Cyber Security – Page 5 – Valley Techlogic

Google blocked the largest DDoS attack ever, peaking at 46 million requests per second

While it’s just now being reported on, the DDoS attack on Google Cloud occurred on June 1^st and lasted for 69 minutes – reaching a peak of 46 million requests per second.

We’ve covered Distributed Denial of Service (DDoS) attacks before in this blog, but the scale of this one is mind boggling. It’s nearly twice the size of Cloudflare DDoS attack from last year around this same time, which peaked at 26 million requests per second (sent from just over 5000 devices).

If you’re wondering where the devices used in these attacks originate from, the answer in this case is unsecured devices. Specifically compromised Mikrotik routers.

There’s been a number of articles regarding possible compromises to the Mikrotik brand of router including one instance that involved over 200,000 devices. Many in the security space wondered if there would be a fallout from that and now, we have our answer.

However, what’s more impressive is not the scale of this attack, but the fact that it was successfully blocked by Google.

Botnet attacks of this nature are not rare, it’s difficult to say exactly how many attacks occur per day but it has been noted they’re on the rise since the Russian invasion of Ukraine. A botnet is essentially an assembly of compromised devices that are used to attack a target. DDoS attacks are one of the most common uses, but they’re also used for phishing, cryptomining, or to bruteforce passwords just to name a few. The largest botnet ever recorded belonged to Russian BredoLab and consisted of 30,000,000 devices.

Would be bad actors can even purchase DDoS as a service for as little as $5 per hour which should give you an indication how prevalent and common they are as an attack vector.

Google blocked this attack by leveraging their Cloud Armor product, a network security service directly aimed at preventing DDoS attacks. If they were looking for a powerful case study for the effectiveness of this product, we can think of no better example then effectively blocking the largest DDoS attack in history (so far).

Part of blocking a DDoS attack is early detection. DDoS attacks ramp up, if you can detect an incoming flux of peculiar traffic to your network you can block the attack before it’s able to scale up and cripple your network.

Besides blocking potential attacks, the other side of the coin is not becoming an unwilling participant in a botnet through a compromised device in your home or business.

The sinister part of it is you may not even be aware your device is compromised and it’s not just mobile devices and personal computers that can be affected, even IoT (Internet of Things) devices can be hacked. There are a few things you can do to prevent your devices from being taken over by hackers as we outline in the chart below:

If your business needs assistance with protecting from any potential attacks or making sure your devices stay uncompromised, Valley Techlogic can help. All of our plans include robust cybersecurity protections at no additional charge, including assisting in your cyber security training goals (after all, human error is the #1 cause of data breaches). Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

August 25, 2022

Our UPDATED Guide to MFA (Multi-Factor Authentication)

Last year we had an article on our top picks for 2-factor authentication and we’ve touched on what makes a good password before. We thought it would be a good idea to refresh our advice on this topic and combine our tips into one easy to revisit guide.

One thing that we surprising haven’t recommended often before but would like to now is implementing Microsoft 365 2-factor authentication on your account. We utilize Microsoft products heavily in our business and we find many of our clients are the same, Microsoft software solutions are deeply woven into their day-to-day business activities. You can find our quick guide to implementing it in last week’s article here.

We’ve also touched on how implementing 2-factor on your Google account could decrease your odds of your account being hacked by half. In many cases it really is as easy as implementing the built in 2-factor settings in the accounts you utilize and you may not even need to install a 2-factor authentication software, you can simply have the codes texted to your mobile device.

Since this is a guide though we still want to give you a recommendation on that though, for us we’ve utilized Microsoft’s authenticator program for the most part. We also found that Google’s Authenticator and Authy’s Authenticator mobile apps are very easy to use as well.

It can be a little more convenient to have the 2-factor codes in one place, so you don’t have to request a code be texted every time you login (especially if you have a lot of different login’s you use throughout your workday).

