Tag: hackers

  • We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

    The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:

    1. The cost of cybercrime is predicted to hit $10.5 trillion by 2025
    2. Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
    3. It takes on average 287 for cybersecurity teams to detect and contain a data breach
    4. Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
    5. DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021

    That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

    Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

    We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

    To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

     

    Valley Techlogics Cybersecurity Checklist
    Click to grab the full size version.

    Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

    If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Last month we released our new cyber insurance report which is an in depth look into this topic, but we wanted to touch on what we’re specifically seeing so far in 2022 in today’s article because from what we’re seeing in from our clients and in the industry – cyber insurance requirements are on the rise.

    If you’re new to cyber insurance or aren’t sure what’s covered under this sort of policy, for most insurance providers cyber insurance offers coverage for technology related disasters. This could include a cybersecurity event such as ransomware or a data breach but depending on your level of policy it might also include IT related downtime not related to cybersecurity such as internet outages. You may even see coverage for specific device issues, such as the loss of an office server that’s critical for day-to-day operations.

    When it comes to the cybersecurity related coverage what many people don’t realize is it’s not only meant for covering your own losses, but also the potential loss incurred by your customers. If you have a data breach, your cyber insurance coverage will cover the cost of any litigation brought by your customers and it may also cover items such as on-going credit monitoring if their PII (personal identifying information) was exposed in the data breach your company suffered.

    It can be easy to feel detached from a loss you haven’t suffered yet. To put some perspective to, it during the Anthem data breach in 2015 when involved 80 million patient records, their costs to notify their customers (which HIPAA regulations stipulate must be done by snail mail) exceeded $40 million in just postage. That’s not even taking into consideration all of the other costs associated with that breach.

    They’re a major corporation, so again it may be difficult to imagine yourself in those shoes, but even for small companies the average costs are as high as $200,000 per breach. Also, if you’re hit with a ransom and think you can just pay it and get out intact, think again. Many times, even if you receive the de-encryption key from the hackers your data may still be lost.

    It’s not surprising that insurance providers are looking at this and wondering how they can alleviate some of the risk they’re taking providing insurance to customers going forward. The requirements are increasing, even for us as a technology provider for businesses we’re seeing longer forms that we’re assisting our customers with when they go to acquire a new cyber insurance policy.

    These longer forms are featuring more difficult questions as well. We have made cybersecurity a staple feature of our plans so our customers are in a good place for obtaining a cyber insurance policy, but the truth is if cybersecurity has been on the back burner for your business, you may have a difficult time in 2022 and beyond finding an insurer that’s willing to cover you.

    As an idea of where to start before you go to obtain a cyber insurance policy, we’ve created this checklist of items you can begin to work on to put your business in a better position this year.

    Be Cyber Insurance Ready in 2022
    Click to grab the full size version.

    Many of the items listed are easy for even someone who’s not very tech savvy to tackle, but if you’d really like to protect your business from hackers this year, we suggest teaming up with a tech provider like Valley Techlogic.

    Cybersecurity is a core focus for our business, we will match your business with a cybersecurity framework that makes sense – for example CMMC for defense contractors, HIPAA for healthcare providers, NIST or CIS for small and medium sizes businesses of any industry – and use that framework to have a concrete game plan for making sure your networks and devices are impenetrable to bad actors. Learn more today with a quick consultation

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    News is moving fast on the Log4J vulnerability, also known as “Log4shell”. It was first discovered in the video game Minecraft, developers realized hackers could exploit the vulnerability to gain access to the targeted computer and take it over. They quickly released a patch but also made a disclosure that brought the exploit to the public’s view.

    The Cybersecurity & Infrastructure Security Agency (CISA) has now made a running repository that lists all of the software and devices vulnerable to this exploit. There you will find guidance on patching the effected products.

    So, what is the Log4J vulnerability and what does it do?

    It all stems from the building blocks that are used when a programmer is creating their code. Programmers will take bits of code that commonly available and used to act as a foundation for the program they’re trying to write, and in this case one of those foundational bits of code was Log4J. Log4J is used by Java to create a log of activity for the device it’s running on. It copies everything that happens as the program runs, and it makes sense that the vulnerability was initially discovered in Minecraft (a Java based game).

    This communicative bit of code is found in many different programs, which is why it could be devastating if it was widely exploited. Hackers would be able to send a message to the “Log4J” effected product giving it commands. This would essentially allow them to take over the device and have full access.

    Minecraft Isn’t the only thing based in Java either, Java is an extremely popular programming language and bits of it can be found in almost everything. Created in 1995, Java can be found on everything from your own personal laptop to the supercomputers used to solve complex scientific equations. 9937 companies openly report including Java in their tech stack, including Google, Airbnb, Amazon and more.

