Tag: cybersecurity advice

  • 8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    We all know about good hygiene practices for ourselves and our homes, but what about practicing good cybersecurity hygiene? What does the word hygiene mean when applied to a digital context?

    When we think of hygiene for cybersecurity it’s the essential items needed to practice the bare minimum in cyber threat prevention, we’re strong advocates for advanced cybersecurity threat prevention and believe you can never be too protected – however these 8 items will in many cases prevent the vast majority of outside threats. As a bonus? The only thing you’ll need to spend to enact these in your business today is a little time.

    1. Use Strong and Unique Passwords
      Implement complex passwords and enable multi-factor authentication (MFA) for added security. We have a guide for what a strong password looks like and how to utilize MFA here.
    2. Regularly Update Software and Systems
      Keep your operating systems, applications, and antivirus software up to date to patch vulnerabilities.
    3. Educate Employees on Cybersecurity Best Practices
      Train staff on recognizing phishing scams, suspicious emails, and safe browsing habits. Interested in cybersecurity training for your business? Valley Techlogic includes it (at no additional cost) in all of our plans.
    4. Limit Access to Sensitive Data
      Implement role-based access controls and grant permissions only to those who need them.
    5. Enable Firewalls and Antivirus Protection
      Use firewalls, antivirus programs, and other security tools to prevent unauthorized access.
    6. Backup Data Regularly
      Perform frequent backups and store them in secure, off-site locations to prevent data loss from ransomware attacks.
    7. Monitor Network Activity
      Use intrusion detection systems and regularly review logs for unusual activity.
    8. Implement Secure Wi-Fi and VPN Usage
      Use encrypted Wi-Fi networks and require VPN usage for remote employees to protect data transmission.

    Implementing these 8 cybersecurity threat preventions will protect your business from most attacks, but if you’re looking to go a little further below are 4 cybersecurity benefits included with all Valley Techlogic service plans:

    Want to learn more? Schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • Zero trust or zero effort, how does your businesses security stack measure up?

    Zero trust or zero effort, how does your businesses security stack measure up?

    Have you been working on strengthening your cyber security stack in your business or crossing your fingers and hoping for the best? How much protection is really enough?

    There are a lot of remedies for improving cyber security out there, but which ones present the best value for your business, and what constitutes a “zero trust” environment?

    If you’re just starting out, these 10 items will greatly improve your business’s cyber security safety in a short amount of time (we call these “best practices”):

    1. Use multi-factor authentication. This one is obvious, but we still see it not being employed regularly. Multi-factor authentication is generally extremely easy to enable (often times just a checkbox) and it greatly improves the safety of that account. When we’re talking about accounts like your business email, or your banking account it’s a no brainer.
    2. Use a password manager. This is another easy one to employ but people still ignore it, or even worse they use the password manager built into their browser. We’re not saying that’s completely wrong, especially if you’ve started using stronger passwords because of it. It’s still a good idea, however, to use a password manager that’s not directly connected to your system. Often times the same password or biometric you use to log onto your computer is the one used to unlock your browsers password database, so if someone has breached the device all those passwords will be available to them too.
    3. Employ Biometrics. Speaking of biometrics, they can be an improvement over passwords when it comes to a physical devices security. Especially for mobile devices, most of us access our work emails, banking accounts, etc. through our phones. It’s very easy to lose a phone, so making that phone unusable to whoever finds it (or has taken it) is a good idea.
    4. Don’t give everyone admin privileges. Not every employee needs all the keys to your kingdom, limit admin access only to those who really need it so if you do have a breach the damage can be limited as well. This is a key component of a zero trust environment (which we describe in the chart below).
    5. Communicate your goals and train your employees. Loop employees into your increased cyber security efforts and provide training, no one wants to be responsible for a cyber-attack in their workplace but without training employees can become unknowing and unwilling threat vectors.
    6. Monitor network activity. Now we’re starting to get into the more challenging topics, monitoring your network activity can be a very effective way of noticing early when something is amiss. There are tools out there that can do this monitoring for you and provide warnings if suspicious behavior is detected (like a device being logged in after hours when it never usually is).
    7. Use encryption. It’s pretty easy to use encryption in email or with sensitive documents (again often just a checkbox) but it’s an effective way to make sure sensitive data doesn’t fall into the wrong hands.
    8. Use backups. Again, in the same vein of protecting your data having automatic backups will greatly increase your chances of recovering after a cyber-attack. Especially if those backups were stored offsite (such as cloud backups). We wrote an article on the best ways to manage your OneDrive storage (which is included in your Microsoft 365 subscription) here.
    9. Regularly patch your devices. Many of your vendors actually provide security protections for you via their patches, which more often than not are addressing specific security concerns that have been identified. Patching costs nothing but your time and the benefits are ten-fold compared to the costs of a security breach in your business.
    10. Have a security audit performed. The best way to address the holes in your security plan is to have a reputable IT company perform a security audit. Valley Techlogic is a provider of these audits in the Central Valley and you can request a consultation here.