You may be asking yourself at this point, what’s wrong with just my plain old password? You may have typing it in down to muscle memory and you don’t have to retrieve a code from anywhere. Well, this chart on how long it can take a crack a password based on specific criteria will tell you why:

Of course, the more complex your password is the greater the difficulty in cracking it, that brings us to our next bit of advice – utilize a password manager and have stronger (and varied) passwords.

Across the board for Valley Techlogic our employees are using LastPass, we like that it’s cross device and cross platform and enjoy the warnings and alerts it gives us if a password has been possibly compromised or if we’re trying to reuse a password we’ve used before.

However, any reputable password manager is going to be a big improvement over reusing simple passwords or trying to remember complicated ones.

Even with a password manager, your passwords being compromised online is the main reason you should consider enabling 2-factor or multi-factor on your accounts. You can have strong varied passwords and your passwords may be leaked due a breach that’s outside your control. Webpages are hacked all the time, and if your banking password is part of a data breach it can then become available to bad actors on the dark web.

With 2-factor enabled however, it won’t matter if they have your password as they would still need your authenticator program or your mobile device to login to the account. We think it’s worth the (very slight) inconvenience of a few seconds to have that level of security.

If you’re security conscious and want to go even further, you can also use a security token to lock your device (highly recommended for sensitive work devices). That means the device is useless without the security token to be able to unlock it.

Enabling multi-factor authentication across your business uniformly can be an uphill battle, but it is one we have experience with here at Valley Techlogic. As security regulations increase, this simple change will make a huge difference in your cybersecurity compliance level. Learn more today with a quick consultation.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

July 7, 2022

How a phishing scam swindled this Shark Tank host out of $400,000

We’ve focused a lot of articles on phishing scams and how no one is immune, even major money moguls like Barbara Corcoran from ABC’s Shark Tank with a net worth estimated at over $100 million fell victim to a phishing scam that wound up costing her $400,000.

Business owners are a particularly lucrative target for bad actors, and phishing emails continue to grow more sophisticated. In this instance Barbara reports receiving an email that looked like it came from her secretary going to her accountant authorizing the amount to go to a real estate deal.

Barbara like many business owners has deals going on all the time so the amount and type of authorization wasn’t unusual, allowing it to fly under everyone’s noses and make the scammers involved $400,000 richer. It wasn’t until her accountant sent an email to her real secretary confirming the transaction one last time that the scam was uncovered – and by then it was too late the transfer had already been sent.

This case proves that even with strong checks and balances in place, phishing scams can happen to almost anyone. While Barbara was able to absorb the hit without it hurting her business – many out there could not.

While the amount of money lost in this instance is quite substantial, millions of dollars are lost every day to cyber crime. It’s estimated that $1,797,945 is lost per minute according to Risk IQ’s Evil Internet Minute Report.

Even if you think your business is too small to be a target you would be wrong, scammers cast wide nets looking for victims to fall in. Here are 4 things you can have in place that could prevent this kind of scam from happening to you.

Even with these checks in place it can still be tricky to avoid, especially if your business has become a particular target for a scammer. Another famous example is how Facebook and Google were tricked out of $100 million due to an extended attack phishing attack organized by a scammer located in Lithuania. A little less than half of the money lost was recovered.

Another famous attack in 2014 saw the early release of four movies produced by Sony Pictures when North Korean hackers, upset about a movie that was being released at the time, sent targeted phishing emails that appeared as if they were coming from Apple to a top Sony executive. The damage that incurred from this attack was estimated to be over $80 million.

With both of these attacks it’s not just about the money lost either, these attacks are easily searchable to this day and had an untold effect on their reputation at the time. Massive companies like Google, Facebook and Sony can weather the storm, but could your business do the same?

Education is just one piece of the puzzle, active protection is another crucial element to avoiding the lengthy damage that can arise from a successful phishing campaign. At Valley Techlogic cyber security is a core focus for all of our plans. Learn more today with a quick and easy consultation.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

June 24, 2022

On average, your information is shared 747 times a day according to a new study

We touched on data brokers and how they buy and sell your data in a previous article, but in an eye opening new study from the Irish Council for Civil Liberties (ICCL) they found that for US-based users their information is shared online with for marketing purposes on average 747 times per day.

