Tag: cyber security

  • Staying secure on the 4th, why phishing attacks increase during holiday weekends

    Staying secure on the 4th, why phishing attacks increase during holiday weekends

    We’ve touched on this topic before, but we thought a reminder as we approach the Fourth of July weekend couldn’t hurt, hackers don’t take the holidays off.

    This includes summer holidays such as Memorial Day and the 4th of July in addition to the typical winter festivities. Bad actors know that the holidays can be a boon for their nefarious activities, employees may be less on guard as they look forward to the extra time off and routines are thrown off with a disruption to the normal M-F patterned workweek.

    Here are 7 ways the holidays lead to a higher risk of phishing attacks:

    • Reduced Staff Monitoring
      Fewer IT and security personnel are actively monitoring systems during holidays, making it easier for attacks to go undetected.
    • Delayed Response Times
      Even if an attack is noticed, response times are slower due to limited holiday support coverage, allowing phishing attempts more time to succeed.
    • Disrupted Routines
      Employees are more likely to check emails from mobile devices or at unusual times, making them less vigilant and more susceptible to suspicious messages.
    • Increased Volume of Personal Communications
      Holiday-related emails, such as order confirmations, travel details, and e-cards, create a flood of legitimate messages—making phishing emails easier to blend in.
    • Tempting Lures
      Phishing emails often mimic holiday promotions, charity donation requests, or time-sensitive holiday deals—tactics that seem more believable during the season.
    • Social Engineering Opportunities
      Hackers exploit the fact that people are distracted, in a festive mindset, or rushing to wrap up work—making them less likely to scrutinize an email carefully.
    • Gaps in System Updates
      Routine maintenance and updates might be paused during holidays, leaving systems more vulnerable to phishing-based exploits that rely on unpatched software.

    (Download these tips as an Infographic below.)

    Phishing attacks are one of the most common—and costly—cyber threats facing small businesses today. At Valley Techlogic, we help protect your business by implementing robust email security solutions, conducting employee phishing awareness training, and monitoring for suspicious activity around the clock. Our proactive approach ensures you’re not just reacting to threats but preventing them before they reach your inbox. Reach out today for more information.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • Best of Cybersecurity: 5 Must-Read Blogs to Protect Your Business

    Best of Cybersecurity: 5 Must-Read Blogs to Protect Your Business

    In today’s digital world, staying informed about cybersecurity is crucial for every organization. We’ve rounded up five of our top cybersecurity blogs that offer actionable insights, expert advice, and practical steps to strengthen your defenses.

    Whether you’re a small business owner or an IT leader, these articles cover everything from phishing prevention to disaster recovery. Dive in and level up your cybersecurity knowledge:

    Six Ways Continuous Monitoring Keeps You a Step Ahead in Your Cyber Security Efforts

    One of the most effective strategies for safeguarding business assets and sensitive information is continuous monitoring. Here are six ways continuous monitoring benefits businesses when seeking comprehensive cyber security solutions. Read it here: https://www.valleytechlogic.com/2024/06/six-ways-continuous-monitoring-keeps-you-a-step-ahead-in-your-cyber-security-efforts/

    Cyber Security Training Is More Accessible Than You Think

    When many people think cyber security training, they think of something they’ll have to spend hours on. Long form videos with wordy explanations in tech-speak that doesn’t resonate or get absorbed by the intended audience. That’s simply not the case in 2025. Read it here: https://www.valleytechlogic.com/2021/04/cyber-security-training-is-more-accessible-than-you-think/

    8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    We all know about good hygiene practices for ourselves and our homes, but what about practicing good cybersecurity hygiene? What does the word hygiene mean when applied to a digital context? Read it here: https://www.valleytechlogic.com/2025/03/8-tips-for-practicing-good-cybersecurity-hygiene-in-your-business/

    10 Scary Cybersecurity Statistics Business Owners Need to Know

    Cybersecurity is something we all know we need to do more about but also don’t like to think about, however for business owners’ avoidance won’t make the threats any less real. Read it here: https://www.valleytechlogic.com/2021/10/10-scary-cybersecurity-statistics-business-owners-need-to-know/

