(713) 682-4000 sales@westecservices.net

Phishing Scams During the Holiday Season

What Are Deepfakes?

What is Cloud Jacking?

Top 3 Cybersecurity Threats Businesses Have Faced in 2020

What is HTTPS?

Misleading password meters could increase risk of data breach

How to Spot Phishing Attempts

How to Prevent Malware

When Should I Update My Passwords?

How to Avoid a Spear-Phishing Attack

Posts Tagged ‘cybersecurity’

Phishing Scams During the Holiday Season

With holiday’s right around the corner, this makes for a scammer’s perfect opportunity to conduct phishing scams. Researchers have stated that this year, phishing scams are going to increase significantly. More phishing scams are done via mobile devices, making it easier than ever to have your information stolen. But how do we protect ourselves during this vulnerable time? 

 

Phishing Scams

Phishing scams are intensified during the holiday season due to the high traffic of online shoppers and the urge for people to look for deals. One popular way scammers do this is by sending emails or text messages about an offer that is too good to be passed up. For example, they list a popular technology device for cheap. Most people would just look at the price and proceed with the scam. Another scam is when they mimic bigger companies online to get credit card information or being able to log onto the device when a certain URL is clicked. These mainly happen through emails. They might send an email about a recent fake purchase to get you to click on the URL. These scams are going unnoticed and can do lots of harm. It is important to know how to prevent these scams and protect your information. 

 

Prevention 

It is inevitable that these scams will make their way to you. One way to identify a scam is to check the grammar of the message. Usually scams will be misspelled or the message came from a third party source. This is the easiest way to quickly identify the scam. 

 

Be cautious about providing personal information such as phone numbers or credit card numbers. Make sure before you provide information that it is a reliable and trustworthy source. 

 

If a phishing scam is sent to you, it is best to not respond. A response to these scams lets the scammer know you are a ‘real’ person and will likely be targeted again. If this does happen, there is an option to report the scam to the Spam Reporting Service. 

 

Holidays make for a great time to buy gifts for loved ones, but this also means it is more likely to come across a phishing scam. It is important to know how to identify the scam and how to prevent and protect yourself. 

 

Scams can be irritating and hard to effectively prevent them. WesTec services can help you in any way. We offer skilled expertise in all technologies and are ready to help. Contact us for any further information on phishing and how to protect yourself. 

What Are Deepfakes? - WesTec Services

What Are Deepfakes?

With the advancement of technology over time, new types of cybersecurity threats emerge for consumers and businesses to worry about. Lately, deepfake cybersecurity breaches have become more common. According to Tech Beacon, deepfakes are defined as “synthetic media in which a person in a video or audio is replaced with someone else’s likeness or voice.” This type of threat can ruin businesses quickly due to how convincing the synthetic media are.

The Dangers

Due to the advancement of artificial intelligence (AI) and machine learning, cyberhackers and criminals can create false audio and images pretending to be you or another coworker. Hackers are so precise, they can perform flawless impersonations. The frustrating part of the process is that if you don’t know this is a false video call or audio, hackers can easily obtain the information they need. Once financial details or unreleased company information falls into the wrong hands, it can be disastrous. 

Experts found that deepfake hacking methods have increased by 84% between December 2018 and October 2019. Research estimates $250 million in losses, as a result of deepfake hacking for the 2020 fiscal year.