That means about 31 times an hour or once every two minutes your information is being sold or traded for marketing purposes so corporations can make an educated guess as to your buying habits when serving you advertising.

The study used data from a 30-day feed from Google which can be accessed by industry specific entities but is not made available to the public. While the study was aimed at European internet users, who on average have their information shared 376 times per day, the figures they discovered are startling no matter where you happen to reside.

The ICCL is pursuing legal action against online ad agencies, describing the real-time bidding (RTB) that’s occurring as a massive data breach and a violation of European data protection laws.

There are a mishmash of laws aimed at protecting US consumers from having their information sold for online marketing purposes, however with no single comprehensive federal law in place any consumer looking to find recourse if they feel their data has been used illicitly will discover they have an uphill battle ahead of them.

We all skim the lengthy TOS found when signing up for a service, while putting it out of mind that the cost of many “free” services in our data, but what if the data that’s being sold goes beyond what you’re posting on social media or what you purchased from an online retailer recently?

With data breaches being a regular occurrence, you may not even be voluntarily opting-in to sharing the information that’s currently being traded about you on the internet and it may go beyond what you would want to have shared.

Even your private medical data can be up for grabs and being sold by data brokers, for example every year Pfizer spends $12 million buying anonymized data for marketing purposes.

So as with our article on data brokers we want to give you some tools to protect yourself and protect your data while using the internet. This time we want to give you 3 helpful ideas that will help you discover what’s out there already and how to close the gaps:

Google Alerts : Create alerts with things like your name or social media handle, that way if you’re being mentioned on the internet, you’re instantly alerted to it.
HaveIBeenPwned : You can use this site to see if your email or phone number have been involved in a breach and whether it would be a good idea to update or change that information.
Credit Monitoring: While we don’t want to recommend a specific site as this choice can be somewhat personal, we think credit monitoring is a good idea for everyone these days. It’s so ubiquitous now that even your bank or credit card companies you already use probably have it built into their website.

You also can “opt out” of personalized marketing with your Google account, while that won’t stop your information from being shared and used to try and market it to you with, it will at least make it so those ads aren’t reaching you as often. You may also be shocked to learn what they’ve already compiled about your interests.

List of interests — The lists that are compiled on your interests can be quite comprehensive.

Google Isn’t the only one who offers this option, iPhone users can also opt out as well as users of social media sites such as Facebook and Instagram.

Concerns over data protection aren’t limited to just consumers, businesses should also take steps to protect their data and that of their employees. If you’d like to learn how Valley Techlogic can help you secure your data learn more with a quick consultation.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

May 19, 2022

College shuttered after 157 years due to ransomware attack

While ransomware wasn’t the only thing behind the decision to close Lincoln College, located in rural Illinois and established in 1865, it was the final blow after taking substantial financial losses due to the COVID-19 pandemic.

The school, which had survived through the Spanish Flu, the Great Depression, two world wars and even a fire in 1912 will close its doors for good on May 13^th, 2022.

The ransomware attack which occurred in December 2021 crippled their recruiting and fundraising efforts for two months, not being resolved until March 2022 as a statement on the school’s website reads.

“Furthermore, Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable.

Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

The school made attempts to avoid the closure, but the efforts came too late, and we’re sorry to say they’re far from unique in being a school that was targeted by a cyberattack. According to this report over 1043 schools suffered ransomware attacks in 2021.

Cyber criminals don’t think twice when targeting schools, hospitals, and infrastructure that’s needed by the community. We reported on the on Colonial Pipeline hack that created a major disruption at gas stations across eastern US last May.

Schools and hospitals are appealing targets because investing in cyber security measures is not generally a priority and they often store large amounts of PII (Personal Identifying Information) in their systems.

