Menu

Tec-Discussions

Check out the newest discussions

Tec-Refresh at Interface Charlotte

We had a ball playing “Tec-Jeopardy” with attendees and showcasing their cybersecurity, data storage, IT and consulting services. Take a look!

Ready To Go For Interface Charlotte!

Big day today and tomorrow at Interface Charlotte and we’re ready to show attendees how we can meet all their IT network, program management, cyber security and consulting needs!

IMG_0478 IMG_0477

CEO Efrem Gonzales in California CEO Magazine

Take a look!

calceo-logo-WIDE1-e14314500331891

Three Ways To Survive A Ransomware Attack

Ransomware.Efrem Gonzales,Microsoftt,Bitcoin,FedEx, the UK’s National Health Service, Spain’s Telefónica and others, WannaCry,Tec-Refresh,cyber securityThere’s been a great deal of talk about the recent WannCrypt/WannaCry ransomware attack. The virus targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. The result was more than 230,000 computers in more than 150 countries hit, including FedEx, the UK’s National Health Service, Spain’s Telefónica and others.

The biggest issue for those affected was that it all could have been avoided. Microsoft issued a “critical patch” for its newer operating systems nearly two months before to remove the underlying vulnerability. In other words, improper network management was the bigger culprit in this incident.

Take the lessons to be learned here. More to the point, here are three ways that companies can ensure the likes of a WannaCry-type of attack doesn’t wreak havoc on their organization.

Read the rest here.

Tec-Jeopardy at Interface Charlotte

If you’re in the area, be sure to stop by our booth at #Interface Charlotte.

You can test your security knowledge and play Tec-Jeopardy. Register today at http://www.interfacetour.com/evites/cha/tecrefresh.htm.

Burst_Cover_GIF_Action_20170607122827 IMG_20170607_123019 IMG_20170607_123124

Get To Know Tec-Refresh

We’re excited to show what we do on behalf of our valued clients, but it’s not always feasible for folks to come to us.

So let us come to you in this video:

Tec-Refresh Launches Southern California Security Operations Center

Facility will conduct threat hunting, practice scanning in addition to 24/7 monitoring

iStock_000040640028_Medium

Tec-Refresh, a nationwide provider of IT infrastructure, cyber security, data and networking solutions and support services, announced today the opening of its Security Operations Center (SOC) in Southern California.

The facility will conduct threat hunting and practice scanning in addition to the traditional monitoring and response services that are provided by typical offerings.

“We cater to the mid-tier enterprise market, and their need for robust services like this are growing fast,” said Efrem Gonzales, Founder and CEO of Tec-Refresh. “Standing up a SOC in Southern California allows us to cover not just the region, but also the country with a state-of-the-art center that will operate around the clock in support of our valued clients.”

The SOC is manned 24/7/365 by qualified, in-house staff that will perform the following services:

  • Real-time monitoring
  • Data flow analysis
  • Continuous active vulnerability scanning incident investigation, and response
  • Malware analysis
  • Proactive threat hunting
  • Alert analysis and triage
  • Firewall management
  • Network management
  • IDS/IPS management
  • Backup-as-a-service
  • Disaster recovery
  • Disaster-recovery-as-a-service

“Most important, though, is that our SOC teams will be performing active threat hunting and practice scanning on our clients’ networks,” said Miguel Martinez, Director and Lead Security Architect at Tec-Refresh. “It’s not enough to just watch activity logs anymore. Today’s cyber attackers are sophisticated and well financed. Our mission is to proactively and regularly evaluate how well defended our customers are in defending against threats.

About Tec-Refresh, Inc.

Tec-Refresh designs, delivers and supports technology solutions that become the foundation of its clients’ businesses. This includes network storage, cyber security, managed services, virtualization and data infrastructure solutions. The company is headquartered in Ontario, Calif., with technicians deployed across the U.S. to serve the needs of customers nationwide. More information is available at www.tec-refresh.com.

###

© 2017 by Tec-Refresh, Inc. All rights reserved. 

8-Point Strategy To Fight Point-of-Sale Cyber Attacks

Retailers have increased their focus on cybersecurity, but point-of-sale (POS) systems are still leaving virtual doors wide open. Old hardware, outdated software and employees with limited awareness of social engineering dangers all contribute to their vulnerability. So does the value of the customer data stored in them — such as credit card account information and social security numbers. 

To secure their businesses, retailers need to gain a better understanding of POS cyber risks and strategies to counter them.

Non-Cash Payments Bring Convenience and Cyber Risk

From 2012 to 2015, non-cash payments increased by 5.3%. Leading the pack were debit card purchases followed by credit cards, ACH transactions, and check payments. That number is expected to increase in the coming years. Retailers that do not adapt to this consumer-driven trend risk losing sales.

But with technology comes vulnerability. This past August, numerous hotel chains including Intercontinental, Starwood, Marriott, and Hyatt were all targeted by hackers. Consumer credit card numbers and passwords were compromised. Days later, outdoor clothing retailer Eddie Bauer fell victim to the same POS attack, which affected millions of consumers.