 

Why It’s Popular Among Hackers

Businesses still struggle with high-level email phishing scams, making deepfakes harder to prevent. Due to the lack of knowledge surrounding this threat, deepfakes are becoming a new favorite method for cybercriminals who have the time and patience to implement this method. Deepfake hackers attack businesses in these ways:

  • Impersonating clients or suppliers asking for payments
  • Pretending to be supervisors and business owners, asking for fund transfers or sensitive information
  • Using fake blackmail audio and videos for extortion
  • Presenting fake pictures, videos, and audio files on social media to create slander campaigns

 

The Solution

The first step in preventing deepfake attacks is to be aware it is a method of cybersecurity destruction. Once you are informed, the next question is how you can protect your business. There are a few available solutions, like Deeptrace or Cogito. These software programs can be expensive for small- and medium-sized businesses. For those on a limited budget, here are some things to consider executing immediately:

  • Educate staff members about deepfakes, reporting odd situations before proceeding with any actions asked
  • Add two-step verification to your system for emails, phone calls, and video sessions, ensuring none provided over these communication methods are used over existing ones
  • Strengthen security measures for cybersecurity, adding systems if you currently have none or looking into upgrades for your current system
  • Add additional steps for fund transfer verification — this helps ensure the transfer is supposed to occur and can save your business thousands of dollars, if not.

Taking action now is the best thing you can do for your business. Employees and business owners should also periodically check in on the issue to see if better methods of protection are discovered. 

 

As new threats arise, you must be proactive! At WesTec Services, our IT professionals want to help you safeguard your business and its assets. If you’re unsure how to get started, contact us today.

Don’t forget to follow us on FacebookTwitter, and LinkedIn!

What is Cloud Jacking? - WesTec Services

What is Cloud Jacking?

With the rise of COVID-19, cloud-based remote work has become increasingly popular and necessary. With new and emerging cloud-based technology comes new cybersecurity threats, like “cloud jacking.” 

What is Cloud Jacking? - WesTec Services

What is cloud jacking?

Cloud jacking occurs when a hacker steals the information of a cloud account holder and gains access to the server. Hackers often use this act as a means to conduct criminal activities, such as identity theft.

Because businesses often store confidential, sensitive information on cloud servers, they are major targets for cloud jacking. When it relates to sensitive information, these kinds of security breaches can be devastating for a business’ clients, partners, and reputation. Cloud jacking is not simply a one-time offense, as it creates a web of victims.  

What is Cloud Jacking? - WesTec Services

How do I protect myself against cloud jacking?

There are several things you can do to protect your business, clients, and partners from falling victim:

  • Require strict, multi-factor user authentication
  • Limit internal access to your cloud server
  • Perform background checks before granting anyone access to your cloud server
  • Backup all data stored on the server, in the event that there is data loss
  • Use encryption to secure all data before storing on your server
  • Require all users to create strong, secure passwords
    • Here are the properties of a strong password:
      • The longer, the better
      • A combination of lowercase and uppercase letters
      • Numbers and symbols
      • Avoid words or terms that could be easily linked to your identity

 

The professionals at WesTec Services want to help you protect your network and business. We provide vital business technology and consulting services that can be tailored to your needs and budget. Interested in learning more? Contact us today!

Don’t forget to follow us on Facebook, Twitter, and LinkedIn!

 

Top 3 Cybersecurity Threats Businesses Have Faced in 2020 - WesTec Services

Top 3 Cybersecurity Threats Businesses Have Faced in 2020

As we make new advancements in internet technology, hackers are getting smarter! Therefore, it is crucial that you stay informed on emerging cybersecurity threats. WesTec Services has compiled a list of cybersecurity threats to be aware of:

 

Cloud Jacking

As remote work has become more popular and necessary as a result of COVID-19,  cloud jacking has become more prevalent. Cloud jacking occurs when a hacker gains access to your cloud server. Often, hackers will hijack cloud accounts to steal identities and conduct unauthorized or illegal activities. Cloud jacking should not be taken lightly, especially if you store sensitive, confidential information on your cloud server.

 

Endpoints 

In the past, centralized security measures were enough to protect a network from security breaches. However, the introduction of mobile phones and laptops posed new security threats — and brought awareness to security vulnerabilities (or “endpoints”). Using encryption, endpoint security seals any vulnerabilities in a network’s connection. This additional layer of security protects against threats if an infected device connects to the network. However, with the rise of remote work, we are seeing an increase in endpoint interception, as many are using mobile devices and laptops on networks that are not secure.  