Many senators have taken note of this and have called on the Department of Homeland Security to instate measures that would bolster the security of our schools, especially K-12.

A ransomware payment isn’t the only thing attackers stand to gain when they successfully infiltrate a network, here’s a chart with the way hackers “double dip” from during their attacks:

In the end Lincoln College did choose to pay the ransom to gain control of their systems again, but it sadly made no difference in saving the college.

60% of businesses close within 6 months following a ransomware attack, and only half businesses have a cyber response plan available to quickly respond to an attack. The slow response time will only add insult to injury as you try to get back on your feet and as we’ve seen in this case, it can be fatal to your business.

Valley Techlogic can help you not only have a contingency plan in place, but also help you enact cyber security measures in your business that will prevent an attack from occurring in the first place. Learn more today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

May 12, 2022

We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:

The cost of cybercrime is predicted to hit $10.5 trillion by 2025
Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
It takes on average 287 for cybersecurity teams to detect and contain a data breach
Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021

That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

Valley Techlogics Cybersecurity Checklist — Click to grab the full size version.

Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

April 21, 2022

As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks

As we’re nearing a month into the conflict between Russia and the Ukraine, cyber warfare between the two countries is reaching an all time peak. We covered the topic of Ukraine’s “IT Army” recently in this blog, and we mentioned growing concerns we’ve seen from users that there may be a spill over effect when it comes to cyber threats.

Cyberwarfare was inevitable as conflicts on the ground continue on, and as Russian hackers feel the “pinch” of the effects of sanctions imposed against Russia, we may see an uptick in financial scams. Especially as both countries have turned to cryptocurrency which can often be used as a safe haven for financial transactions taking place outside the public eye. In the case of Russia it’s being used to try and liquidate funds out of the country and in the case of the Ukraine they’re using crypto to bolster support for their economy.

We have created this chart for the types of financial scams we think may increase in the coming days (though it should be noted, financial scams were already up 70% in 2021).

Cyber Financial Scams Chart — Click to download the full size version.

However, hackers have also represented a beacon in the war of information currently happening between Russia and the Ukraine. Ukraine’s “IT Army” is now over 400,000 people strong, with hackers from all over the world lending their support digitally in Ukraine’s effort to protect their democracy.

DDoS attacks on government sites with Russian origins as well as document leaks – which includes a 360k file data dump from a Russian federal agency – are continuing to happen regularly. It’s estimate that over 90% of exposed Russian cloud databases have been compromised at this point.

Also, with access being restricted to sites like Twitter and other social media platforms being restricted in Russia, Squad303 is a website that was created by a group of Polish programmers that can help foreigners relay information to Russian citizens. The website founders say that over 7 million text messages and 2 million emails have been sent through the site so far.

We again want to say we don’t know what the outcome of this conflict will be, but it seems clear that consumers and businesses should be wary of the ripple effects that will occur throughout the cyber sector, possibly for years to come.

Business owners who still believe they’re “too small” to be a target should be wary that proceeding with out cybersecurity protections may make them the low hanging fruit for hackers reacting to a state of desperation. Cybersecurity protections are a worthwhile investment in your future and the peace of mind in questionable times is priceless.

At Valley Techlogic, we’re experts in the field of cybersecurity. We can perform an evaluation of your business and tell you where you are now and where you need to be to not worry that your business is “ripe for picking”. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

March 18, 2022

How the war in the Ukraine is being fought on the digital front

We’ve all been exposed to the ongoing crisis occurring in the Ukraine as Russian forces have made their way into the country and are heavily attacking major Ukrainian cities as they attempt to gain control of the capital city of Kyiv, causing nearly a million Ukrainian citizens to seek shelter in neighboring countries as of the time of writing.

The Ukrainian forces have been inspiring the world as they defend their country from this unprovoked invasion, and that defense is also occurring on the cyber front. We’ve reporting ourselves from time to time on Russian hacking gangs and their effects on the US. The Ukraine is not only defending their digital infrastructure during this war, but they are also responding offensively with what’s being dubbed the “IT Army”.

