IT Password Protection Quick Tips | IT Data Networks

Password Quick Tips – 6 Do’s And Don’ts

We’ve been polling our readers recently for topics of interest. Of course, cyber security and ransomware are hot topics but many of you mentioned that you are interested in quick tips you can follow or use yourself.

You ask – we deliver.

Without further ado – check out these 6 quick tips for best password practices

  1. Create passwords with multiple cases, symbols and numbers. Just be sure to avoid passwords such as “123456”, “qwerty”, “football”, “princess” or “password” – some of the most common passwords in 2016 according to SplashData.
    Password Security - IT Data Services Chicagoland - Cyber Security
  2. Don’t create a password based on personal details such as your birth date, an anniversary, phone number, social security number etc. While not everyone may know these details about you, they are among the first a cybercriminal or evildoer will attempt when trying to hack your account. Even worse, if your password data is compromised, imagine what a cybercriminal could do with that social security information if it was exposed.
  3. Avoid using the same password on multiple sites. We get it, remembering different passwords for all of your different sites and needs is difficult. It is important to create something unique for every login you maintain. Remember, if a hacker gets ahold of your password for one account, the first thing they will do is try that bad boy on bank accounts, social media, emails and anywhere else they can to grab sensitive information or even your hard earned money.
  4. Change your passwords regularly. We suggest changing passwords every 90 days. This can be a pain but if you maintain this practice you make getting into your accounts that much harder.
  5. Do Not keep a list of your passwords on your computer. Keeping a list of passwords is dangerous in any format. You open yourself up to great risk in doing so. The worst method for this is keeping a list of your passwords in a file on your computer. Instead, keep a list of each site and next to it write a specific clue that will only make sense to you. This can help jog your memory without spilling the beans if someone stumbles upon the file.
  6. Use Dual Authentication. Many apps and sites now offer dual authentication as an added security measure. Once you login to your account, you will be prompted for a code (either one you create or a randomly generated code). You put this code into the site as a second proof of your identity. This feature greatly reduces if not eliminates the likelihood of someone breaking into your accounts.

Password Security | IT Managed IT Services Chicago | Password AuthenticationPassword protection is difficult. The average Joe has anywhere from 20-200 passwords. We recognize that is a big gap but even memorizing 20 different passwords is a difficult task. With that said, we would like to provide you with a few useful tools that can free up your memory and manage your password security for you.

Password Managers

There are a variety of password managers on the market. We have used and enjoyed LastPass which comes with a free and premium subscription as well as an app for your phone. If you want to check out a variety of password managers and how they stack up – PC Magazine released their “Best Password Managers of 2017” earlier this month.

Password Security Tests

Platforms and websites do exist that will check the security of your password. There are even some websites out there that will tell you how long a hacker would have to spend to crack your code. Check out our recommended tool here .

Email Alias Tools

We’ve found an interesting tool that can help you keep track of your passwords but also creates aliases for your email address. This is useful because without your email address, a password is essentially useless. Now, of course you don’t want someone to have your password at all but this also helps you keep your inbox clear of spam and unwanted mail.

Any of these tools can help you out. If you have any questions feel free to reach the Andromeda Team Today!

Google Location History - IT Networks - Big Brother is Watching

Holy Big Brother! Google Location History: An All Knowing Function You Probably Didn’t Know You’ve Enabled

Technology has changed our world forever. What’s the first thing you do before you get out of bed in the morning? Chances are it has something to do with your smartphone. These items open up worlds of possibilities but they can also bring issues and privacy conflicts with them. For this month’s IT article we bring you an article from our President and CEO Jeff Borello on the intersection of instant access (google) and user privacy (location sharing) – focusing on something called: Google Location History. Without further ado . . .

Holy Big Brother

Have you ever heard of Google Location History?

Yeah, me neither.

Let me start by saying I am not a guy that cares about intrusions on my privacy.  I don’t care if the government is listening to my phone calls or reading my Emails.  I figure I am not doing anything wrong – so if they are interested in my boring life – so be it.  Especially if it helps them catch some bad guys.

Now, with that said, even I was a little freaked out when I discovered how much Google and my Google App know about my daily movements.

These days, almost everyone has a Google login and is quite often signed into their account – especially from a mobile device.