 

Phishing

Phishing is still alive and well in 2020! Hackers are now targeting small businesses with spam emails. These emails will appear to be from companies that sell a product or service that may be of interest to small businesses — and of course, upon the user clicking a link or downloading a file, their computer has been infected. Furthermore, some emails will provide a link that prompts the user to enter their log-in credentials for a familiar website, while even displaying a reCaptcha security pop-up to appear more credible and secure.

 

It is important to use the internet with care. Cybersecurity threats can cause a variety of issues for your business, ranging from system failure to productivity loss. At WesTec Services, we believe there is power in educating yourself. As a business owner, you should familiarize yourself with potential threats and educate your employees on internet safety. Have questions about cybersecurity? Contact us today!

What is HTTPS?

What Is HTTPS? - WesTec ServicesYou have likely seen the acronym “HTTP” while navigating the internet. HTTP (Hypertext Transfer Protocol) appears at the beginning of a web address and supports data transfer between the web browser and website.  You may have also seen the acronym “HTTPS” and wondered, “What’s the difference?” Hypertext Transfer Protocol Secure (HTTPS) derives from HTTP and is an encrypted security certificate that protects sensitive information in data transfer. HTTP refers to a standard, unencrypted server, while HTTPS indicates a server is secure. HTTPS is a necessary extension if your website requires log-in credentials or the entry of private information. Without HTTPS, hackers can easily extract sensitive information.  As the need for internet security increases, web browsers like Google and Yahoo! take HTTPS quite seriously. If you do not have this security certificate, your website will be flagged “not secure” – and who wants to enter their credit card information on a website that isn’t secure? Don’t fall victim to a security breach. Educate yourself on how HTTPS works and why it’s important:  

How It Works

HTTPS simply takes HTTP and adds a layer of SSL protection. SSL (Secure Sockets Layer) is a connection that encrypts and decrypts a user’s requests and responses. SSL ensures that communication occurring between the user and the website server cannot be read or extracted by hackers.  

What Is HTTPS? - WesTec ServicesWhy It’s Important

Since its inception, the internet has changed life as we know it. With the introduction of e-commerce, we no longer have to leave our houses to shop for the items we need – we simply fill up our “cart”, enter our credit card information, and wait 5-7 business days for our items to arrive. We no longer have to mail a check or pick up the phone to pay our bills – we can conveniently pay our bills online! When we create a social media account or fill out a job application online, we are surrendering information like our full names, addresses, social security numbers, and more. Because HTTP websites are more susceptible to hacking, it is imperative that we make the transition to an entirely HTTPS web. We can have peace of mind, knowing that our personal information is safe. Additionally, HTTP does not protect against malware infection. When a website is infected with malware, its users are at risk of being infected as well.   A cybersecurity threat can cause data breach, system failure, and ultimately impact your reputation and productivity as a business. Therefore, it is important that you educate yourself on internet safety. The IT professionals at WesTec Services can answer any questions you may have about cybersecurity. Contact us today!
Misleading password meters could increase risk of data breach - WesTec Services

Misleading password meters could increase risk of data breach

A Password meter is an indicator of the strength of a password entered by a user on a website. In most cases, meters estimate the amount of tries necessary for your password to be guessed by an attacker by factoring in password length and complexity. A University of Plymouth study tested 16 of the most encountered password meters on the internet to test their effectiveness. Based on the results, here are a few tips on how to keep your passwords secure, regardless of an “approval” given by the password meter:  

Do not always trust the password meter

  Just because a password meter says “strong password” does not mean it is. The meters can be helpful but are also extremely flawed, giving you a sense of false security. When deciding on a password, do not base it solely on the rating given by the website.   

