Multi-Factor Authentication

To help prevent phishing scams you want to set up multi-factor authentication on your devices. Due to cyberattacks on the rise it is recommended to use identity security and multi-factor authentication. Phishing scams steal credential information and they are the most common way for hackers to gain access to healthcare data. Using multi-factor authentication can prevent the ability to use stolen credentials.

HOW DOES MULTI-FACTOR AUTHENTICATION WORK?

Authentication is typically made up of two things; a username and a password. Multi-factor authentication adds two or more pieces of verifiable evidence or factors to the authentication process. The process is used to greatly reduce security concerns by lowering the chances of an account being accessed by the wrong person. Two-factor authentication is a subset of multi-factor and is a means of authenticating with just two pieces of verifiable evidence or factors. 

There are generally four factors of authentication that we should use today:

  1.   Something you have; a number generator like google authenticator
  2.   Something you know; a password or passphrase
  3.   Something you are; biometrics like fingerprint or facial geometry
  4.   Where you are; GPS location tracked by your phone or IP address location

HARDWARE TOKEN

Hardware tokens are something you have. They can come in many forms. Back in the day the IT people in a company would carry little fobs on their keychains that had a small display with numbers changing

every thirty seconds. That was known as a time-based one time password (TOTP). This is still an option today but most executions of TOTP are implemented using a mobile app or SMS message.

Another popular hardware token is a Yubikey. A Yubikey is a hardware token that is generally plugged into a computer via USB. Some Yubikeys support near field communication which supports devices without USB ports.

BIOMETRICS

Biometrics have become mainstream with fingerprint readers and facial recognition technology that is embedded in mobile devices and laptops. With those implementations biometrics is used as an alternative to the username and password rather than as another factor.

GPS

GPS location is another factor that isn’t used much for multi-factor authentication, but it is frequently tracked to find if accounts have been breached. 

 

About the Author

Experience Audio Video has been serving Orange County and Area since 1999 for residential and commercial audio, video and security camera  installation services. 5 Star Yelp Ratings, Thousands of Referrals, there is not a better choice than Brian Chappell and the Experience Audio Video Team (License #804783). One phone call and you will know right away the difference in working with Experience Audio Video vs. others in the area. Contact us now at 714-744-4455 or info@eav-inc.com for a Free Consultation.

 

by BrianChappell

National Cybersecurity Awareness Month

October is the seventeenth (17th) annual National Cybersecurity Awareness Month and the goal is to raise cybersecurity awareness. This blog will give an overview of pharming. Pharming is a malicious hacking attack. There will also be tips on how to identify this scam and avoid becoming a victim.

WHAT IS PHARMING?

Pharming is a type of cyberattack that redirects a website’s traffic to a malicious site that appears to be a real site. Pharming is often frequently used in phishing attacks. It is used to trick people into sharing login or bank information or other sensitive data. 

The reason that this is effective is because a victim who visits the malicious website can see the valid domain name in their browser. The attacker must then trick the victim’s computer. They do this by going to the malicious website by either making changes to the victim’s computer or changing the destination IP address for a domain name. That is typically achieved by altering the victim’s domain name system (DNS) lookup.

HOW DOES PHARMING WORK?

How pharming works is when you enter an address into your web browser, your computer first checks for a valid IP address. If your computer sees an entry in the hosts file for that website it will go to that IP address. But if your computer doesn’t find an entry for that address your browser will ask your computer’s default DNS server to look up the IP address.

HOW TO STAY SAFE FROM PHARMING ATTACKS

Here are a few tips that can help you boost cybersecurity and stay safe.

  • Enable multi-factor authentication (MFA) wherever it is available. This way if you do get tricked into sharing your information, the attacker will not be able to login to your real account.
  • Keep your router up to date. If your router doesn’t have automatic updates, consider replacing it with a new one that does.
  • Change the DNS settings on your router and devices to alternate

 

About the Author

Experience Audio Video has been serving Orange County and Area since 1999 for residential and commercial audio, video and security camera  installation services. 5 Star Yelp Ratings, Thousands of Referrals, there is not a better choice than Brian Chappell and the Experience Audio Video Team (License #804783). One phone call and you will know right away the difference in working with Experience Audio Video vs. others in the area. Contact us now at 714-744-4455 or info@eav-inc.com for a Free Consultation.

 

by BrianChappell

Online Scammers

Due to the current pandemic most of us are working from home, including criminals and scammers. Criminals and scammers have been gradually more shameless since the stay-at-home orders have been put into effect. With popular television shows such as, “90 Day Fiancé,” “Catfish: The TV Show,” and others depict people being scammed by individuals online who are pretending to be someone they are not. Those scams are commonly known as phishing or catfish scams. These scams don’t just target and affect individuals, but businesses as well.

FALSE EMAILS

A lot of businesses, including law firms, have been targeted with false emails from people portraying themselves as the CEO of the business asking someone to “do them a favor” and buy gift cards or wire money. Most people know that these are scams, but there are some more complex scams. For example, scammers have registered domain names that appear to be very similar to a company’s domain name. 

What the scammers will do is add an extra character to the company’s domain name or trademark or make an easily made mistake. Such as substitute “nn” in the domain name to an “m” or change a “t” to an “f” and therefore create a false, but official looking domain name. Creating a domain name is not difficult or costly which is why these scams are rampant. 