    5 Ways “Tribal Knowledge” Sabotages Your Cybersecurity Efforts

    Tribal knowledge is anything in your workplace that is common knowledge and is not documented. If the rules are posted somewhere it goes from being tribal knowledge to policy, and when it comes to the technology in your business, it is much more secure to rely on policy than tribal knowledge. Read it here: https://www.valleytechlogic.com/2021/10/5-ways-tribal-knowledge-sabotages-your-cybersecurity-efforts/

    Want more cybersecurity insights? Our cybersecurity kit found here has the latest strategies, tools, and trends to help keep your business safe. Not sure how to act on this advice in your business? Valley Techlogic has supported businesses in their endeavors to increase cybersecurity protection and offer coverage and solutions for complex challenges such as security awareness with employees, disaster recovery planning, regulatory compliance and more. Reach out today for more information

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • 8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    We all know about good hygiene practices for ourselves and our homes, but what about practicing good cybersecurity hygiene? What does the word hygiene mean when applied to a digital context?

    When we think of hygiene for cybersecurity it’s the essential items needed to practice the bare minimum in cyber threat prevention, we’re strong advocates for advanced cybersecurity threat prevention and believe you can never be too protected – however these 8 items will in many cases prevent the vast majority of outside threats. As a bonus? The only thing you’ll need to spend to enact these in your business today is a little time.

    1. Use Strong and Unique Passwords
      Implement complex passwords and enable multi-factor authentication (MFA) for added security. We have a guide for what a strong password looks like and how to utilize MFA here.
    2. Regularly Update Software and Systems
      Keep your operating systems, applications, and antivirus software up to date to patch vulnerabilities.
    3. Educate Employees on Cybersecurity Best Practices
      Train staff on recognizing phishing scams, suspicious emails, and safe browsing habits. Interested in cybersecurity training for your business? Valley Techlogic includes it (at no additional cost) in all of our plans.
    4. Limit Access to Sensitive Data
      Implement role-based access controls and grant permissions only to those who need them.
    5. Enable Firewalls and Antivirus Protection
      Use firewalls, antivirus programs, and other security tools to prevent unauthorized access.
    6. Backup Data Regularly
      Perform frequent backups and store them in secure, off-site locations to prevent data loss from ransomware attacks.
    7. Monitor Network Activity
      Use intrusion detection systems and regularly review logs for unusual activity.
    8. Implement Secure Wi-Fi and VPN Usage
      Use encrypted Wi-Fi networks and require VPN usage for remote employees to protect data transmission.

    Implementing these 8 cybersecurity threat preventions will protect your business from most attacks, but if you’re looking to go a little further below are 4 cybersecurity benefits included with all Valley Techlogic service plans:

    Want to learn more? Schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • As Biden is set to leave office in a matter of days, he released an executive order aimed at bolstering US cyber defense

    As Biden is set to leave office in a matter of days, he released an executive order aimed at bolstering US cyber defense

    In what is truly the 11th hour (inauguration day for President Trump is January 20th, 3 days from now at the time of writing), the Biden administration announced an executive order that looks to strengthen US cyber defenses against outside influence, particularly from Russia and China.

    Described as a “sweeping” move, the executive order covers topics from cyber threat vulnerabilities to guidance on consumer electronics and even outer space.

    The order gives enhanced authority to CISA (Cybersecurity and Infrastructure Security Agency) to hunt for threats on federal networks, likely a response to the recent news that President Trumps communication with Vice President JD Vance may have been compromised by Chinese hackers.

    The order also covers additional protections for Federal agencies, including implementing end-to-end encryption for all video and email communication and stating  that by 2027 any internet connected devices purchased for federal use must have a “cyber trust mark” indicating they meet current cyber standards. Internet connected devices have a wide range of criteria in 2025, everything from home security systems to our appliances has an internet connected option in our modern world.

    The order also covers requiring enhanced cybersecurity measures for our space systems, likely in response to Russia targeting Ukraine’s satellite systems in the ongoing invasion.