Avoid using keyboard patterns

  On many password meters, passwords such as “querty”,  “abc123”, and “Password” sometimes cannot be detected as problematic. Common letter combinations, such as going down a row of the keyword or commonly used words, are easily guessed and not always flagged on the meters.   Misleading password meters could increase risk of data breach - WesTec Services

Make passwords complicated and personal

  The most secure passwords are those with a combination of uppercase, lowercase, numbers, and symbols. Choose combinations that seem difficult to guess by an outside person or computer. The more complicated and seemingly random the password, the stronger it will be.
  In addition to character variation, do not use the same password for all of your accounts. Change up your passwords so that if one is discovered, not all of your information is at risk. 
  Secure your valuable data with the protection it deserves. Do you part to protect your information with a strong password, WesTec is here to do the rest. WesTec Services is dedicated to providing the highest quality of IT consulting as well as backup disaster and recovery planning. Give WesTecCall a call today to discover more about our available services.   
How to Spot Phishing Attempts - WesTec Services

How to Spot Phishing Attempts

Are you sure that email came from a real company? Individuals are commonly targeted by cybercriminals claiming to be a large organization, copying the format legitimate companies and phishing for personal information. This poses a real security threat to recipients but thankfully, there are steps you can take to spot phishing attempts:  

Recognize

When it comes to identifying phishing attempts, there are a few important things to learn. Scammers are constantly switching tactics and creating new ways to trick email recipients. Upon receiving a possible phishing email, check the sender for a domain email. If you have received an email from the person before, check to make sure alterations have not been made to the spelling of the name or email domain. Many scammers adjust a number or letter in the email to trick the recipient. Real companies will not ask you for sensitive information over email. Most legitimate companies will call you by your name in the email, redirect you to a secure webpage, and ask you to log in before asking for or updating sensitive information.   How To Spot a Phishing Attempt - WesTec Services

Protect

Install proper security measures on your personal computer. While spam filters attempt to sort legitimate emails in your inbox, cybercriminals try new methods to slip through the cracks and outsmart this system. If your email account or other websites offer a multi-step authentication option to prove your identity before accessing your information, always take advantage of this. Take any extra opportunities to better secure your data and ensure it cannot fall into the wrong hands. In cases where you are unsure about the legitimacy of a message and files or hyperlinks are included, do not click on or open them. These often contain malicious software that attack your computer and gain access to information.  

Report

If you find yourself in a situation with what you believe to be a phishing scam, contact the company using an email or number you know to be real. The company could confirm if that email was truly sent by them or not. If you have received a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. You may also report the phishing attack to the FTC at ftc.gov/complaint. For your business technology needs, WesTec Services is here to provide the security and support you need. Contact us by phone at (713) 682-4000 or by email at sales@westecservices.net to discuss what we can do for you.
How to Prevent Malware - WesTec Services

How to Prevent Malware

When your computer slows down or begins acting in an unusual way, it may be infected with a virus or malware. While most malwares are annoying, others may be malicious and hijack your computer’s information. Here are some tips to keep your hardware safe and prevent your computer from becoming infected.

Install Anti-Virus Software

Installing an antivirus or anti-malware software is the first step to protecting your computer. Without some type of protection software, your computer is an easy target for hackers. It is important to make sure the software stays up to date as well. For the best protection, install updates regularly as they alert you on your computer.

Run Regularly Scheduled Scans

You should be scanning your computer regularly with the anti-virus software you install. To best protect your computer, schedule your scan one night every week. Make sure your computer does not shut down automatically or go into hibernation mode to ensure the scan completes.How to Prevent Malware - WesTec Services

Use a Secure Network

Always use a secure network for computers to connect to files, printers or internet. Using an open network makes it easier for hackers to access your information. This means you should avoid using your computer at places that offer free WiFi. If your business likes to offer complimentary wifi to customers, consider offering a guest wifi with a different password than your main network for added protection.

Think Before You Click

Good protection software will automatically scan any links or unusual emails on your computer. However, it does not hurt to always be cautious when opening an email from an unknown sender or making sure a link is taking you where it says it is.