So, let’s play a little game.  Where were you on January 17th at 4pm?  You probably don’t remember, but if you have location services enabled on your device . . . Google does.

Google Location History is a comprehensive (and by that I mean every detail imaginable) history of places you have visited as tracked and logged by your smartphone’s GPS function.  Besides being comprehensive, it also has a very long memory – like years.

Give this a try to see if Google Location History is enabled on your phone.

  • From a desktop browser, go to (from your phone you need to open the Google Maps App)
  • Sign in to your Google account (if you aren’t already).  Top right-hand corner will either show a Letter (first letter of your login) or a Sign In button.
  • Click the 3-bar menu in the top left corner and select “Your Timeline”
  • If you see some bar graph data there, click the bar for a given day shown from the last month.
    • How long did it take you to get to work that day?
    • Where did you have lunch?
    • Did you walk anywhere during the day?
    • Did you take any pictures?  (Yes, those might be logged in there as well)

See a screenshot below of my recent trip to Nashville.  Yep, lunch at Monell’s (great place BTW) from 12:25 to 2:06 and dinner at 9:14 at the Peg Leg Porker BBQ

Google Location History - IT Networks - IT Quick Tips

Walking, driving, flying.  It knows and records those differently.

So, the obvious question is why on earth would you want something this invasive turned on?  The answer is convenience.  As often is the case, to gain some convenience you need to give up some privacy.

It is this information that Google uses to help you throughout your day.  It will inform you of traffic issues based on your travel habits and places you may visit often.  The more information the system has on you, the more helpful an AI-powered app (Google Assistant) can be.

Okay, I have Google Location History turned on. Now what?

The good news is you do have control over this.  If you aren’t comfortable being tracked, you can turn this feature off.  From the Timeline there is an option to Pause that feature, which in effect disables it until you turn it back on.  You can also delete your entire location history as well, or just delete individual entries if you wish.

Of course, as long as the GPS is enabled on your phone, there are still plenty of apps out there that could be tracking you.  Only truly private solution is to disable the GPS completely (which probably causes you more issues than you think) or just leave your phone at home (yeah, right).

Is Google Location History too much an invasion on your privacy?  That is for you to decide but at least now you’re aware you are under the microscope.

Happy travelling.

Disaster Recovery Plan IT

5 Critical Components Any Professional Disaster Recovery Plan Must Have

We hear a whole lot about ransomware and cyber criminals these days. Andromeda helps our clients combat most data breaches with multi-tiered security solutions and employee training. But, every business is still vulnerable to incident. That is why a full proof and dependable Disaster Recovery & Business Continuity plan is an essential. Before you hit the world wide web searching for DR solutions and backup plans, take a look at these 5 critical components any professional disaster recovery plan must have.

Your disaster recovery plan should consider appropriate business continuity variables.

Disasters happen; they come in many shapes and sizes. Server crashes, accidental file deletion, physical disasters such as fire or flood and the increasingly common ransomware or malware infection are all scenarios.

You must ask two important questions yourself in regards to business continuity:

  1. How much time can pass between recovery points, ie: how much data can you afford to lose; this is commonly known in Business Continuity as RPO – Recovery Point Objective
  2. How much time can pass between the disaster and recovery, ie: how much time can you afford to lose; this is commonly known in Business Continuity as RTO – Recovery Time Objective

Ideally, your RPO and RTO are as low as possible.

A good Disaster Recovery Plan will consider these factors and have various options for restoring files, folders or even whole servers. On top of that, it is important that these options take into account minimalizing data loss and interruption.

Data should be stored both locally and offsite.

Many people have an easy time seeing the value in the offsite backup.  Whether that’s tape drives taken offsite daily, external USB drives treated the same, or data sent to the cloud for storage, it carries with it a feeling of great comfort knowing that “if the building burns down” the data is still safe.

What few realize is what we mean when we speak about downtime, for incidents that are not quite as catastrophic as a burning building. In those cases, it can take an unacceptable amount of time to get your hands on that offsite backup or to download an entire server from the cloud.

With a Disaster Recovery Plan option that offers backups both locally and offsite (cloud based), you are able to restore large quantities of files and entire server images quickly. Your onsite device should also have the capability to virtualize as a temporary server in the event your main server crashes.