    The order even takes aim at Microsoft specifically, citing a host of errors that allowed Chinese attackers to breach their networks in 2023 which had downstream consequences for our federal government (senior US officials email accounts were allegedly breached in the aftermath of the attack).

    Trump’s team has not yet responded to the new executive order so it’s unclear how much follow through will be had on it once he regains office next week, however the Biden team is optimistic on its longevity as bolstering US cyber defense was also a goal during the initial Trump administration (CISA was created in 2018 under Trump’s first term).

    As our government looks to shore up their cybersecurity practices in 2025, what are you doing to ensure your business is protected from ongoing threats?

    Cyberthreats are not limited to large scale attacks on larger businesses, small businesses are often seen as “easy targets” and can also be swept up in the aftermath of an attack aimed at someone else.

    Implementing strong cybersecurity measures, such as secure passwords, regular software updates, employee training, and robust data encryption, not only protects the business but also builds trust with customers. It is clear, in 2025 cybersecurity is no longer a topic that can be pushed off until a later time. The threats are here now and the time to act is before your business is compromised, because afterward it might be too late.

    Valley Techlogic includes cybersecurity protection as a core offering in all of our customized service plans. Learn more today with a free consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • 5 Ways to Think Like a Hacker to Protect Your Business

    5 Ways to Think Like a Hacker to Protect Your Business

    As you’re going about your day-to-day activities online, thinking of how a hacker might take advantage of even mundane aspects of your routine probably doesn’t enter into the equation.

    We all sign on to work for the day, check our emails, maybe post an update on social media and chat with our colleagues before getting into the grind of our daily activities. Already when you first log in, you’re potentially being exposed to potential threat activity.

    Here are five ways you can “think like a hacker” and protect your business and yourself from falling victim to scams, malware attempts and more:

    1. As we mentioned, the first thing almost everyone does is check their emails but how closely are you scrutinizing the items in your inbox? Phishing is still the number one-way attackers gain access to personally identifying information and systems in your business. Here’s some advice on spotting phishing emails and how to avoid falling for them.
    2. Sharing on social media? You’re volunteering personal information that anyone can read and take advantage of. It might be nice to post that lunch selfie you took with your colleagues but maybe wait until you’re back at your desk, especially if you’re a business owner as you’re more likely to be targeted by something called spear fishing. By posting that selfie during lunch you’re letting anyone who may be watching know your office computer is unattended.
    3. In the same vein, the more details you post online the more information can be gleaned to target you. If you post that your Aunt Kathy Isn’t feeling well Aunt Kathy’s “friend” may send you a message offering sympathy and describing their own woes and tribulations while perhaps trying to gain your trust. However, when you go to confirm with Aunt Kathy later on you find out she’s never heard of this so called “friend”. Social engineering is a large part of long-term scams, always confirm with your friends and relatives directly before giving credence to any messages you receive online.
    4. Sending something important? Always encrypt! You cannot account for the security awareness of others; by encrypting important files being sent via email you’re at least protecting your side of equation.
    5. Speaking of security awareness, being up to date on the latest threats is exactly what a hacker would do. With security awareness training, you can “think like a hacker” and avoid many of the traps they try and set up to gain access to your business.

    Security awareness training is just one of the features we include with all of our service plans. On top of that you will also gain access to:

    1. 24/7 Endpoint Detection and Threat Monitoring
    2. Automatic Daily Backups
    3. Disaster Recovery Planning
    4. Consistent Patching & Updates
    5. Ticket Response Times in Under 15 Minutes

    With a Valley Techlogic plan you don’t need to think like a hacker to protect your business, learn more today with a free consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • Leave the World Behind features alleged cyber warfare as the main movie villain, how realistic was it?

    Leave the World Behind features alleged cyber warfare as the main movie villain, how realistic was it?

    The cyber attacks we typically report on are localized or contained to a specific sector or even business entity.

    In Netflix’s new movie “Leave the World Behind” characters are confronted with what looked like a global cyber attack causing mass destruction and chaos, including self-driving cars crashing into each other with no driver present and planes crashing into the ocean into land with GPS absent.