    Java is also the preferred language for mobile applications, such as Android. Any business interested in having a mobile facing application (which they absolutely should considering mobile devices command the highest percentage of the worldwide web traffic at 54.8%) will need to utilize Java to accomplish it.

    This is so much to say, Java is in nearly everything which makes an exploit that targets a common component of it a recipe for disaster.

    All is not lost however, now that the exploit has been discovered many businesses are working furiously on patches and notifying their customers. You can check the CISA link found at the beginning of this article to keep track of what’s being done by specific businesses.

    Click to open the full size version.

    This ordeal is a good reminder to stay up to date on patches that are offered by the software you utilize, but if you’re running a business, orchestrating patching across many different devices company wide can be much more difficult.

    Valley Techlogic offers preventative maintenance in all of our service plans, as well as disaster recovery services if the unthinkable does occur. Learn more today by scheduling a short consultation with us.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Hackers and the holidays, US government warns ransomware doesn’t take days off

    Hackers and the holidays, US government warns ransomware doesn’t take days off

    As you prepare to take some time off to enjoy with your families (especially if a certain health crisis kept the festivities to a minimum in 2020) it’s important to take some steps to make sure your business is still protected in your absence.

    The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory yesterday to businesses and consumers alike, warning that hackers often take advantages of holidays and other times people may let their guard down to wreak more havoc.

    The advisory included a warning of a possible increase on the following cyber threat events:

    1. Phishing attacks: That email from your Aunt Beth seeing if you’re going to bring the green bean casserole with a “Google Form” to check it off may not be what it seems to be.
    2. Fraudulent site spoofing: Especially for sites that may be seeing increased traffic due to holiday shopping (Black Friday anyone?).
    3. Unencrypted financial transactions: An easy way to check, is to look for the S in HTTPS, don’t enter your financial data into unencrypted websites.

    Beyond attacks aimed at individuals, attacks aimed at businesses also tend to rise during the holidays and on weekends.

    Such was the case for the attack on Kaseya, which occurred over Fourth of July weekend in 2021, and the Colonial Pipeline hack happened during Mother’s Day weekend the same year. Hackers realize there is less coverage on the weekend and during Holidays and they have taken advantage of it to great success.

    It’s not just large businesses that are a target either, many wannabe hackers have day jobs too and more time on their hands during the holidays to target businesses that could be local to them. That includes yours.

    So, here’s a list of things to check off before you leave the office this week to enjoy some well deserved time off.

    Holiday Crisis Checklist
    Click to view the full size version.

    As you can see, our number one recommendation is knowing who is going to cover your business if a cyber event does happen while everyone is home for the holidays. If you try to think of who that person is and you either come up empty or maybe it’s you, that’s a problem.

    Another problem is if your normal IT coverage is on a one time or break fix solution basis. The service you normally use could either be too swamped themselves to help you during the holidays, or maybe they’re taking time off too and are simply unavailable to help you.

    This is where having a contract with a technology service provider could really save the day during a crisis. When you have a contract with a business to provide your technology services, they’re bound by the service level agreement (SLA) you sign at the start of service. They will be better equipped to help your business if there’s a crisis – even during the holidays.

    If you’re in the Fresno, Modesto, Sacramento or anywhere else in the Central Valley and aren’t really sure who you would turn to if a technology crisis occurred during the holidays, Valley Techlogic is here for you. Learn more today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Yesterday, Facebook experienced their worst outage since 2008

    Yesterday, Facebook experienced their worst outage since 2008

    Yesterday if you were trying to login to Facebook, Instagram, WhatsApp or even Oculus VR you wouldn’t have had much luck. Facebook experienced their worst outage since 2008 (when a bug caused the site to be down for an entire day). They were down for just over 6 hours as a world that suddenly found themselves with more time on their hands speculated why.

    For a brief period, the domain Facebook.com was even for sale if you performed a search for the domain on a domain name search website.

    While many thought it could be an attack on their networks, such as what’s been happening in the VoIP sector lately, others speculated the outage was related to the fire Facebook has been under lately for their business practices.

    On Sunday, Facebook whistleblower Frances Haugen – a former Facebook project manager – went public on how Facebooks policies prioritize profits over their user’s wellbeing. She was the person responsible for the massive data dump that showed Facebook’s algorithms even optimize for hate speech. She noted these problems also exist at Google and Pinterest, other companies she’s performed similar duties for, but that the problem is much worst at Facebook.

    Mark Zuckerberg Meme
    There have been no shortage of memes taking shots at Facebook founder Mark Zuckerberg following the outage.

    Hearings begin this week analyzing the whistleblower findings, particularly as they relate to children on these sites. Amid the controversy Facebook has shelved plans for an Instagram Kids app, though Facebook claims the delay is so they can better analyze the needs of children and parents before moving forward with the app.