Find a disaster recovery plan option that provides multiple restore options

When you think about restoring from a disaster, you may believe that so long as you have a version of your data somewhere, you are secure. In reality though, your recovery time objective can be greatly impacted by the different options available to you after a disaster. A disaster recovery plan with multiple options for virtualization, restoration and data access is an absolute must.

You may have heard the term “virtualization” before. Being able to virtualize your server either on a physical device at your location or in the cloud simply means that you have a temporary solution that will keep your business up and running while you resolve whatever issue corrupted your data, server or situation in the first place.

A catastrophic hardware failure can put your business down for hours, sometimes days. Rushing that process up can incur huge costs as well: rush delivery, emergency dispatch etc. In the event of a hardware failure, a virtual copy of your last backup can be spun up. Once completed, you can resume working swiftly. This quick recovery allows you to deal with hardware replacements, scheduling and budgets in an organized fashion.

A top tier solution will provide you with onsite virtualization and an option to virtualize in the cloud. Cloud virtualization is not as quick and can produce some lag time. Nonetheless, in the event your backups are stolen or disaster strikes your building (fire, flood etc.) – the ability to spin up and virtualize data from the cloud means that your business is not at a standstill.

Find out what type of support a vendor provides for disaster recovery plans.

Your company does not want to struggle to get their files restored.  You can’t wait hours and hours to restore a file you accidentally deleted.  Don’t wait for hours to hear back on the status of a data restore. Your IT partner should understand the solution they are providing and be able to work with you directly. Cut out the intermediary. Ensure your vendor monitors all the warranties, all the software support calls, and all monitoring; ensuring your backups are humming all day every day – as they should be.

Don’t trust just any business continuity or disaster recovery plan solution.

There are literally hundreds of options out there for Disaster Recovery. A quick Google search will give you pages of results.  Comparing them is mind numbing, and if we are being honest . . . who takes the time to do all that?  Your first step is to find an IT partner that you trust. Check their references. See if they have case studies to show how a disaster recovery functions with the product. Ask for a demonstration of the product. This is serious stuff and you need to trust the hands maintaining and protecting your data.

wannacry ransomware prevention

3 Critical Steps You MUST Take To Avoid WannaCry And Ransomware Like It

Last month the world was hit by one of the largest cyber security attacks in history- affecting more than 200,000 organizations in 150 countries. WannaCry ransomware, the perpetrator of this attack, took advantage of outdated patches and software licenses. Infected computers and business owners risked losing critical data if they didn’t pay the ransom.

ransomware lock screen

As cyber security & prevention experts, we are happy to report that not a single client of Andromeda Technology Solutions was affected by this attack because of our security protocols and procedures. The same can’t be said for Cook County.

Industry experts predict that this ransomware attack will hit again. Tech experts remain unsure how the new approach might be deployed – in a similar fashion or with a new “2.0” virus. While the specifics of future cyber security attacks are uncertain, we know some things for sure. Proper protocol is CRITICAL for data security and the safety of your business.

Ransomware: The Numbers **

  • Almost 50% of Small Businesses have experienced some form of cyber attack
  • MORE than 70% of attacks target Small Business
  • As many as 60% of small businesses that experience a data breach go out of business within 6 months.

These numbers are scary. Cyber security demands the attention of business owners globally and the efforts of hackers/cyber criminals are only increasing. These criminals want your money and they don’t care about the damage left behind.

That being said, there is hope and there are measures you can take to prevent your business from becoming a victim of ransomware.

3 Security Protocols You MUST Implement Immediately For The Safety Of Your Data, Your Business AND Your Wallet . . .

  1. Update ALL Microsoft Licenses to Windows 7 At A Minimum & Maintain Up To Date Security Patching – Cyber criminals are no dummies. WannaCry and other viruses like it take advantage of out of date licenses. Too often, business owners sacrifice the security of their network because they don’t want to go through the grief of updating to the latest Microsoft License. Andromeda recommends updating ALL PC’s to Windows 7 at a minimum and, more importantly, make sure you perform regular patch and security updates.
  2. Test & Verify ALL Data Backups – When is the last time you tested and verified your backups? Are you backing up your data at all? How long would it take your current IT provider to get you back up in running in the event of a disaster (virtualization time)? It is a FACT . . . you will be hit by some form of ransomware, malware or virus. The real question becomes, do you have the protocols in place to defend and beat the attack? One of the most important things you can do to safeguard yourself is perform regular backups. (We recommend daily at a minimum). A cybercriminal can’t hold your data hostage if you follow this simple practice. AND – don’t accept a verbal confirmation your data continuously remains backed up as proof. Your IT partner should provide you regular, real time, proof that your data is backed up securely and that it can be visualized in an agreed upon length of time. If your IT provider can’t give these stats and proofs to you, time to find a new partner.
  3. ransomware phishing emailEducate Your Team On How These Attacks Work And Where They Come From – Every office has that one employee that will click on ANYTHING (hopefully it isn’t you). Continued education is one of the first lines of defense against these attacks. Employees should know:
    1. What to look out for
    2. What phishing scams look like
    3. What to do when they suspect an email or link is suspect
    4. NEVER to check personal email at work
    5. Etc.