These volunteers to the Ukrainian government are conducting attacks on Russian led websites – some of which are currently serving propaganda on what’s really happening in the Ukraine to Russian citizens – and bringing those websites down. These also include sites belonging directly to the Kremlin and the Russian Ministry of Defense and more.

DDoS attacks are also occurring on Russian targets, being conducted by the hacker group Anonymous. They’ve made claims they’ve succeeded in taking down 1,500 Russian led websites and dumping more than 40,000 private Russian files on the Dark Web, including ones that came from the countries Nuclear Safety Institute.

SpaceX has also jumped into the fray, responding to pleas from the Ukrainian government to add Starlink as an option to keep necessary internet services online in case of a Russian disruption to the service. SpaceX quickly delivered 48 Starlink satellites with more on the way.

Also, in a move that’s literally slowing things down inside of Russia, it was discovered that a Russian led company had outsourced the main component of their EV charge stationed on along a major motorway between Moscow and St. Petersburg. The Ukrainian company that built the components used a backdoor to hack the machines, shutting them down and displaying anti-Putin messaging on the screen.

The Ukraine’s IT Army is also requesting assistance through the use of a Telegram channel belonging to the group, which as of time of writing has over 275,000 users. The IT Army is providing live updates on successful attacks on Russian led targets as well as attempting to communicate with Russian citizens as Russia leads a disinformation campaign has tried to unsuccessfully stifle public outage on this war.

It’s unclear what the outcome to the ongoing conflict will be at this moment, but this is an unprecedented moment in time marking the first time a war has a significant public digital elements involved. We’re all aware at this point of Russia’s hacking capabilities, but it will be interesting to see if their abilities are strictly offensive as they’re now on the receiving end of the attacks.

We’ve created this timeline of notable Russian hacking gang linked cyber attacks that have occurred against the US and other countries in the last 15 years.

Russian Hacking In The Last 15 Years — Click to view the full size version.

We want to make a note that there has been some concern that this ongoing war between Russia and the Ukraine may lead to more cyber attacks on the US as the Russian economy has been significantly destabilized by sanctions enacted against Russia as a response to their attack on the Ukraine.

We’re uncertain if this will end up being the case, but if you’re having cybersecurity concerns for your business or just need some peace of mind, we would be more than happy to provide a consultation. You can schedule one here.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

March 3, 2022

CMMC Series: The Consequences for CMMC Non-Compliance

You may have thought we finished our series on the Cybersecurity Maturity Model Certification (CMMC) program, but we would be remiss if we didn’t cover the consequences and penalties for not complying with the program if you’re a current Department of Defense (DoD) contractor.

You may be thinking there’s a window to wait and see while rulings proceed on version 2.0 or have seen dates such as 2025 thrown out as the goal post for when the program will be completely finalized. Or maybe you’re just hoping the whole thing goes away, we get it. Looking at all of the controls and tiers can be overwhelming if your business is new to implementing cybersecurity measures.

However, the program is here to stay, and your business will be much better equipped to meet the requirements if you begin working on them now. There is a waiting list already for those wishing to obtain their certification earlier, and we expect the wait times to only grow as nearly 40,000 businesses who must comply with this program rush to get their certification before losing eligibility for existing contracts.

Beyond existing contracts, having your CMMC certification will make your business more competitive when seeking new contracts with the DoD. Progress towards CMMC is an investment in your business’s future, and it also meet the goals of the program which is protecting businesses from cyber threats.

So, what are the consequences for not working on CMMC compliance now, or in the future?

The DoD has said that all Defense Industrial Base (DIB) contractors must be compliant by 2025. There are no direct monetary penalties or fines for not being compliant at this time, however your business will no longer be eligible for defense contracts if you have not successfully completed your accreditation by that date.

