Tag: cybersecurity awareness

BEC Scams are becoming increasingly more common, and the payouts more lucrative
BEC or Business Email Compromise is a type of phishing scam where the target of the scam receives an email purporting to be someone they know, like a vendor they work with or a colleague. These scams are so common place that the Federal Bureau of Investigation even has a guide to protecting yourself from them.

We’ve even written before on how to spot a typical BEC email and a few ways to combat it, but we would like to circle back to this topic now as we creep into what is typically a very busy time for most business owners – the fourth quarter.

You may or may not be surprised to learn that BEC attacks rose in the fourth quarter last year and we’re not anticipating 2023 to be any different. 2022 even saw a rise in the ever popular “as-a-service” variant of attacks which means would be bad actors could enact their attacks with little actual effort on their part.

The technical know-how required for these attacks is also low, with some of them being as simple as just a variant on your normal phishing scheme but with the end goal being a direct payout rather than the user’s credentials or private information.

CISA (Cybersecurity and Infrastructure Security Agency) even reported on Russian state sponsored bad actors specifically targeting defense contractors using Microsoft 365 with their BEC schemes. Imitating Microsoft support is not a new scam, and like always you should be wary about any support person reaching out to you directly asking for your credentials, but the single-minded focus of this particular scam put government agencies like CISA and the FBI on red alert.

When we say these scams are becoming more lucrative, we definitely mean it, with it being estimated BEC victims lost 2.74 billion dollars in 2022 which was $300 million more than 2021. Like with most cyber attacks we anticipate they’ll continue to rise.

So how do you protect yourself from a Business Email Compromise scam in 2023?
1. Don’t overshare online. BEC is a social engineering scam, so the less information that’s readily available about you on the internet the less able a scammer is to pretend to be someone you know.
2. Forward emails instead of replying to them. As with normal phishing these scams are perpetrated over email. Forwarding emails forces you to type out the email address (thereby guaranteeing it goes to the right person). BEC attacks usually involve spoofing an email address or simply choosing a domain that’s similar to one you may be use to corresponding but having a slight misspelling or rewording.
3. In the same vein, check the sender’s email address before responding at all. You may be able to simply block the scammer when you discover they’re trying to imitate someone else by verifying the email address is incorrect.
4. Secure your own domain against domain spoofing. Many times, the attack is coming from “inside the house”. A very common BEC scam involves one of your employees receiving an email that looks like it’s from you or someone high up in your organization, except it’s not. Registering the domains you use for email will help protect against this very common variety of this scam.
5. Again, in the same vein as our last tip, use a domain that you’ve registered instead of a free email service. It might be tempting to keep using the Gmail address you’ve always used to avoid paying for a domain and email services, but it greatly increases your risk of a BEC attack being successful. Using a free email service allows attackers to create a new email with your name to then tell those you know you just “got a new email”. It would be very difficult to prove this is false without talking to you directly.
Many of the defense strategies against a BEC attack involve employee training. Attackers may not target you directly as the business owner when it’s easier to get to you (and your business) through a weaker link – often employees who don’t have the strategies available to avoid these kinds of scams.

Luckily, Valley Techlogic provides security training as part of our service packages. Below is a list of some of the training topics we cover for our clients:

Cyber security training is quick and is one of the easiest and most effective ways to have an overall safer environment for your business. Learn more about Cyber Security Training through Valley Techlogic as well as other the other cyber security services we offer today through a quick consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 11, 2023
October is Cybersecurity Awareness Month, now in its 18th year
We’re announcing this a bit late, but we did want to touch on this annual event (now in its 18^th year). Every year CISA (Cybersecurity and Infrastructure Security Agency) releases new resources that are free to download and share for Cybersecurity Awareness Month. The theme this year is “See Yourself in Cyber” and we appreciate the effort to help everyone understand that cybersecurity measures are up to all of us to maintain.

So many cybersecurity measures feel very passive, you’re protected by your anti-virus or firewall automatically. Your IT team helps you navigate any issues that make come up. For businesses, advanced cybersecurity threat protection can detect a threat just from activities that fall outside the norm (like your computer being online at three in the morning) and send you a warning.