Proper spam filters set by your IT group should prevent the majority of these emails from getting to your inbox. However, it only takes ONE CLICK and an entire network is infected before you know what happened.

Ransomware Prevention constantly changing, be sure to stay on top of newest trends

When all is said and done, cyber security is an everyday battle. Hackers and criminals will keep attacking until you don’t have something they want. These 3 Security protocols are only the tip of the iceberg and should be part of a multiphase approach implemented by your internal staff and your IT partner. If you have any questions, please reach out to a representative at Andromeda today.

If you’ve found this article on ransomware prevention interesting, you might also want to consider attending our upcoming Executive Lunch & Learn Seminar.

**Statistics sourced from the National Cyber Security Alliance

network security assessment - IT cyber secuirty

Network Security Assessment – The Single Most Important Cyber Security Tool You Are Neglecting Every Year

Why you should have a network security assessment at least once per year

Let’s face it – our digital world is under constant attack and your corporate network is one of the biggest targets out there.  Why?  Because it also tends to be an easy mark.  Year after year we see large scale attacks against corporations, but did you know that the majority of cyber incidents occur against small business? Ask yourself, when was the last time you had a professional network security assessment? We’d like to share why assessments are an important piece of the multi-layered approach to cyber security for your business.

Let’s start by stating something that you might not expect a tech company to express.  At some point, your network and computer systems WILL BE breached by some type of cyber attack.  No amount of effort or software can protect you 100%.  The key is to take as many steps as you can to make it less likely you will be hacked or more realistically, take as many steps to ensure that a breach can do no real or sustainable harm to your business. No approach on the market can guarantee you will never be breached and if you run into an IT firm or product that tries to make this guarantee . . . run for the hills because it just “ain’t” true.

Now, there are the obvious steps that you can take to protect yourself and make it harder on the criminals:

  • good Email habits
  • anti-malware software
  • firewalls
  • employee training
  • a professional Disaster Recover (DR) plan/device

However, there is another tool in the arsenal that you should use regularly and that is an annual (at minimum) Network Security Assessment.

How Is A Network Security Assessment Done?

Your IT support company can do an assessment; they should then give you a risk report displaying areas that need to be tightened up.  If your IT company does not perform these, it may be time to start looking into someone new. Cyber threats are more prevalent every day and it is important to partner with an IT company that recognizes this and protects your business accordingly.

We find that our assessment usually uncovers security threats and holes; even when a business has the right practices and has done their research. Cyber security is a daily battle. When we run our assessment we use the results to constantly improve the defenses of our clients. And that is why, like most things in tech, an assessment should be a regular event.

The Network Security Assessment Is Done. What’s Next?

The network security assessment itself is not the only thing to request though. It is equally important to make sure that your firm supplies you with a report of their findings. This report should be simple to understand, contain an overall score and give you a breakdown of each issue found, along with how serious those specific issues are.  Ask for an action plan detailing fixes for any issues that are found. Why go through the assessment if you aren’t going to DO anything with the data?

How important and helpful are these reports?  We are an IT company with a background protecting our partners from risk, we place protections in place for our partners and still find ways to improve our customer cyber safety every time we run an assessment.

Why?  Because cyber security is a dynamic, ever changing landscape and you need to proactively search for issues. Don’t let yourself learn the hard way. You never want to discover there is a hole in your cyber security by way of an attack or breach.

Interested in a Network Security Assessment?