Steps to Prevent POS Attacks

A later analysis of the aforementioned attacks revealed some important POS security measures were lacking (including, in the case of Eddie Bauer, not installing chip-based technology). While it’s unclear whether these hacks could have been entirely prevented, the incidents do provide some important security lessons:

  1. Better third-party vendor management. Major POS security breaches have been tracked back to third-party vendors. Limiting access, enabling two-step authentication, changing access passwords, creating temporary access, researching third-party backup plans and monitoring software access are all vital steps.
  2. Stay up to date. An alarming number of POS systems are running on unsupported, outdated operating systems — making them a hacker’s playground.
  3. Weak or no network security. Running a POS system on the same network as an unsecured application is always risky. Segregating a POS system prevents hackers from finding network flaws to exploit in a data heist.
  4. Encrypt. Encryption is one of the best ways to secure information. Only invest in POS systems that support data encryption. Some POS systems require separate encryption services (this is something to note when shopping for POS options).
  5. Irregular maintenance. Rapidly changing technology requires regular updates to POS system software. A consistent maintenance schedule that checks for system updates and associated security measures will markedly reduce cyber risk.
  6. Test. With threats changing constantly, test security often and regularly to find and close vulnerabilities as they open up — before a new exploit is developed to expose it.
  7. Educate employees. Your first line of defense, employees need to be taught to recognize social engineering scams and avoid clicking on email links and attachments from suspicious-looking sources.

Building a Winning Strategy

POS attacks can be costly to revenue and customer trust. But businesses that want to get ahead in an increasingly digital retail environment need to support electronic transactions — despite the cyber risks. A partner of Fortinet and security solutions provider to the commercial sector, Tec-Refresh has the expertise and best-of-breed technology to help your retail business better manage POS cyber risk. Contact us.

Three Ways To Survive A Ransomware Attack

Young Asian male frustrated, confused and headache by WannaCry ransomware attack on desktop screen, notebook and smartphone, cyber attack internet security concept

By Efrem Gonzales

There’s been a great deal of talk about the recent WannCrypt/WannaCry ransomware attack. The virus targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. The result was more than 230,000 computers in more than 150 countries hit, including FedEx, the UK’s National Health Service, Spain’s Telefónica and others. 

The biggest issue for those affected was that it all could have been avoided. Microsoft issued a “critical patch” for its newer operating systems nearly two months before to remove the underlying vulnerability. In other words, improper network management was the bigger culprit in this incident.

Take the lessons to be learned here. More to the point, here are three ways that companies can ensure the likes of a WannaCry-type of attack doesn’t wreak havoc on their organization.

Be Diligent In Security Updates

Establish processes to upgrade equipment systematically. This doesn’t mean to accept updates or set your gear to download modifications automatically. Nevertheless, your company should formalize stated policies and procedures that consistently looks at updates and their potential impacts — both good and bad — to your network. Prioritize which ones — especially ones deemed “critical” — to implement. Set up a “proof of concept,” or test environment, before going live with any updates.

Identify Roles and Responsibilities By Name

Highlight specific individuals by roles, job duties and the equipment they manage. This also helps orchestrate how data will flow through the network. Go a step further by empowering your team to take ownership of particular aspects of the network and incentivize their efforts to keep it operating in a highly efficient and protected environment.

Segment Your IT Network

Should a hacker infiltrate one area, it is far less likely their disruption will spread across your entire landscape. Segmenting the network can also make it easier to maintain your IT infrastructure. You’ll detect abnormalities, such as an unusually high level of activity or traffic at odd hours, faster and create fixes for them in quicker fashion.

As important, though, is how your organization segments its IT assets. Don’t arbitrarily decide what equipment and data are housed in one area versus the other. Keep servers and workstations separate. Doing otherwise defeats the purpose of segmentation. Otherwise, a user who takes a phishing bait will allow the perpetrator to bypass all protective firewalls and access to the entire server farm in short order.

While we don’t know when the next attack will come, it will be prudent to surmise that one is coming and organizations that haven’t keep a keen eye on their system’s network vulnerabilities will become victims.

About the Author: Efrem Gonzales is the Founder and CEO of Tec-Refresh, a nationwide provider of IT infrastructure, cyber security, data and networking solutions and support services. He can be reached at efrem.gonzales@tec-refresh.com.

Android Phone Hacks Could Unlock Millions of Cars


Kaspersky security researchers find missing security safeguards in nine different connected car apps. The post Android Phone Hacks Could Unlock Millions of Cars appeared first on WIRED.

Read More…

Cloudy With a Chance of Poor Network Performance

Many strategies are employed to isolate VNF resources to ensure performance and scale, each of which comes with its own certain risks and trade-offs. This white paper explains those isolation strategies, and why they might not work as intended.

Read More…