Unfortunately, hackers are always trying to circumvent these automatic measures no matter how advanced they become. The human element is still the biggest cybersecurity threat to your network and business. That’s why acknowledging we all have a role to play in preventing cyber threats is so important.

CISA recommends four important steps we all need to take online:
1. Think Before You Click: Before you click on that link in an email or download an attachment, do a little research. Is the sender who you expect it to be? Phishing emails are still the #1-way users are hacked.
2. Update Your Software: This is good common-sense advice; most patches also include important security updates and it doesn’t take very long to install them (and for Windows devices you can even have them run automatically).
3. Use Strong Passwords: This is another easy one and if you use one of our password manager recommendations, it’s even easier to create stronger passwords that you don’t have to manually remember.
4. Enable Multi-Factor Authentication: This is CISA’s fourth tip for this year and lucky for you we have a guide for this too.
These tips may seem simple, but they will be hugely beneficial to preventing a cyber threat for you, your business or your employees. However, you can take it a step further and engage with cyber security training.

You may be wondering what that would look like, well you’re in luck. We have a sample training session right here for you to review with your employees:

This is just a quick sample lesson; through our partner we have bite sized lessons that include video that you and your team can take to beef up your cybersecurity knowledge. They average 2-3 minutes long with a quick quiz at the end to make sure the knowledge was absorbed, and you can even see your employees average scores to see how everyone is doing.

If you incentivize taking this training it will not only be a team building opportunity, it will also help your business stay safe from cyber security threats. If you’d like to learn more about cybersecurity training or stepping up your cybersecurity measures in your business (including the aforementioned advanced cyber threat detection) reach out today for a consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
October 27, 2022
Our top 10 safety tips for mobile devices
There’s a popular misconception that mobile devices are somehow more resistant to hacking and cyberthreats than PCs (personal computers) or other standalone devices, this Isn’t exactly true.

In today’s age, anything connected to the internet can be tampered with or hacked. The age of the “Internet of Things” (IoT) is here and there have even been cases of web connected devices like appliances being hacked and used to gain access to data within your household or office.

Your cell phone or tablet are really just smaller computers. Whether you have an Android phone or tablet or stick to Apple products, you still need to take precautions when visiting websites or opening emails and attachments as you do with your laptop or desktop. Plus, because these devices are much more portable you even should take extra precautions when taking it out in public.

Here are our top 10 safety tips for mobile devices:
1. Always lock your phone when you’re not using it. Setting up a pin, facial recognition or fingerprint recognition will also add another layer of security.
2. Keep your software up to date. Just like with computer updates, phone OS updates often include important security patches to keep your device safe.
3. Only download applications from secure sources. Questionable applications can lead to your phone being compromised, and even with applications from a known good source (like the Google Play Store or the Apple Store) only give them as many permissions as they need to function and no more.
4. Install an Antivirus on your phone. Many may not know antivirus software Isn’t limited to computers, but there are antivirus solutions for computers that will include a phone version bundled together.
5. Be careful with public Wi-Fi. Open public networks are open to everyone – including hackers who are able to see everyone who’s connected. Only use them if absolutely necessary.
6. Same goes for public phone charging. Hackers can tamper with or even setup fake cellphone charging stations in a scheme known at “juice jacking”, when you plug your phone in it installs malware on your device. If you need extra battery power, consider carrying a power bank with you.
7. Just like with your PC, vary your passwords. It can be more difficult to create good passwords on your phone, luckily the same applications like LastPass (our recommended password manager) you use on your PC for password management also have mobile versions.
8. On the upside 2FA is even easier on a phone than a PC. Many 2FA applications like Google Authenticator are cellphone based, making 2FA even easier to use on your phone.
9. Be careful what data you save to your phone. Many of us save our payment information to our phones for easier checkout but if your phone is compromised (or stolen) than all that information is now in the hands of a bad actor. It’s might be worth reconsidering saving that information, especially details for something like your bank account or anything that can’t be easily changed.
10. If you are going to take some risks (like using public Wi-Fi) consider a VPN. Virtual Private Networks (VPN) can encrypt your data, making it a little safer to use public Wi-FI.
We also have some safety tips for your IoTs devices in this chart:

Click to view the full size version.