    Performing these ten activities in your business will greatly improve your cybersecurity effectiveness across the board, but if you’ve reached the bottom of this article and have realized you do all of these you may be wondering what’s next? Or perhaps you’ve heard of zero trust but aren’t sure what that entails, here are the key components to having a zero-trust cybersecurity environment:

    We address ALL of these topics in our new book, Cyber Security Essentials, which covers all the components of a cybersecurity framework and how to implement them in your business. You can see a preview of the book in the video below.

    [youtube https://youtu.be/jlBAoq4tLNc]

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Be careful what you download, malware has made it to Google Adwords

    Be careful what you download, malware has made it to Google Adwords

    Downloading applications from trustworthy sources is something that has been drilled into most of us as internet safety 101, and many of us would consider the top link on Google to be a trustworthy source.

    However, hackers are now taking advantage of that and pushing ads that contain their malware disguised as legitimate applications.

    Initially reported on by cybersecurity firm Cyble last month, their report found that a malware called “Rhadamanthys Stealer” is being spread through Google Ads that allegedly lead the user to download Zoom, Notepad++, AnyDesk and more.

    This malware is also being spread the typical way through email when attached to a PDF. It makes it clear that there is no one way to spread malware and that users need to be vigilante when downloading anything – whether that be a typical .exe or email file attachment.

    The goal is usually financial, with the hacker either “ransoming” the users device or merely spying in the background as they collect data they can sell or use to steal financial credentials. The attempts at stealing data may even be multifaceted and include all three.

    So how can you protect yourself? The first is in knowing how it works, Google ads has requirements for posting so these bad actors are placing ads for legitimate looking “front page” sites that mimic what you were looking for, which then immediately redirects you to the one containing malware.

    So one clue would be if the URL drastically changes during your browsing (and paying attention to the URL and knowing the URL you were trying to reach would squash this attempt altogether). In many cases you can confirm a sites true URL through Wikipedia and it’s a good idea to save it if it’s a site you visit regularly.

    Another way to block these is exceedingly simple, just utilize an ad block on your browser. Ad blocks block Google advertisements as well, so your research will be more likely to contain legitimate results. Many ad block extensions will also block popups too.

    Google has also offered their own advice on blocking “malvertising” and have included a way to report illegitimate websites. It goes without saying these sites are in violation of Googles advertising rules, which include rules against auto-redirects.

    As it becomes increasingly harder to avoid malware infections, many offices are scrambling with how to best protect office devices from being unintentionally used as a threat vector. Employee training is still your best protection but as this article illustrates, even tech savvy employees may have a difficult time avoiding all threats.

    That’s where a Valley Techlogic service plan comes in, we offer proactive cybersecurity protection in the following ways:

    Proactive Cybersecurity through Valley Techlogic

    If you would like to learn more, schedule a consult with us today and we’ll go over how we can help your business increase your cyberthreat awareness and protection capabilities.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • October is Cybersecurity Awareness Month, now in its 18th year

    October is Cybersecurity Awareness Month, now in its 18th year

    We’re announcing this a bit late, but we did want to touch on this annual event (now in its 18th year). Every year CISA (Cybersecurity and Infrastructure Security Agency) releases new resources that are free to download and share for Cybersecurity Awareness Month. The theme this year is “See Yourself in Cyber” and we appreciate the effort to help everyone understand that cybersecurity measures are up to all of us to maintain.

    So many cybersecurity measures feel very passive, you’re protected by your anti-virus or firewall automatically. Your IT team helps you navigate any issues that make come up. For businesses, advanced cybersecurity threat protection can detect a threat just from activities that fall outside the norm (like your computer being online at three in the morning) and send you a warning.

    Unfortunately, hackers are always trying to circumvent these automatic measures no matter how advanced they become. The human element is still the biggest cybersecurity threat to your network and business. That’s why acknowledging we all have a role to play in preventing cyber threats is so important.