    The movie features an all-star cast and is the first movie we’ve seen take on the apocalypse narrative with a unique technology twist – not to besmirch the Terminator legacy, but killer robots are found fairly frequently in pop culture.

    Originally adapted from Rumaan Alam’s book of the same name, the movie actually takes liberty in specifically calling out the cyber attack in the movie where in the book the nature of what’s going on is left a lot more ambiguous.

    The movie even received feedback from former President Barack Obama to make sure the cyber warfare elements were realistic instead of fantastic which left us with an eerie feeling after viewing the film, because the truth is some of the elements of it could be replicated in real life.

    Venturing into spoiler territory now, at several points in the movie the characters are subjected to an ear-piercing noise that stops them in their tracks. It’s alluded to that these attacks might be “sonic booms” and are the reason one of the characters begins having physical symptoms as a response (odontophobia folks beware). This attack in the movie mirrored an alleged event in Cuba where directed energy waves, in this case microwave instead of sound, caused physical harm to locals.

    In another scene one of the main characters attempts to check her phone for news and is instead confronted with several news articles, seemingly normal messages at first then devolving on red paper are dropped from a drone in the sky on a character driving down an empty road – this is several hours after the characters have been cut off from the outside world by the technology we all rely on for news and information.

    By sheer coincidence these scenes are again mirrored by a real-life news event that happened just this month, where Iran-located hackers took over a water authority in Pennsylvania because their devices were Iran made, screens of these electronics found in the facility displayed a message in red with “YOU HAVE BEEN HACKED” featured prominently.

    It’s unlikely that an attack could take out an entire nation easily, but it is worrying for us as a technology provider when we encounter lackadaisical responses to very serious cyber threats. The whole world does not need to be hacked for a hack to affect your whole world.

    If after watching this new blockbuster you’re thinking it might be time to evaluate your cyber preparedness, Valley Techlogic has you covered.

    If you book a consultation with us this month you will even receive a $100 cash for your time just for hearing us out. Click here or on the image below to get started.

     

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • 5 emerging cyber threats to worry about in 2024

    5 emerging cyber threats to worry about in 2024

    We’re all familiar with the usual suspects when it comes to cyber threats, viruses, trojan horses, phishing attacks, malware and ransomware. We’ve covered these threats in great detail (here’s just a few articles on these topics: 10 scary cybersecurity statistics business owners need to know,  Zero trust or zero effort, how does your businesses security stack measure up?, Can you spot the phishing clues? And 10 tips to avoid falling for a phishing scam). Even if you’re not a technical inclined person you probably have some awareness of how to avoid these threats, such as being careful with suspicious emails and attachments or not downloading files from unknown sources.

    What about emerging cyber security threats? These are threats that are not well known and in fact may use improvements in technology such as AI (artificial intelligence) to their advantage for nefarious gain.

    Bad actors are continuously looking for new ways to subjugate your devices and gain access to your systems and data to exploit it for their own gain, and unfortunately in 2024 we don’t believe things will be any different.

    Knowledge is power, so by being aware of these emerging threats you can learn to avoid them or learn what protections you need to put in place to prevent yourself and your business from becoming a victim.

    Here are five emerging threats that we believe will grow in popularity in 2024:

    1. Supply Chain Attacks: Cyber criminals have learned targeting vulnerable systems that supply the things we need day to day (for example the Colonial Pipeline attack that occurred in 2021) can result in lucrative payouts as the vendor(s) scramble to get things back up and running again. We’re expecting these types of attacks to continue to increase in 2024.bio
    2. Biometric Data Threats: As more biometric data is used to confirm your identity for accessing your accounts or making payments, more regulations need to be put in place to protect that data. Facial recognition and fingerprint scans can often give someone access to your personal devices (such as a cellphone) and those devices can be the keys to the kingdom when it comes to accessing your accounts. Attacks in 2024 may escalate not just to the theft of data but also physical theft in unison on high value targets (think CEOs, Presidents and other C-Suite users).
    3. Artificial Intelligence (AI) Manipulation: As more and more people explore using AI in their business or to provide solutions to common problems, there will be more and more bad actors trying to exploit it. We’ll see increased attacks using AI including data manipulation (feeding AI erroneous results so that users are receiving incorrect information) and attacks on systems using AI or powered by AI.
    4. 5G Network Vulnerabilities: As 4G continues to be phased out and 5G becomes more common place we’ll see increased attacks aimed at these networks, especially as more and more businesses in rural locations utilize 5G as a solution to spotty or absent cable or fiber options in their area. As the nature of 5G is aimed at providing a geographically robust internet solution to companies like these it’s important to make sure your security settings are beyond reproach to inhibit attacks on your network from the outside.
    5. Advanced Ransomware & Phishing Attacks: Ransomware and phishing attacks are not new, but they continue to grow more sophisticated as as-a-service models continue to roll out, this allows attackers that may not have a firm grasp of technology or even English to send out widespread attack emails that are indistinguishable from emails you may get from reputable services you use for a relatively small monetary fee. Also, because many of these attacks originate outside the US you may have no recourse if your business is successfully hit by one.

    These are just five emerging threats but there are many threats out there making it all the more crucial you have a cyber security solution behind your business that’s staying ahead of these threats and more.

    The threats mentioned above are crimes of opportunity and it’s very easy to be caught in the wide net that’s being cast by those with ill intentions. Valley Techlogic has been at the forefront of providing all encompassing security solutions to our customers. If you would like to learn more about protection your business from cyber security attacks in 2024 schedule a consultation with our experts today. Also for a limited time when you hear us out, you can also take advantage of our Black Friday offer.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • If you have a computer or server with an Intel Processor, you need to patch for this vulnerability ASAP

    If you have a computer or server with an Intel Processor, you need to patch for this vulnerability ASAP

    Intel just released a fix for a vulnerability that would make certain CPUs in jeopardy of being compromised. The vulnerability would allow an attacker to gain privileged access to machines or trigger a denial-of-service attack.

    You can see the list of affected CPUs here, patching for this vulnerability may need to occur in phases including micro-updates to the BIOs, system OS and drivers. In a statement on their website Intel says malicious exploitation of this code would need execution of an arbitrary code (so it can’t be exploited with no input from the end user). They don’t believe patching for this issue will impact devices in a noticeable way.

    Originally discovered by a Google Security Engineering team and dubbed “Reptar”, a researcher at Google commented on how strange this vulnerability appears to be.

    The vulnerability changes how redundant prefixes, basically small bits of code, are interpreted by the effected CPUs. Normally CPUs ignore redundant prefixes for obvious reasons (the key word being “redundant”) but instead these prefixes triggered expanding errors within the system. The Google team found that when it was left without remediation eventually the affected machines would report processing errors and begin to malfunction.

    Destructive code like this is frightening because it may not just be a loss of data or temporary use of the affected machine, but it may cause the computer or server to fail altogether.

    This Isn’t the first CPU exploit Intel has suffered and they’re not the only ones battling attacks to their hardware, with AMD also announcing news of their own “CacheWarp” vulnerability that allowed attackers to gain root access to Linux Virtual Machines. So, if you thought these types of attacks were limited to Windows, think again. In this case the vulnerability only affects 1st through 3rd generation EPYC processors, the 4th generation is not vulnerable in this case.

    Also, with the AMD vulnerability it’s also important to note that while a patch is available for just the 3rd generation EPYC processor. For 1st and 2nd generation there is no mitigation available. As with Intel it’s not expected that the patch will have any effect on the CPU performance.

    Both companies have been very quick to patch these aggressive vulnerabilities and attacks like these highlight the need to make sure regular patching is a primary component of any tech service plan. Below are 5 key components we recommend when it comes to proactive technology support

    Proactive care is often a tough sell, with many business owners not feeling the need to spend the money on proactive tech care as these things “won’t happen to them”. It’s important to note that many attacks that occur are widespread and have no specific target in mind. If you have unpatched equipment in your office, you may be a sitting duck to any widespread attack issued to a vendor you use or because you bought a certain kind of hardware that ended up having a vulnerability. These attacks are ones of convenience not of malice as is often misconstrued.