If you have mobile devices connected to your business’s office network, it’s worth evaluating whether there is any risk involved for your business. There are network security solutions that will apply the same rules for mobile devices as it does for PCs, meaning even if a compromised cellphone connects you will still have protection from the rest of your network being infected. If you’d like to learn more schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
September 29, 2022
We have updated our most popular resource for 2022 and have an offer you won’t want to pass up
As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:
1. The cost of cybercrime is predicted to hit $10.5 trillion by 2025
2. Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
3. It takes on average 287 for cybersecurity teams to detect and contain a data breach
4. Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
5. DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021
That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

Click to grab the full size version.

Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 21, 2022
Our Five Best FREE Resources Ranked
At Valley Techlogic we believe educating our community on internet safety and providing concrete goals for businesses in our area to help improve their cybersecurity measures whether or not they’re covered by a Valley Techlogic plan is a valuable resource our company can provide to make us all a little safer online.

We’ve provided quite a few free resources and reports over the years, and we couldn’t help but notice which ones really have struck a cord with our audience.

Here are our top five free resources and reports, ranked by popularity. Bonus, you can grab all of these right from this page, still absolutely free.?

#5 The Data Contingency Planning Report

Our Data Contingency Report tells you EXACTLY what you need to have a solid plan for backing up your business’s files. Click to grab the report now instantly.

#4 The New IT Provider Checklist

Our New IT Provider Checklist lets you check off the MUST have for your new IT provider. If they don’t cover one or more of these items, you should keep looking.

#3 Our Section 179 Guide

Our Section 179 helps you get the best tax benefits from the tech purchases you make for your business. We’ll have the updated 2022 version available later this year.

#2 Our Cyber Security Framework Overview Report

Our Cyber Security Framework Overview Report goes over in plain text a number of popular frameworks, CMMC, HIPAA and more.

#1 Our Cyber Security Checklist

By far our most popular resource, this no nonsense checklist gets straight to the point on what you need to be fully covered from cyber threats.

To receive these resources and more, reach out to us to be added to our mailing list. That way you’ll be the first to receive tech tips, free reports and resources and more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 11, 2022
10 scary cybersecurity statistics business owners need to know
Halloween is approaching and we thought it would be appropriate to cover some bone chilling cybersecurity statistics business owners NEED to know to protect their business.

Cybersecurity is something we all know we need to do more about but also don’t like to think about, however for business owners’ avoidance won’t make the threats any less real.

Take a look at our web of cybersecurity statistics and read on to learn how they can make a mess for your business (and what you can do to fix it).

Click to view the full size version.

While these statistics are scary, we already suspect you’re thinking “it won’t happen to me”. The reasons business owners come to this conclusion are numerous but the top 3 we’ve encountered are.
1. My business is too small.
2. I’m not in a sector that’s targeted by hackers.
3. Even if I was hacked, I don’t have anything they would want.
That last one is a real headscratcher for us. What business operates without any financial data? What about your personal data and that of your employees? Your customers? That’s all valuable data on the dark web.

The scariest statistic of all that wasn’t included in our chart is that 60% of businesses fail following a cybersecurity event.

Preventing an attack is crucial for your business, remediating an attack after the fact is not a clear-cut solution. Usually not all of your data can be recovered, you can’t make up for the lost time spent dealing with the attack, and if it becomes public your reputation may never be what it once was.

There are easy solutions you can put in place today that will reduce your risk dramatically.
1. Educate your employees about phishing emails, this is one of the biggest sources of threat events.
2. Ensure two-factor or multi-factor authentication is required on company systems and devices.
3. Have a company wide password policy that includes not sharing your password with others and coming up with complex yet memorable passwords that can’t be brute forced by a would be attack.
If it’s all overwhelming and you don’t know where to start, we don’t blame you. Navigating the complicated world of cybersecurity is really something that business owners should let a professional handle. If you’re in the Central Valley, Valley Techlogic can be your partner in security and more. Learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, adns, n IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
October 28, 2021