the full size version.

    While there are steps we can take to protect ourselves, more needs to be done to protect our privacy as we browse online. Privacy is also a concern for business owners and the businesses they run, if you would like to learn more about how Valley Techlogic can help schedule a consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Common tax return scams to watch out for in 2022

    Common tax return scams to watch out for in 2022

    The due date for filing your taxes is just 10 days away as of writing, and as tax filers scramble to gather needed information to finish (or start) their filing – scammers are looking for ways to take advantage of the mad dash that occurs for many Americans every year.

    The IRS has put together a compilation of scams they’re seeing this year, and they mention that scams may not be limited to the virtual space. Scammers may also call, mail or even show up to your door in person. So, it’s a good idea to be extra vigilant when protecting your PII (personal identifying information).

    The “Tax Transcript” scam is one that commonly targets businesses, many employees will use their business email when they sign up to do their taxes and may expect communication from the IRS to come there, but scammers will send fake communications with malware attached instead. Users may click without even thinking twice (especially as email scams of this nature can be very convincing). See below for an example.

    IRS Scam Email Example
    IRS Tax Email Scam Example. Credit: https://www.irs.gov/

    IRS scam calls are also another common tactic. It’s a good time to reiterate that the IRS will NEVER call you asking for personal information. This news segment found on YouTube shows a scammer in action, these calls may increase as we get closer and closer to the filing deadline. You shouldn’t give out your personal information even if they have things like your address or full name (scammers will often do some research on you before calling).

    Another scam aimed at businesses is one where the scammer will pose as a member of the accounting department where you work, they know many people will not question a call or email coming from a work authority. It may be a good idea if you’re a business owner to send out an email or have your accountant contact your employees to mention that like the IRS you will NEVER call or email unprompted requesting private information.

    Stolen Identity Refund Fraud or SIRF is a very lucrative business, 2.8 million false returns were filed in 2018 with a potential worth of $16 billion dollars. It’s important to guard the PII information criminals need to file a false tax return on your behalf. Here are 5 steps you can take to safeguard your information:

    1. The easiest? Have a good spam filter enabled on your email, that way many of these phishing scams won’t even make it to your inbox.
    2. Check emails for signs it’s a phishing scam, we wrote an article on what to look for. Two standouts are an email domain that doesn’t match the sender (an IRS email won’t come from a Gmail account) or links that when you hover on them don’t match where they say they go.
    3. Check with the purported sender, if the email looks like it’s coming from within your office network, but the email contents just don’t seem right – follow your gut and follow up with your department.
    4. If you receive a call from a number you don’t recognize claiming to be the IRS or the authorities, try Googling the number. Many people will share information about experiences with scam numbers online as a way to warn others.
    5. If you’ve already given your PII to a scammer, contact the major credit bureaus to freeze your credit and contact the IRS to report it ASAP. The IRS has steps in place for helping victims of identity theft, the sooner you act the sooner you can put a stop to the scammer’s activity under your identity.

    Employee training is the best defense for business owners who want to prevent scams such as these ones as well as other cyber threats from effecting their business. Valley Techlogic offers security awareness training as well as top of line cyber security defense systems as part of all of our technology packages. Learn more today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • This Malware is on Fire – Literally

    This Malware is on Fire – Literally

    There is a new malware out there that can trick your phones power brick into catching on fire.

    Cellphones and fires are not a new phenomenon, we all remember the debacle that was the Samsung Note 7. Due to the so called “aggressive” battery design, phones worldwide were exploding. This led to a swift recall and caused quite a dent in their public image.

    However, the fires being started right now are at no fault to the manufacturers and not tied to a single brand. A recently discovered malware being called by the lab that discovered it “BadPower” is causing cellphone power bricks across various brands to start on fire.

    Melted Cellphone
    An example of one of the affected phones. Attribution Nathanial Stern via Flickr

    It works by tricking the adapter into sending more electricity to the phone then it can handle, which over time will melt the internal components and start a fire. Xuanwu labs tested the BadPower malware with 35 different power bricks and they discovered 18 of those were vulnerable to the attack.

    What’s even worse, if your phone fell victim to this attack there would be no external signs that it was happening, your power brick would just start on fire.

    As with many things the solution to this problem is a firmware update provided by your cellphone manufacturer and this is yet another solid reminder to always keep the software on your devices updated.

    Cellphones are not the only things vulnerable to attacks that may damage hardware. While most malware on computers is directed at stealing information, it’s technically possible for a malware to cause your personal computer to overheat, thereby damaging its CPU.

    We may be entering a new age of malicious malware that’s aimed purely at destruction and not of the financial kind that we’re accustomed to.

    In this case the best defense is a good offense, and if you’re a business located in the Central Valley, Valley Techlogic would love to be your strategic partner in protecting your business. Reach out today for a free cyber security assessment, in less than 30 minutes over the phone we can give you a place to start.