    CISA recommends four important steps we all need to take online:

    1. Think Before You Click: Before you click on that link in an email or download an attachment, do a little research. Is the sender who you expect it to be? Phishing emails are still the #1-way users are hacked.
    2. Update Your Software: This is good common-sense advice; most patches also include important security updates and it doesn’t take very long to install them (and for Windows devices you can even have them run automatically).
    3. Use Strong Passwords: This is another easy one and if you use one of our password manager recommendations, it’s even easier to create stronger passwords that you don’t have to manually remember.
    4. Enable Multi-Factor Authentication: This is CISA’s fourth tip for this year and lucky for you we have a guide for this too.

    These tips may seem simple, but they will be hugely beneficial to preventing a cyber threat for you, your business or your employees. However, you can take it a step further and engage with cyber security training.

    You may be wondering what that would look like, well you’re in luck. We have a sample training session right here for you to review with your employees:

    This is just a quick sample lesson; through our partner we have bite sized lessons that include video that you and your team can take to beef up your cybersecurity knowledge. They average 2-3 minutes long with a quick quiz at the end to make sure the knowledge was absorbed, and you can even see your employees average scores to see how everyone is doing.

    If you incentivize taking this training it will not only be a team building opportunity, it will also help your business stay safe from cyber security threats. If you’d like to learn more about cybersecurity training or stepping up your cybersecurity measures in your business (including the aforementioned advanced cyber threat detection) reach out today for a consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Our top 10 safety tips for mobile devices

    Our top 10 safety tips for mobile devices

    There’s a popular misconception that mobile devices are somehow more resistant to hacking and cyberthreats than PCs (personal computers) or other standalone devices, this Isn’t exactly true.

    In today’s age, anything connected to the internet can be tampered with or hacked. The age of the “Internet of Things” (IoT) is here and there have even been cases of web connected devices like appliances being hacked and used to gain access to data within your household or office.

    Your cell phone or tablet are really just smaller computers. Whether you have an Android phone or tablet or stick to Apple products, you still need to take precautions when visiting websites or opening emails and attachments as you do with your laptop or desktop. Plus, because these devices are much more portable you even should take extra precautions when taking it out in public.

    Here are our top 10 safety tips for mobile devices:

    1. Always lock your phone when you’re not using it. Setting up a pin, facial recognition or fingerprint recognition will also add another layer of security.
    2. Keep your software up to date. Just like with computer updates, phone OS updates often include important security patches to keep your device safe.
    3. Only download applications from secure sources. Questionable applications can lead to your phone being compromised, and even with applications from a known good source (like the Google Play Store or the Apple Store) only give them as many permissions as they need to function and no more.
    4. Install an Antivirus on your phone. Many may not know antivirus software Isn’t limited to computers, but there are antivirus solutions for computers that will include a phone version bundled together.
    5. Be careful with public Wi-Fi. Open public networks are open to everyone – including hackers who are able to see everyone who’s connected. Only use them if absolutely necessary.
    6. Same goes for public phone charging. Hackers can tamper with or even setup fake cellphone charging stations in a scheme known at “juice jacking”, when you plug your phone in it installs malware on your device. If you need extra battery power, consider carrying a power bank with you.
    7. Just like with your PC, vary your passwords. It can be more difficult to create good passwords on your phone, luckily the same applications like LastPass (our recommended password manager) you use on your PC for password management also have mobile versions.
    8. On the upside 2FA is even easier on a phone than a PC. Many 2FA applications like Google Authenticator are cellphone based, making 2FA even easier to use on your phone.
    9. Be careful what data you save to your phone. Many of us save our payment information to our phones for easier checkout but if your phone is compromised (or stolen) than all that information is now in the hands of a bad actor. It’s might be worth reconsidering saving that information, especially details for something like your bank account or anything that can’t be easily changed.
    10. If you are going to take some risks (like using public Wi-Fi) consider a VPN. Virtual Private Networks (VPN) can encrypt your data, making it a little safer to use public Wi-FI.

    We also have some safety tips for your IoTs devices in this chart:

    Click to view the full size version.

    If you have mobile devices connected to your business’s office network, it’s worth evaluating whether there is any risk involved for your business. There are network security solutions that will apply the same rules for mobile devices as it does for PCs, meaning even if a compromised cellphone connects you will still have protection from the rest of your network being infected. If you’d like to learn more schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • 5 of the Most Important Cybersecurity Training Topics to Cover with Your Employees

    5 of the Most Important Cybersecurity Training Topics to Cover with Your Employees

    We’ve discussed cybersecurity training before and its importance in preventing the number 1 cause of cybersecurity disasters – human error.