Three years may seem like a long time but when you look at the scope of what’s necessary to be compliant with CMMC, it’s really a short window to get your ducks in a row. Tier one could be accomplished relatively easily by most businesses, but if your business handles any Confidential Unclassified Information, you’re really looking at a goal of tier three moving forward (or tier two if/when version 2.0 is released).

That’s also not counting the time spent in a waiting list for a member of the CMMC Accreditation Body to actually complete your assessment, you will need to work on your self-assessment status and POAM (Plan of Action and Milestones) prior to getting on the waiting list for CMMC accreditation.

It’s also important to note that your self-assessment must be confirmed by company leadership, it’s not enough to simply have your IT person or team complete the self-assessment and submit it.

The DoD has said they will randomly test contractor compliance and see if it matches what the contractor has inputted into Supplier Performance Risk System (SPRS). SPRS is a necessary requirement for being compliant with Defense Federal Acquisition Regulation Supplement (DFARS) which many contractors may already be aware of. They will be looking to see if your disclosures for DFARS in regards to CMMC/NIST match.

Submitting false information could make your business at risk for running afoul of the False Claims Act (FCA), which could leave you liable for civil fines and penalties. There is even a program in place to reward whistleblowers who bring to light businesses who are falsifying information about their cybersecurity practices on these forms.

This is all so much to say as there are significant risks involved with ignoring CMMC and we suggest you begin working on it now or we’re afraid you’ll be paying for it later.

If you need assistance with working on your CMMC accreditation, cybersecurity practices and compliance, DFARS forms or more – Valley Techlogic can assist you. Schedule a consultation today to learn how we can help your business meet your CMMC compliance goals for 2022.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

February 18, 2022

If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half

Google began requiring 2-factor authentication on some user accounts this past year, and while there’s always some inconvenience involved in making that switch the benefits definitely outweigh it.

Google enrolled 150 million members in the last three months of 2021 in their 2-factor authentication program, and they’ve found that instances of accounts being hacked dropped by half for those users.

Google utilizes two-step verification, or 2SV which involves having a login challenge beyond a simple password entry. This may be a message in Google’s own authenticator application or a hardware security key depending on user preference.

Google said in their blog post on the topic, “This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information, turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.” Indicating Google’s plan to initiate the requirement across the board in the near future.

The hesitancy with users to utilize such an effective security measure seems to stem from inconsistent implementation as well as a general lack of education on the topic. We thought it would be helpful to present this “cheat sheet” on multi-factor authentication and other cybersecurity acronyms.

With breaches being ever more common, having that additional step past just a password before a hacker can access your account can make all the difference. A password you use across multiple website (which is also a bad idea) may be leaked without you even being aware of it, and the prompt from a multi-factor authentication application may even be your first clue that your accounts are being accessed by someone other than yourself.

Google’s own authenticator is found on the Play Store and the Apple App Store and is a solid option, however we suggest users use whatever they feel most comfortable with or whatever is offered by the the websites they frequent (especially for important sites like banking or for work related web portals).

To add to your security effectiveness, we suggest using a password manager as well so you can work on having more varied passwords – especially for sites that don’t currently offer multi-factor authentication as an option.

If you’d like tangible security, hardware security keys are a good option and many of them have widespread support for your online accounts such as email, social media, or even your password manager (adding another layer).

Your devices also probably come with multi-factor security options built in, we’ve been pleased with the implementation of Windows Hello for Windows devices (even when we’re bleary eyed in the early morning, it always seems to recognize us). Fingerprint scanners for mobile devices have also come a long way and is a pretty convenient (and secure) way to keep access to your phone limited to just you.

If you’re a business owner in the Central Valley and want to embark on the process of enabling multi-factor authentication within your business, Valley Techlogic can help. Our security experts can help you with enabling multi-factor authentication within your business as well help you meet your cybersecurity compliance goals. Reach out to us today to learn more.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

February 10, 2022

Category: Cyber Security