    If you’re not ready for the assessment, we also have our free one-page cyber security checklist that was recently updated for 2020. We think it’s a great resource for your business.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!

     

  • Tips for Using Zoom Safely

    Tips for Using Zoom Safely

    Dogs on ZoomMost of us are finding ourselves working from home either altogether or at least part of the time, and with that change also comes conducting work meetings from home. While we all probably had at least an awareness of video client tools such as Microsoft Teams and Skype, a new contender came through and became the working from home meeting tool du jour – I’m talking of course about Zoom.

    Zoom has added 2.22 million users so far in 2020 (the previous year they gained 1.99 million for the entire year). Unfortunately, with such unprecedent growth also comes growing pains in the form of unauthorized users jumping onto calls and even cyber security issues. So how can you use Zoom safely, and what led to it becoming such a popular option in the first place?

    Unlike many of its competitors Zoom allows you to see multiple participants at once, rather than one at a time while they’re talking. It also has the unique functionality of allowing users to join from a browser which lets participants avoid downloading the client if they don’t wish to or are unable to.

    You can also host an unlimited number of meetings with up to 100 participants with only the free client (up to 500 participants and concurrent meetings being paid features). Screensharing is also possible and a nice feature.

    With that said there have been some draw backs, call quality may be somewhat unpredictable compared to more seasoned products in this arena (although I think it would suffice to say they’ve all had some troubles in these heretofore unheard-of times). Users have also reported issues with scheduling and adding meetings to their calendars. The biggest issues though, have been in the avenue of security.

    Starting with so called “Zoom Bombers” – which have been one of the most publicized issues – it is described as having uninvited users join your private video call and start spamming unsavory materials either in the chat or via voice and/or video.

    Many of these intruders gained access via businesses posting the video chat link to their public social media accounts. The best method of protection against this by far is adding a password to your Zoom chats and not posting them publicly.

    It’s also come to light that there are some critical cyber security issues with Zoom, especially regarding user data.  500,000 Zoom user accounts and passwords were recently found for sale on the dark web due to a data breach by a cyber security firm.

    This serves as a good reminder to keep your passwords varied, change them periodically and use a password manager. You can check the whimsically named site https://haveibeenpwned.com/ to see if you’ve been a victim to this breach or any others.

    Suffice to say despite its faults Zoom is probably here to stay for the foreseeable future, especially as the country’s workforce continues to work from home. Taking some necessary steps will keep your work meetings intruder free and safe.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic.

  • 10 Tips for Staying Safe Online When Working from Home

    Woman working at desk

    In light of the ongoing health crisis many of us are placed in the unusual position of working from home. While you may have concerns about keeping up your usual level of productivity and being able to communicate effectively with your coworkers while working in separate places there may be one issue flying under the radar, how do you stay safe online while working from home?

    It’s unfortunately not a given, in many work places you have an IT team that maintains (or should!) a high level of security for your office computers and network. These same measures are not in place on your home network or on your home computer.

    With so many of us working from home hackers may be seeing this as an opportunity to access your company’s private data via unsecured personal computers and home networks. These 10 tips will prevent this from happening.

    1. Don’t reuse passwords. If you’re able to choose your own work passwords it’s important they’re varied, if hackers get access to one of your accounts and you use the same password for everything then they have access to all of them.
    2. Practice good password safety. It’s imperative that passwords for your work accounts follow good password safety practices. Hackers may be able to use your work accounts to access the rest of your company’s data. If you set your own password make sure it follows the rules of 16 characters in length, mixing characters and avoiding dictionary words if possible.
      Also destroy any written copies of your password, real life phishing exists! Use a password manager like LastPass instead.
    3. Secure your home network. It’s shocking how many home networks don’t have a password at all, or if they do it’s a single word with no mixed characters or even your router’s default password.
      This is not a good idea! Hackers can use your network to access your home machine, and from there it may be game over. Like the tip above practice good password safety when it comes to your router’s password.
    4. Enable 2-factor authentication if it’s available to you. Many laptops these days feature security measures such as facial recognition or fingerprint readers that will help keep your device safe. Don’t forget to enable the same feature on your phone!
    5. Speaking of 2-factor authentication. You may find that your workplace uses 2-factor authentication to secure the applications you use on a daily basis to do your job, if they don’t bring it up! This will further prevent people from accessing your company data.
    6. Install updates. At work your IT team is probably installing updates for you, on your home device you’re responsible for doing so. In general, you shouldn’t be ignoring updates but while accessing your company accounts it’s even more important.
    7. Practice good online safety. The security measures enabled on your company network may prevent a total takeover in the case of someone accidentally downloading malware, this is not so at home.
      Don’t open attachments from senders you don’t know. Be careful which websites you visit, and always have your firewall enabled!
    8. Be careful with public networks. During this time, it might be tempting to get out and at least work outside at a café or somewhere with public Wi-Fi. However, this public Wi-Fi may leave your machine vulnerable, especially if you’re not practicing some of the safety measures above.
    9. Make sure your work is backed up. You’ll probably need some help from your IT team for this one but ensure the work you’re doing is backed up to your office servers or saved in some way. Recovering lost data from your home machine alone may be more difficult.
    10. Last but not least, use an anti-virus software. Find out which anti-virus software your company IT team recommends, or if you need a recommendation reach out to us. It’s extremely important for staying safe online.