    The main crux of the case has to do with both the deluge of data and how major players such as Facebook (and likely beyond) serve that data to their users. It’s a tricky situation because you don’t want to stifle free speech but promoting hate speech and negative imagery, especially to vulnerable audiences such as children, is also wrong.

    There is so much more to the case then we can get to here but suffice to say hearings such as these play an important role in how we as a society consume and regulate data.

    Back to the topic at hand though, after being down for 6 hours Facebook finally emerged although they did so with little in the way of answers as to why their domains were down to the first place. They’ve issued an apology for the outage but beyond that silence.

    Experts who have weighed in speculate the issue had to do with Facebooks DNS (Domain Name System), and anonymous comments that have surfaced from employees said they don’t think the downtime was caused by an attack.

    Some reports have even said during the outage functions inside Facebook offices ground to a halt, with some employees being unable to even use their keycards which could have also contributed to the lengthy delay in fixing the problem.

    Outages such as these should cause even smaller businesses to take a hard look at their technology practices. If Facebook, with the resources they have available, can be brought to a standstill for hours over potentially a small issue such as DNS how would your business fare when faced with a similar issue?

    Downtime adds up, but it doesn’t have to. Having a partner in technology like Valley Techlogic is the number one way your business can avoid the hassle, expense, and embarrassment of lengthy downtime. Find out more today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, adns, n IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • It’s Not Your Imagination, Ramsonware is On the Rise

    It’s Not Your Imagination, Ramsonware is On the Rise

    We have talked about several major ransomware events over the past year, but these were far from unique. Ransomware and cyber security events have been on the rise lately and it’s been made abundantly apparent that NO ONE is immune to them.

    From the yet to be officially validated Kia Motors attack, to the narrowly avoided disaster with a Florida Water Plant. No attack had more widespread coverage for a while (including by us) than the SolarWinds breach that seems to go deeper and deeper. These are just a few in a massive list of growing ransomware events that have happened to companies of all sizes. If you think your business is too small to be a target think again.

    According to this Datto report, one in five small businesses will experience a ransomware event. While larger businesses may be eyed as prized targets by hackers, most of the time they also have the staff and resources to put up a better defense against cyber security threats. This makes them much harder for hackers to infiltrate.

    A lackadaisical attitude towards being hit by a ransomware can cost your business big time. Ransomware extortion amounts continue to skyrocket, with the average demand in Q3 2020 being $233,817 according to the cybersecurity firm Coveware.

    If you’re thinking a demand like that could bankrupt your business, you’d be correct in that fear. 60% of small businesses will go out of business within 6 months of a cyber security attack.

    We have made an infographic with statistics on cyber security threats in 2021 so far.

    Infographic on Cyber Security

    We’re not presenting this facts to you in an effort to make you feel hopeless, there is a way to prevent an attack from hitting your business in the first place. The ONLY way to avoid a serious cyber security threat is to have proactive cyber security prevents in place. Many business owners cannot achieve this on their own.

    Cyber security prevention is an ongoing process, it’s not just installing a virus scanning software and configuring a firewall and calling it good. Business level cyber security protections can be complex to configure and manage.

    Your business has more hardware, more data and more assets to protect. Comparing it to what’s needed to protect a home PC network is apples and oranges. If you’ve just been crossing your fingers that it won’t happen to you that’s NOT a good idea, because statistically there’s a good chance that it will.

    If your business needs assistance in a cyber security plan that’s not just about checking boxes or relying on hope but actually protecting all of the valuable systems you need to run your day-to-day operations, reach out to Valley Techlogic today.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • The Solar Winds Rabbit Hole: What’s happened and what’s next?

    The Solar Winds Rabbit Hole: What’s happened and what’s next?

    In most situations where a massive hack or breach has occurred, trying to get a handle on what has been compromised or even what is still compromised can be a challenge.

    It’s unfortunately been our experience that in most cases things almost end up being worse than they initially look. Hackers are smart and if they can remain in your systems for a long time, they can get more to either use against you in a ransomware attempt or even leave breadcrumb behind to get back in your systems and hit you again.

    This is why we will always say prevention is key, but sometimes despite your very best efforts a breach occurs. We think this is certainly what has happened in the case of the massive Solar Winds breach that is still being unraveled weeks later.

    CyberSecurity NewsEven detection’s put in place by the NSA failed to detect this hack in time, and as of this week Microsoft was even included in it as it’s been exposed that some of their source code was revealed in the breach.

    Hackers grow more and more sophisticated by the day and it requires a full-scale team effort to prevent your business from either an attack aimed at it specifically, or as the case has been with Microsoft, being looped into a breach that’s occurring to a vendor you may use.