If this article has you questioning your current setup, or if you are simply interested in starting a conversation regarding the cyber security protections necessary for your business, a network security assessment with Andromeda is a great place to start. With this in mind, we will be discounting our network security assessment thru 05/31/17. Fill out the form below for access to our promotional rate and begin a discussion with one of our security experts.

Fill out the form below to receive a $500 discount on a Network Security Assessment valid for the month of May

public wifi is dangerous for data security

Don’t Use Public WiFi Without Reading These Data Security Quick Tips

We are all guilty of it: connecting to free public WiFi. Whether it is at the coffee shop, hotel or airport, the temptation to check e-mail and surf the web is just too strong to resist. As with anything technology related, free networks pose a number of risks to your data security. Here are a few tips to help you keep your information safe.

Data Security Quick Tips for When Using Public Wifi

Confirm The Network Is Legit –

It is common for hackers to set up fake clones of public WiFi access points. The hacker sets up the clone to get you to connect to THEIR WiFi over the legitimate one made available to you by your neighborhood coffee shop or restaurant. Connecting to a hacker’s access point can expose critical data and passwords. To avoid jumping on an unsafe network, verify the name of the WiFi your location is providing.

Enable A Firewall On Your Devices Or Use a VPN

A dependable firewall will help protect your sensitive data. A Virtual Private Network (VPN) encrypts traffic between your device and the VPN server, which makes it much more difficult for an intruder or hacker to access your sensitive data and improves your data security. You can try to set up your own VPN for personal devices but we suggest professional support for any of your work devices.

Turn Off File Sharing & Keep Devices from Automatically Joining Networks

Sure, file sharing is a great way to collaborate and send photos or other documents simply and quickly with friends, but leaving this function on only leaves you vulnerable to intrusion. As an extra data security measure, make sure you turn this feature off whenever you aren’t at home. In addition, cellphones can be set up to automatically join networks with free WiFi. Does this help you save on data? Sure! But it also sets you up to fall victim to scammers. Make sure you never allow your device to join a network without getting your permission first.

Don’t Access Financial Sites Or Make Purchases

NEVER access financial, medical or other sensitive data while on public WiFi. Also, don’t shop online and enter your credit card information unless you’re absolutely certain the connection point you’re on is safe and secure. This is simply asking for trouble and breaks the data security’s number one rule.

There are many ways for you to protect your data and secure your devices from hackers and those that wish to do you harm. The surest way to protect yourself is a trusted IT partner who can ensure your devices have proper protocols in place. If you are concerned about your own devices or those of your employees, give us a call. We are always available to help.

file sharing tips with ATS IT Managed Services

Stop These 3 Hazardous File Sharing Habits Yesterday!

File sharing is an essential portion of any business. It is the way we get information from one person to another. BUT, it can also be the way hackers gain access to your sensitive information – files or, worst of all, confidential data.

If you’re using Dropbox, OneDrive, Google Drive, or other consumer-grade file sharing  and cloud sync applications – or if you depend on file sharing of any kind to run your business (hint . . . you do)- listen up!

Here are 3 habits you should break yourself and your staff of immediately.

Top 3 File Sharing Habits to Break

1) Using Consumer Grade Solutions . . .

Consumer grade solutions are just that . . . consumer grade. You aren’t a ‘consumer’, you’re a business owner with sensitive data to protect. With more and more employees/businesses depending on BYOD (Bring Your Own Device) as well as the ability to access files any time & any place, it is important that your file sharing system is professional grade. Look for enterprise grade security options like SSL Encrypted Transfer, Firewall Protection, Password Protection and Virus Scanning.

2) Emailing Files Without Proper Encryption . . .

You may not care if a hacker gets a hold of your grocery list or photos of the family dog, but when it comes to confidential data such as financial statements, medical records or other sensitive materials, it is safe to say you cannot afford criminals sniffing through your files. For this reason, NEVER send files via email without proper encryption. Business grade email and proper practices can nip this in the butt. You’d be amazed how many files fall into the laps of cyber criminals this way though.

3) Using Flash Drives…

You spend time and hard earned resources to protect your network from outside threats . . . only to destroy everything when you innocently plug in an infected flash drive you picked up innocuously enough at a trade show. Flash drives bypass security systems you have in place and may run automatically without being checked for infection by your antivirus solution. If you must continue using flash drives . . . at a minimum update your antivirus to prohibit autorun and mandate scans to all USB-attached devices when plugged into your PCs.