    We hope these tips help. For those not working remotely or for tips on staying safe while in public right now, we recommend referring to the CDC Website for the most up to date information: https://www.cdc.gov/coronavirus/2019-ncov/index.html

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can visit us on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://twitter.com/valleytechlogic.

  • 2020 is Here – Here’s your Technology and Cybersecurity Forecast

    2020 is Here – Here’s your Technology and Cybersecurity Forecast

    It’s 2020 and the start of a new decade. Technology has changed a lot since the beginning of the last decade. Inexpensive computer options like Raspberry Pi and Chromebook became available, the first iPad was released.

    Computing also got a lot faster, the first 8 core processors were released, solid state drives became a lot more widespread, and graphic cards reached new heights for computer gamers shattering the previously achievable FPS (frames per second) and ushering in a new era of high-end gaming.

    The previous decade also brought new records on cybersecurity issues but unfortunately not in a positive light. Malware became more sophisticated and harder to track, ransomware became widespread (it’s estimated it cost the US $7.5 billion in 2019). So, what’s on the horizon for 2020 and beyond in the realms of technology and cybersecurity?

    As wearable technology advances increase, we will see even more of it aimed at integrating tech with the world around us. Augmented reality devices will probably become more accessible and affordable. Sensor technology will continue to increase which will have a positive effect on healthcare and our ability to detect health scares before they advance to something serious (see watches now aimed at keeping track of our blood pressure and heart rate).

    Needless to say it will be something to look out for as our society becomes more dependent on the IoT (Internet of Things), for good and for bad.

    What about the field of cybersecurity? While it’s probably true hackers won’t stop trying to gain access to our private information – especially as it pertains to our financials – even the most layman user of technology is becoming keen to protecting their privacy.

    Consumers will demand corporations be made accountable for leaks of private data and businesses not wanting to shoulder the financial burden of an attack (or the bad press) will utilize the tools available to thwart would be bad actors in their tracks.

    On that front we can help. At Valley Techlogic we are on a mission to have the most comprehensive and effective cybersecurity tools available to protect our clients. We also offer 24/7 help desk so no matter when you have a problem, we’re on it.

    If you’re in the Central Valley or surrounding area reach out today for a free security audit and begin this new decade tackling your business’s technology needs.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can visit us on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://twitter.com/valleytechlogic.

  • Window’s 7 EOL of Life Is Coming Soon, But There’s Still Time to Prepare

    14th on a Calendar
    The January 14th is almost here.

    January 14, 2020 will be here in less than three short months, and there are probably many out there that haven’t prepared to make the switch off Windows 7 (or Windows Server 2008 which also ends support on the same day). In fact, an estimated 32.8% of all PCs running Windows are still running Windows 7.

    We know it can seem like a hassle to upgrade and you may be thinking what’s the harm in leaving my computer as is? We’d like to explain why that’s a bad idea and simple steps you can take to make the migration off Windows 7 easier.

    If you stay on Windows 7 after support ends your PC will still work, but it will be more vulnerable to malware and other security risks. Regular Windows updates provide crucial protection to exploits that may especially exploit vulnerabilities in your operating system or programs run by that operating system.

    Hackers may also choose to target those who have decided to stay with Windows 7 after January 14th. You may find yourself up creek without a paddle if something happens to your PC after Windows support ends.

    It doesn’t have to be this way though, making the switch from Windows 7 will probably not be as difficult as you may be expecting. In fact, a Windows 7 client upgrade may take an hour – or less – if your computer has a solid state drive (SSD).

    If you have an older mechanical drive it may take a bit longer, but it is probably not the multi-day event you may have been expecting.

    You shouldn’t attempt an update from Windows 7 to Windows 10 without a backup, and this is an excellent time to review your backup plan in general (especially if you don’t have one!). You most likely will not lose any files though and should find yourself up and running the same day with a brand new and more secure operating system.

    We’d like to take the time to note that migration from Windows 2008 server to newer editions of Windows server is a more complicated process that should not be attempted without professional help.

    If you own or work for a business in Central California, Valley TechLogic can assist you with this task. Reach out to us today at 209-357-3121.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can also reach us on Facebook at https://www.facebook.com/valleytechlogic/ or on Twitter at https://www.twitter.com/valleytechlogic.