    Even if it can be recovered from, why take the chance? Having a partner like Valley Techlogic to make sure vulnerabilities like the ones in this article are patched as soon as a fix is available means you will never be part of the eye-opening statistic about businesses who suffer a major breach. If you’re not aware, 60% of businesses close after a cyberattack. Don’t let that be you, reach out for a free consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Discord.io data breach sees 760,000 users information stolen and an end to the service

    Discord.io data breach sees 760,000 users information stolen and an end to the service

    If you’re not familiar with Discord, it’s a chat service that first opened to the public in 2015 and quickly grew in popularity having a base of 3 million users just one year later in 2016. Now in 2023 there are over 150 million users, and the platform has been valued at $7 billion.

    Discord filled a niche that had been previously left vacant since chat services like AOL and MSN were discontinued. In the early 2000’s to 2010’s forum-based communication rose in popularity and left many chat rooms empty.

    Now as trends have changed, chat has seen a resurgence in popularity with Discord acting as a vector for many special interest groups to gather and discuss their hobbies, or for consumers to follow live updates about a product they’re interested in and even speak directly with its creators and get an inside look into the development process. No matter what your interest is, gaming, home improvement, DIY, art, music – there’s probably a Discord channel dedicated to it.

    Discord.io was a third-party website that allowed users to find and share chat channels, we’re unfortunately saying was because after the breach they announced their services would be closed for the “foreseeable future”.

    On the website it says “”We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,”. They’ve also listed the information that was released in the breach which included users encrypted passwords, their email and username, and even billing and payment information if they partook in a premium membership through the site.

    While they’re not directly associated with Discord, this breach will still have an effect on Discord itself not just because this service has been discontinued but because of the overlapping data Discord and a Discord-centric third party application will have.

    The unfortunate rub of it is when you utilize third party vendors for the products and services you use you’re sharing the same information with them as you are with everyone else, and a breach through an outside vendor can effect you as much as a breach to your business directly.

    That’s why it’s important to vet your vendors and have protections in place to limit the effects a data breach can have. Protections can include:

    1. If the breach involves financial data that could be used for identity theft, consider freezing your credit. This will limit the damage someone can do with your identifying information. If you’re not ready or aren’t able to freeze your credit, then we suggest credit monitoring at the very least (often provided for free by banking and credit card companies).
    2. Don’t use the same password from one account to another. As we mentioned, password data was leaked in the Discord.io breach. While it’s encrypted data which is a good protection, many of these passwords will be cracked, and the people who purchased this information will try the password on users other accounts such as their email. If you use a different password for all of your accounts in unison with a password manager then a password leaked in a breach will only effect one account, greatly limiting the damage that can be done.
    3. Similarly to above, to protect your accounts from intrusion you SHOULD be using MFA (Multi-Factor Authentication). We recently posted another article outlining the benefits of MFA, but in a nutshell if a hacker has gotten enough information about you from data breaches they may be able to utilize it to gain access to your accounts – even WITHOUT a password. MFA will stop most hackers in their tracks.

    Even with protecting yourself, it’s still a good idea to try to limit the funnel of information about you or your business that can unknowingly end up on the web through third party breaches. Here are 5 additional ways to protect your data:

    Want to learn more about how to recover from a data breach, boost your cyber security readiness, or gain additional insight in the kinds of questions you should be asking your vendors about your data? Valley Techlogic can cover all these topics and more. Schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • BEC Scams are becoming increasingly more common, and the payouts more lucrative

    BEC Scams are becoming increasingly more common, and the payouts more lucrative

    BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

    We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

    You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

    The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

    CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

    When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

    So how do you protect yourself from a Business Email Compromise scam in 2023?

    1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
    2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
    3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
    4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
    5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.

    Many of the defense strategies against a BEC attack involve employee training.  Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

    Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

    Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.