FAKE DOMAIN

There is a similar type of scam that involves the creation of a fake store that mimics the business. They will create a domain name using the business’ trademark and adding a descriptive term. By doing this creates a domain name that appears to be related to the business. 

After they do all of that then they purport to sell the business’ goods at a significantly discounted price to consumers. They will typically do this to steal a consumer’s credit card information or to sell poor quality knock-offs of the business’ goods.

About the Author

Experience Audio Video has been serving Orange County and Area since 1999 for residential and commercial audio, video and security camera  installation services. 5 Star Yelp Ratings, Thousands of Referrals, there is not a better choice than Brian Chappell and the Experience Audio Video Team (License #804783). One phone call and you will know right away the difference in working with Experience Audio Video vs. others in the area. Contact us now at 714-744-4455 or info@eav-inc.com for a Free Consultation.

 

by BrianChappell

Cyber Threats

Not only do you have to worry about physical threats, you also have to worry about cyber threats and vulnerabilities. Vulnerabilities can allow attackers to run code, access a system’s memory, install malware, and steal, destroy or modify sensitive data.

WHAT ARE VULNERABILITIES?

The definition of vulnerabilities is in the previous paragraph. But to put it in simpler terms a vulnerability is a weakness in the software. When manipulated can give an attacker the means to do something malevolent or unlawful.

 WHY SHOULD YOU CARE ABOUT VULNERABILITIES?

Google, Microsoft, and Apple create software updates every month for their devices, smartphones and home computers alike. Some of the software updates add new features, but most of them are to fix bugs or have patches for vulnerabilities. Thankfully your devices will automatically update, and you don’t have to think about it until you need to restart your device. There are three categories of software that every person uses, and each can have its own vulnerabilities:

  1. Operating Systems: all major operating systems; Windows, MacOS, Linux, iOS, and Android.
  2. Software Applications/Apps: Apps in the iOS and Android app store also get automatic updates from the vendor. But just because the app is in the app store it doesn’t mean that the software developer is supporting and updating their apps so be careful what you install.
  3. Firmware: Some systems on your network will have the operating system and software all bundled up into one package called firmware. Firmware is found on devices like smart doorbells or smart light bulbs.

PROTECTING YOUR NETWORK FROM VULNERABILITIES

You might not think about your internet connection. There are six times of systems on a network:

  1. Infrastructure devices: router, switch, wi-fi repeaters/extenders
  2. Laptops and desktops
  3. Gaming systems 
  4. Mobile devices
  5. Network-attached storage, printers and other output devices
  6. Internet of things devices: “Smart” devices like smart TVs, smart light bulbs, smart thermostats, smart doorbells

Just like your computers and mobile devices, these devices have their own vulnerabilities. Some of the developers have discovered and developed patches for the vulnerabilities, while others will be discovered in the future. 

The epicenter of your network is your router. It’s the device that connects to the internet and also protects the devices in your home from regular attacks coming from the internet. The router contains a lot of functionality:

  • Firewall: protects your network from constant attacks from the internet
  • DHCP server: assigns an IP address to each of the devices that connect to your network
  • NAT server: acts on behalf of each device on your network to make requests to servers on the internet
  • Your router also may include a time server, DNS relay, and maybe even a VPN server

 

About the Author

Experience Audio Video has been serving Orange County and Area since 1999 for residential and commercial audio, video and security camera  installation services. 5 Star Yelp Ratings, Thousands of Referrals, there is not a better choice than Brian Chappell and the Experience Audio Video Team (License #804783). One phone call and you will know right away the difference in working with Experience Audio Video vs. others in the area. Contact us now at 714-744-4455 or info@eav-inc.com for a Free Consultation.

 

by BrianChappell

Cybersecurity

Here at Business Security Camera of Orange County we know that a lot of business owners already have cameras setup watching their employees and businesses. But during this tough time most businesses are shut down and the employees are working from home, which brings up more cyber fraud and hacking. 

 

 

Canadian Security has created a blog post, Cybersecurity for the home-based worker

 

“So now’s also the time to also send communications to employees reminding them about basic cyber hygiene best practices, including how to spot social engineering scams – unique to COVID-19 and otherwise – that may appear in inboxes as fraudulent emails, links, or attachments and what steps to take if they encounter one. I’d encourage companies to reach out weekly to their remote workforce with cyber education material and reminders on guidelines put in place to help them remain safe while remote.”

 

Some questions this post poses are:

  •     What should IT departments tell their employees about virtual work/cybersecurity at this time?
  •     Is home Wi-Fi secure enough to handle potentially sensitive workplace info?
  •     How can IT departments equip staffers for home work, especially on short notice or with limited resources?
  •     What are businesses doing if they are not currently set up for mobile work (i.e. using desktops or terminals vs. laptops)?

 

Can you answer those questions?

 

 

 About the Author

Experience Audio Video has been serving Orange County and Area since 1999 for residential and commercial audio, video and security camera installation services. 5 Star Yelp Ratings, Thousands of Referrals, there is not a better choice than Brian Chappell and the Experience Audio Video Team. One phone call and you will know right away the difference in working with Experience Audio Video vs. others in the area. Contact us now at 714-744-4455 or info@eav-inc.com for a Free Consultation.

 

by BrianChappell