  • October Is National Cybersecurity Awareness Month

    October Is National Cybersecurity Awareness Month

    [img src=”/wp-content/uploads/2019/10/blog_191004_05.jpg” class=”aligncenter”]

    Every October National Cybersecurity Awareness Month (NCAM) is held to promote awareness of cybersecurity issues and allow government and other agencies to provide resources to the general public so they may be safer and more secure online.

    The theme this year is Own IT. Secure IT. Protect IT. and the focus will be on key areas including citizen privacy, consumer devices, and ecommerce security.

    In our own effort we will be covering topics related to cybersecurity and promoting resources we use to keep our clients data secure. To start with here is the homeland security website on this topic: https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

    It covers in depth topics on online privacy, multi factor authentication, cybersecurity while traveling and more. There’s even a trivia game you can use in your organization as a fun and accessible way to introduce cybersecurity tips to your employees.

    Cybersecurity can be an intimidating topic, especially from a business standpoint. It’s important to do what you can to start implementing measures as soon as possible. Here is the checklist we personally use as a kicking off point to get you started.

    [img src=”/wp-content/uploads/2019/10/Untitled-Extract-Pages-page-001_01.jpg” class=”aligncenter”]

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://twitter.com/valleytechlogic.

  • 5 Things your employees need to do to combat cyberattacks

    5 Things your employees need to do to combat cyberattacks

    The common perception around cybersecurity is that IT departments are solely responsible for it. As such, it’s commonly considered a technical and administrative issue that employees play little or no part in. Unfortunately, its this perception that’s leaving so many businesses exposed to cyberattacks.

    Almost all data breaches start with a social engineering attack, typically delivered by email or over social media, targeted towards employees. Anyone can be a target, and all these attacks have something in common — rather than exploiting vulnerabilities in technology itself, they exploit human ignorance and unpreparedness. That’s why employees must develop good security habits, like the ones below.

    #1. Keep software up to date

    Although social engineering presents by far the biggest threat, outdated software gives hackers an easy way to infiltrate business systems. For example, a lot of ransomware attacks exploit outdated operating systems. Other attacks deliberately target victims who have failed to install a critical security update.

    There’s no denying that regular updates can be irritating, especially when you receive constant notifications to update whenever you open an app. While many modern apps keep up to date automatically, some require confirmation and additional steps. Employees should always be ready to install these updates to reduce the likelihood of cyberattacks.

    #2. Create stronger passwords

    The average US email address is associated with 130 online accounts ranging from internet banking to social media to online shopping and more. That’s a whole lot of login credentials to look after, so it’s perhaps hardly surprising that most people just use the same password for everything. Recycling passwords leaves you with many single points of failure. What’s more, a weak password is also easy to hack using a brute force attack, which guesses all possible character combinations until it finds the right one.

    Employees should be adequately trained in the use of passwords. This means they need to be setting longer and more complex passwords that contain a mixture of letters, numbers, and symbols. They should also enable multifactor authentication to add an extra layer of protection on your accounts in the form of temporary verification codes sent to your phone or biometric authentication (e.g., fingerprint scans and facial recognition).

    #3. Back up data regularly

    It has become commonplace for employees to work from home or on the move, typically using their own devices rather than those provided by the company. One of the biggest challenges of workforce mobility is that you can easily end up with important business data spread out across a huge range of different devices, therefore making it vulnerable to loss or theft.

    No one should ever underestimate the importance of backing up their data, and employees need to be aware of your backup and disaster recovery policy. If they’re not, it’s not worth the paper it’s printed on. Another option is to have your employees use cloud-hosted apps where all data is stored online and kept in a secure off-site facility.

    #4. Identify phishing scams

    Given the fact that most cyber incidents stem from human error, untrained employees are usually the weakest link when it comes to information security and compliance. This also means your brand’s reputation rests on your employees’ shoulders. Even a seemingly minor mistake, such as downloading attachments or clicking on suspicious links in an email, can lead to a far more serious incident. Regularly training employees to be critical of every website or email they encounter online can prevent a slew of cyberattacks from spreading in the first place.

    #5. Follow security policies

    Security policies are worth nothing if they’re not thoroughly understood by everyone in your organization and enforced as necessary. Your security policies should cover every digital asset and the employees who use them. It’s something everyone on your team needs to be fully aware of and onboard with.

    By following security policies to a T, employees will know exactly what constitutes the acceptable use of your company’s information resources, and they’ll know what to do during a cybersecurity incident. This helps create a culture of accountability and turn your employees from the weakest link into the first and last line of defense.

    Valley Techlogic provides network security services, cutting-edge solutions, and expert advice to help your business fend off the latest threats. Call us today to keep your most critical assets safe and sound.