    We offer cybersecurity training as a core feature in our tech care plans, but many topics you can (and should) cover yourself with your employees. There couple be rules that specifically apply to your business sector; like HIPAA for healthcare or CMMC for Department of Defense contractors.

    Maybe you’ve experienced a cybersecurity attack before and after the dust settled you came up with a game plan specifically to prevent it from happening again. If it hasn’t happened to you yet, it’s a mistake to assume it never will. In 2021 42% of businesses experienced a cyberattack. It’s a numbers game most won’t win without preventions in place.

    To start, we want to offer these posters we’ve created on two common cybersecurity threat topics, email and malicious attachments. These posters are free for you to print and brand to use in your office or send as a reminder, and these are two excellent places to start when you’re looking to beef up your office security.

    Click to grab the full size version.
    Click to grab the full size version.

    Here are five more training topics all workplaces should also cover:

    1. Like our posters above, email security and having strict guidelines for attachments and downloads is one key thing to focus on in your cybersecurity training efforts.
    2. It’s also important to provide guidance for internet usage while at work. Many employers try to digitally lock this down, but these efforts are usually met with annoyance and disdain from employees and are often in vain. Instead of arbitrarily trying to block everything with software we suggest having guidance about what’s appropriate for work devices (and what Isn’t). We also suggest noting that even if a website looks legitimate it may not be, so they should be wary of sites that ask you to download something or enter private credentials.
    3. This comes to the next topic which is practicing good safety hygiene with work devices. Three easy steps are: Locking your computer when you walk away, only downloading software from work authorized sites, and keeping your device up to date with patching and software updates. They may need assistance with the third step so it’s a good idea to have your IT provider manage workstations if you’re able to (this is something Valley Techlogic providers for all clients).
    4. The fourth step is protecting company data. If you’re employees have to interact with documents that are confidential in nature you should have rules for the sharing of those documents, as well as a comprehensive plan for backing them up safety.
    5. Finally, you should provide guidance on passwords and multi-factor authentication. Having a rule in your workplace that for work accounts they must have multi-factor enabled (or have your IT team enable it across the board) will drastically improve your office’s online safety. We have guidance for this topic here.

    It can feel overwhelming to have all of these topics to cover with your employees, but we cannot overstate how important it is to cover these topics with your employees, even if you think they’re things they should already “know”.

    At Valley Techlogic we have partnered with a platform that not only provides cybersecurity training resources, but it also allows you the ability to create your own training modules. You can even cover topics that fall outside the cybersecurity spectrum. We can also work with your business to assist you in the creation of these training modules, if you would like to learn more schedule a consultation with our sales manager Annette today!

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

    The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:

    1. The cost of cybercrime is predicted to hit $10.5 trillion by 2025
    2. Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
    3. It takes on average 287 for cybersecurity teams to detect and contain a data breach
    4. Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
    5. DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021

    That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

    Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

    We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

    To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

     

    Valley Techlogics Cybersecurity Checklist
    Click to grab the full size version.

    Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

    If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Our Five Best FREE Resources Ranked

    Our Five Best FREE Resources Ranked

    At Valley Techlogic we believe educating our community on internet safety and providing concrete goals for businesses in our area to help improve their cybersecurity measures whether or not they’re covered by a Valley Techlogic plan is a valuable resource our company can provide to make us all a little safer online.

    We’ve provided quite a few free resources and reports over the years, and we couldn’t help but notice which ones really have struck a cord with our audience.

    Here are our top five free resources and reports, ranked by popularity. Bonus, you can grab all of these right from this page, still absolutely free.?

    #5 The Data Contingency Planning Report

    Our Data Contingency Report tells you EXACTLY what you need to have a solid plan for backing up your business’s files. Click to grab the report now instantly.

    #4 The New IT Provider Checklist

    Our New IT Provider Checklist lets you check off the MUST have for your new IT provider. If they don’t cover one or more of these items, you should keep looking.

    #3 Our Section 179 Guide

    Our Section 179 helps you get the best tax benefits from the tech purchases you make for your business. We’ll have the updated 2022 version available later this year.

    #2 Our Cyber Security Framework Overview Report

    Our Cyber Security Framework Overview Report goes over in plain text a number of popular frameworks, CMMC, HIPAA and more.

    #1 Our Cyber Security Checklist

    By far our most popular resource, this no nonsense checklist gets straight to the point on what you need to be fully covered from cyber threats.

    To receive these resources and more, reach out to us to be added to our mailing list. That way you’ll be the first to receive tech tips, free reports and resources and more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.