    Attacks from foreign bodies aren’t even very rare, international hacker networks are taking a growing lead in cyberwarfare. While most of these attacks are acts of espionage, if the payoff is lucrative enough hackers will strike anywhere.

    It’s unknown what the real damage from the Solar Winds hack will end up being, or what if anything will come from the exposure of Microsoft source code, but we think this should serve as a wakeup call to anyone who doesn’t take the topic of cybersecurity seriously.

    Here are some things you can begin to do to make your business more secure in 2021.

    1. Have a Hardware Firewall like SonicWall. A hardware firewall makes it easier to have universal rules for your whole network versus having to configure rules for each device.
    2. Enable Core Isolation and Trusted Platform Module (TPM) on your Windows 10 Devices. These protocols will work in tandem to help stop malware and ransomware on your Windows 10 Devices.
    3. Also Enable Group Policy Settings with the Group Policy Editor. With group policy settings you can stop employees from doing things like opening attachments or random .exe files. You can also use group policy to prevent unknown USB devices from being used on work devices. Basically, group policy can prevent a lot of the activities that lead to ransomware or malware in the first place.
    4. Use Next Level Multi-Factor Authentication with a Hardware Key. We believe strongly in Multi-Factor Authentication (MFA) and the next step to that could be introducing the use of hardware keys to your business, a hardware key is a token that won’t allow you to unlock a device without it. Most hardware keys will also work in conjunction with software MFA like LastPass.
    5. You should Vet your Vendors, Even the “Bigger” Ones. As this Solar Winds breach has shown us, big or small a breach can happen to anyone. While you’re working on handling cybersecurity on your end you should also question the vendors you use as to what their cybersecurity policies are and what their plan is if a breach were to occur.

    This is by no means an exhaustive list but like we usually say, starting is a great first step. If you’d like an information packet of the Cyber Security services Valley Techlogic can provide, reach out to us today! Our comprehensive Cyber Security plan addresses all these topics and many more.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!

  • 3 Reasons You Want to Offer Cyber Security Training to Your Employees

    3 Reasons You Want to Offer Cyber Security Training to Your Employees

    Our blog is no stranger to the topic of cyber security. We’ve covered recent breaches, malware, and easy things you can do to stay safe on the internet and keep your devices free of viruses.

    But what about the human element? It’s estimated that 90% of data breaches are caused by human error. We know that sounds high and you may be thinking how that can be possible.

    How hacking works
    Credit to xkcd.

    We’re all aware of the trope of the genius hacker who can hack someone’s machine without them knowing AND without them doing anything on their side. For the most part this is just not true. There are ways for them to access your machine undetected by you, but most of the time you will be involved in some way

    An example would be a sneaky malware attached to innocuous looking file (like an executable disguised as a PDF that looks like it’s coming from a coworker or friend whose email they spoofed). Examples like this are exactly how most bad actors are getting into the victim’s system.

    What’s worse, they may not act right away. They may wait weeks or months gathers as much data as possible before striking, so they don’t just take YOU down but your business as well.

    Another way is shown in the above comic, if a data breach happens on a site you frequent they will have your credentials for that site. The hacker will then go on to try those credentials on other sites such as email providers and banking websites.

    This is why cyber security training is so important, you can have the best software in place to try to mitigate the human element, but bad actors will always be doing their very best to thwart that software. Having your team prepared properly is the only way to fully protect you and your business from a cyber-attack.

    That training will cover topics such as good password hygiene (vary your passwords!) or how to use 2 factor authentication as just two examples. Some cyber security training providers will even conduct simulated phishing attempts so you can see first hand how easy it is to fall victim to one and how to avoid it.

    To sum it up here are the 3 reasons we think cyber security training is a great idea.

    1. It protects your business. Your employees will make the right choices if they receive a sketchy email or link to download something (such as forwarding it to your IT team instead of clicking on it).
    2. It will make the software and programs you have in place for cyber security already more effective if your employees know how to properly use them (instead of possibly ignoring or even bypassing them).
    3. It will allow you and your employees to stay up to date on recent or emerging threats so if there is something out there that is hard to avoid, you will know how to handle it.

    You may be wondering where to go for cyber security training, and to be honest the best place to start is your IT Team. They should be taking the time to explain the systems they’re putting in place and how to use them in layman’s terms for you and your team.

    We even create free resources for our clients such as our one page cyber security checklist (found here).

    Your IT Team may even have a recommendation for the best online training you and your employees can attend. Two that we have personally worked with are ID Agent and Breach Secure Now. They both offer online training and even dark web monitoring.

    In whatever way you go about it making cyber security training a necessary element in your business is taking a proactive stance against cyber-attacks.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!