What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Bloomingdale, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
Password Quick Tips – 6 Do’s And Don’ts Oct 02, 2017
We’ve been polling our readers recently for topics of interest. Of course, cyber security and ransomware are hot topics but many of you mentioned that you are interested in quick tips you can follow or use yourself.
You ask – we deliver.
Without further ado – check out these 6 quick tips for best password practices
- Create passwords with multiple cases, symbols and numbers. Just be sure to avoid passwords such as “123456”, “qwerty”, “football”, “princess” or “password” – some of the most common passwords in 2016 according to SplashData.
- Don’t create a password based on personal details such as your birth date, an anniversary, phone number, social security number etc. While not everyone may know these details about you, they are among the first a cybercriminal or evildoer will attempt when trying to hack your account. Even worse, if your password data is compromised, imagine what a cybercriminal could do with that social security information if it was exposed.
- Avoid using the same password on multiple sites. We get it, remembering different passwords for all of your different sites and needs is difficult. It is important to create something unique for every login you maintain. Remember, if a hacker gets ahold of your password for one account, the first thing they will do is try that bad boy on bank accounts, social media, emails and anywhere else they can to grab sensitive information or even your hard earned money.
- Change your passwords regularly. We suggest changing passwords every 90 days. This can be a pain but if you maintain this practice you make getting into your accounts that much harder.
- Do Not keep a list of your passwords on your computer. Keeping a list of passwords is dangerous in any format. You open yourself up to great risk in doing so. The worst method for this is keeping a list of your passwords in a file on your computer. Instead, keep a list of each site and next to it write a specific clue that will only make sense to you. This can help jog your memory without spilling the beans if someone stumbles upon the file.
- Use Dual Authentication. Many apps and sites now offer dual authentication as an added security measure. Once you login to your account, you will be prompted for a code (either one you create or a randomly generated code). You put this code into the site as a second proof of your identity. This feature greatly reduces if not eliminates the likelihood of someone breaking into your accounts.
Password protection is difficult. The average Joe has anywhere from 20-200 passwords. We recognize that is a big gap but even memorizing 20 different passwords is a difficult task. With that said, we would like to provide you with a few useful tools that can free up your memory and manage your password security for you.
There are a variety of password managers on the market. We have used and enjoyed LastPass which comes with a free and premium subscription as well as an app for your phone. If you want to check out a variety of password managers and how they stack up – PC Magazine released their “Best Password Managers of 2017” earlier this month.
Password Security Tests
Platforms and websites do exist that will check the security of your password. There are even some websites out there that will tell you how long a hacker would have to spend to crack your code. Check out our recommended tool here .
Email Alias Tools
We’ve found an interesting tool that can help you keep track of your passwords but also creates aliases for your email address. This is useful because without your email address, a password is essentially useless. Now, of course you don’t want someone to have your password at all but this also helps you keep your inbox clear of spam and unwanted mail.
Any of these tools can help you out. If you have any questions feel free to reach the Andromeda Team Today!
The post Password Quick Tips – 6 Do’s And Don’ts appeared first on Andromeda Technology Solutions.How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data Apr 27, 2018
Cyber-Security is a big topic in the news. New businesses fall victim to hackers and cyber criminals daily.
Even high quality security programs and protocols can fall victim to cyber-bullies without proper employee training, awareness and attention to detail.
We believe education is one of the best defenses against cyber criminals.
With that in mind, we want to provide some valuable tips for spotting and avoiding one of the most popular scams/tactics cyber-criminals use against you: the Phishing Scam.
Email is essential to your business and every day communication. It is also one of the prime spaces hackers focus on to steal your information and sneak into your network.
This is because it is SO much easier to get a person to click on a link, input account info or download a corrupt file via an email scam than many other hacker strategies.
You’ve probably heard this but it’s true – “There’s one person in every office that will click on anything.”
Hopefully that person isn’t you!
But – with the information below, you’ll learn how to spot these scams and some strategies to avoid them altogether.
Phishing Scams 101
What are some of the Goals of Phishing Scams?
- Steal Sensitive Personal Info – Credit Card Info, Account Login Info, Personally Identifiable Information (SSN, Birth Date etc.)
- Gain control of your computer or network
- Install malware or other computer viruses
How do cyber-criminals convince you to fall for their plans?
- Deliver file attachments with harmful software enclosed – viruses/malware/keystroke loggers
- Trick you into clicking on bad websites that secretly infect your PC with viruses etc.
- Convincing you to give them username info and password info to desired accounts
Things you should look out for to spot and prevent Phishing Scams
- Make sure that the “reply to” email address matches the sent address
- Any message that creates a sense of urgency – especially regarding login info
- Any message that requests sensitive data
- Questionable links or links that don’t match the anticipated site/source
- Random social media messages asking you to click a link to see a video or receive specific info
Keep in mind and remember that legitimate companies won’t email you asking for passwords, sensitive info (social security numbers) or other sensitive data via email.
Sample Phishing Scams Explained:
- The ‘From’ email address is suspicious
- ‘From’ and ‘Reply-To’ are different and both are suspicious again
- When you hover over the ‘Restore Access’ button there is a link that doesn’t match any Microsoft destinations
- Bad sender domain
- Suspicious Subject & Content – generic name and sense of urgency to give up account info
- Bad grammar
- Suspicious link if you hover over the masked link.
- Bad domain in ‘From’ section – firstname.lastname@example.org
- Generic Greeting
- Bad link redirect
- Sense of Urgency in message to get your account info
Response Strategies/Protocols for suspected phishing emails:
In the office it is important to have conversations with employees and make sure everyone knows what to do if they suspect a bad email.
- We recommend alerting your IT partner or IT staff members of the issue.
- NEVER click any links you think are suspicious.
- If you are unsure of an email you can always contact the related company direct. For example, with respect to any of the above emails you can always go directly to their official page, grab contact info and call/contact support to confirm that the email is real.
- NEVER use contact info in a suspicious email to figure out whether it is real or not. Criminals put fake phone numbers and contact info in their messages so of course they will tell you that the email is real.
- Hold regular cyber security and data security training in your office to make sure employees are up to speed on the latest techniques/red flags.
The post How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data appeared first on Andromeda Technology Solutions.Another Chrome Extension Is Stealing Passwords Sep 18, 2018
Do you use the Chrome browser extension for the MEGA file storage service? If you do, please read this article carefully. The official extension for that service has been compromised. It has been replaced with a malware version that has the capability to steal user login data for a number of popular websites, including Github, Google, Amazon, Microsoft and more.
The extension was compromised on September 4th, when an unknown attacker breached MEGA's Chrome Web Store account and uploaded the poisoned version of the extension. Any user who installs it is at risk of having their other login credentials stolen.
It gets worse. If you allow auto-updates, then the poisoned version of the extension would have automatically "updated" on your PC or smartphone when the malware was uploaded. Note that when the extension attempted to update, it would have asked users for elevated permissions. Those elevated permissions would allow the extension access to personal information, which is the mechanism by which the credentials are stolen.
The poisoned file was in place for a total of four hours before it was found, eradicated and replaced by a clean version (version 3.39.5).
According to MEGA:
"You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled, and you accepted the additional permission, or if you freshly installed version 3.39.4."
If you think there's even a chance you were impacted by this event, your best bet would be an across-the-board change of all your passwords, as there's no way to be sure which ones may have been compromised.
Two things to note here: The Firefox extension was not impacted. This applies only to chrome users who have the MEGA extension installed. Also, you should check your extension version number immediately to be sure you're not running version 3.39.4. If you are, uninstall it immediately and grab the clean version referenced above.