Use Multiple Strong Passwords

Finally, never use the same password for all of your important accounts. We often use the same email address or username for all accounts. Knowing this, it becomes crucial to use multiple strong passwords to prevent hacks. Your passwords should be easy to remember, difficult to guess, and always avoids dates or names.

Following these tips can help protect your computers and information from viruses and malware. For more information on how WesTec’s IT experts can help your business keep its information safe from hackers, contact us.
When Should I Update My Passwords? - WesTec Services

When Should I Update My Passwords?

Sometimes, accounts will ask you to update your passwords for security reasons. This often feels like an unnecessary task meant to make your life more complicated. However, in a world full of hackers and online predators, one must regularly update their password to protect valuable information.

Change Your Passwords Regularly…

When Should I Update My Passwords? - WesTec ServicesBy regularly changing your login information and passwords, you make it harder for someone to steal information. This is increasingly important for accounts without two-factor authentication. Communication accounts, like email and chatting apps, should also be updated every so often for increased protection.

…But Don’t Change Them Too Often

Traditionally, experts recommended you change passwords every 30 to 60 days–this is no longer the case. Mandatory password updates lead to money loss and lack of productivity with minimal security payoff. Now, changing your password doesn’t hold near the protection it used to. Because cybercriminals continue to learn more advanced hardware and software, they can typically discover your password if they look hard enough.

As humans, we tend to create patterns. This is no different in password creation. Typically, we use similar letters, numbers and themes when updating a password. Updating your password too often leads to confusion with little added benefit.

Keep Your Data Secure

As a rule of thumb, update your passwords when there is proof of some sort of security breach or online attack. This includes unauthorized use of an account or evidence of malware. By doing so, you’re preventing a hacker from gaining access into your personal accounts and obtaining sensitive, private information or data.

There are other ways to protect your data. Contact the experts at WesTec Services for more information about our cybersecurity services.

If you’re not sure how to create a secure password that will outsmart the online hackers, read our recent article for tips.
How to Avoid a Spear-Phishing Attack - WesTec Services

How to Avoid a Spear-Phishing Attack

As we discussed in a previous article, phishing is an attack that uses disguised emails as weapons aimed at masses of people. However, spear-phishing is a targeted attempt to steal sensitive information from a specific victim, such as account credentials or financial information.

During a spear-phishing attack, the perpetrator attempts to acquire personal details on the victim’s friends, hometown, employer, hang-outs, and their recent online purchases. This is typically done by disguising themselves as a trustworthy friend or entity through email, social media, phone calls, or text messages.

Because spear-phishing is the most successful form of acquiring confidential information online, it is important to practice how to avoid an attack.

How to Avoid a Spear-Phishing Attack - WesTec Services1. Beware what you post: Review your online profiles. How much personal information is available for potential attackers to view? If there is something you do not want the public to see, delete it, or ensure your privacy settings are properly configured.

2. Use smart passwords: It is not wise to use the password for every account you own. In this case, if an attacker has access to one account, they effectively have access to all of your accounts. Passwords with random phrases, letters, and numbers are secure.

3. Use logic with emails: If an organization sends you a link in an email requesting a specific action or sort of personal information, go directly to the organization’s site rather than clicking on the link. Calling the organization can also help clarify the issue. Real businesses will not email you asking for your username and password.

4. Update your software: Software systems include security updates that should help protect you from spear-phishing attacks, as well as others. If you receive notice of a new update, be sure to take advantage, or enable automatic updates.

  To learn more about how you can protect your data or sensitive information, contact the experts at WesTec.

Mission: WesTec will be a “turn-key” solution for all of its clients’ business connectivity needs. It will offer efficient and effective solutions, directly and with strategic partners, that create tangible value for its clients at every point of contact. Westec will serve all people and entities with a servant’s heart.

Get in touch

2916 West TC Jester Blvd., Suite 104

Houston, TX 77018


(713) 682-4000

sales@westecservices.net

Quick Feedback