What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Cook County, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
4 Cybersecurity Tips For Business Owners & Managers Nov 05, 2018
New cybersecurity stories hit the news every day. You’ve surely heard about large companies getting hacked or ‘breached’, passwords stolen, identities compromised and more.
The topic of cybersecurity gets brought up so much, it’s no surprise that it has become a kind of background noise in the business world. Warnings about security protocols, new viruses and ransomware scams are just the tip of the iceberg when you look into what is happening in the IT security world.
While the news stories keep coming and businesses continue falling victim, there is at least one thing that remains the same . . . the need for cybersecurity training and awareness is here to stay. If you are in business, you have data that cybercriminals want to steal. Simple as that.
Cybersecurity conversations and solutions don’t have to be daunting though. In fact, there are some quick, common-sense tips you can put into place that will make you and your business a harder target for those looking to do you harm.
Top 4 Cybersecurity Tips For Professionals
1. Use Unique and Strong Passwords For All Online Accounts
This tip is one you’ve surely heard many times before but over 85% of all adults reuse their passwords online. On top of that, most people don’t know how to create a truly strong password. Some characteristics of a strong password are:
- Minimum of 8 characters
- A mixture of uppercase and lowercase letters
- At least one number
- At least one special character (!@#$%^&)
- No personal details (pet names, family member names, birth dates, address info etc.)
The average adult has over 100 different accounts online (bank accounts, credit cards, social media, email, apps etc.). It’s understandably difficult to create and remember a different password for everything you do though.
What to do about it? Look into a password manager tool for yourself and your staff. A password manager will store and organize all of your unique passwords securely. Here at Andromeda, we recommend LastPass. It has some great features and is a trustworthy password management tool. If you have questions about that, feel free to reach our team.
2. Run A Network Security Audit At Least Once A Year
You can’t address things if you don’t know they are broken. An annual network security audit done by a third party IT support partner will give you visibility into the small cracks hiding in your network security.
This type of audit should check things like open ports on your firewall, password protocols, your backups, your disaster recovery plan, the status of your warranties, your antivirus and spam protocols and more.
You can engage your current IT services provider for this audit or look for a third party vendor to come in and take a fresh look at your setup.
It never hurts to get a new set of eyes on your setup. Andromeda provides these types of assessments to our clients with our professional 35 point network security assessment. If you’d like to speak with our team about this service, give us a call at (815) 836-0030 or send an email to Contact@WeNetwork.com
3. Regularly Test Your Backups and Disaster Recovery Plan
One of the top methods a cybercriminal uses to make money is ransomware. Ransomware is classified as a cyberattack where a criminal gains access to your network (through brute force or stolen employee email/passwords). After accessing the network, the criminal then encrypts all or a portion of your business data and locks you out of it. The only way to recover the data is to pay a ransom (often in the form of bitcoin or other cryptocurrency). If you don’t pay up – they destroy your data.
These types of attacks cause serious damage. Businesses lose big money due to down time, reputational damage and in some cases, even government fines (in worst cases where evidence that a business intentionally ignored or neglected their data security, victims of ransomware/cybercrime can even face jail time).
Imagine that, you’re the victim of a cyberattack and you have to pay the government fines on top of it all?!
Ransomware and cyberattacks happen, there is almost no way to avoid them 100% of the time. But, with a proper disaster recovery plan including regular data backups (on site, in the cloud and off site) you can quickly and calmly restore your business data and win against cybercrime.
Don’t just accept anyone’s word when it comes to verifying your backups though. You should be sure that whoever is maintaining your backups and disaster recovery is running regular tests and providing you proof of valid backups. You should also run a demo scenario at least twice a year to test how long it would take you to be back up and running in the event of a breach or equipment failure.
4. Employee Cybersecurity Training Is Key To Your Defense
Cyber security is constantly changing and new attack strategies show up regularly. The one thing that shouldn’t change for you though, is your commitment to ongoing employee training.
After all, the #1 threat to your office network security is actually your employees! The staff are the people who will accidentally visit an infected site, click a bad link, download a file with a virus etc. and the only way to help stop those behaviors/accidents is through education and proper training.
A good employee training program will offer ongoing training and support. It may also score and rank your employees/office based on performance etc.
At Andromeda, we offer our clients an employee cyber security training in an online program. This allows employees to go at their own pace and complete training in the office or on the go. This solution provides weekly tech tips, training videos, micro quizzes, individual employee risk scores and more.
Make sure to look into training if your organization isn’t already offering this to employees. This really is a must have solution to protect your office.
These are only 4 tips you can use to improve security at the office. There are many more but if you cover these bases you have a great start.
If you have any questions related to cybersecurity or IT at the office, give our team a call at (815) 836-0030 or send a message to Contact@WeNetwork.com. We are always here to help you!
The post 4 Cybersecurity Tips For Business Owners & Managers appeared first on Andromeda Technology Solutions.5 Critical Components Any Professional Disaster Recovery Plan Must Have Jul 03, 2017
We hear a whole lot about ransomware and cyber criminals these days. Andromeda helps our clients combat most data breaches with multi-tiered security solutions and employee training. But, every business is still vulnerable to incident. That is why a full proof and dependable Disaster Recovery & Business Continuity plan is an essential. Before you hit the world wide web searching for DR solutions and backup plans, take a look at these 5 critical components any professional disaster recovery plan must have.
Your disaster recovery plan should consider appropriate business continuity variables.
Disasters happen; they come in many shapes and sizes. Server crashes, accidental file deletion, physical disasters such as fire or flood and the increasingly common ransomware or malware infection are all scenarios.
You must ask two important questions yourself in regards to business continuity:
- How much time can pass between recovery points, ie: how much data can you afford to lose; this is commonly known in Business Continuity as RPO – Recovery Point Objective
- How much time can pass between the disaster and recovery, ie: how much time can you afford to lose; this is commonly known in Business Continuity as RTO – Recovery Time Objective
Ideally, your RPO and RTO are as low as possible.
A good Disaster Recovery Plan will consider these factors and have various options for restoring files, folders or even whole servers. On top of that, it is important that these options take into account minimalizing data loss and interruption.
Data should be stored both locally and offsite.
Many people have an easy time seeing the value in the offsite backup. Whether that’s tape drives taken offsite daily, external USB drives treated the same, or data sent to the cloud for storage, it carries with it a feeling of great comfort knowing that “if the building burns down” the data is still safe.
What few realize is what we mean when we speak about downtime, for incidents that are not quite as catastrophic as a burning building. In those cases, it can take an unacceptable amount of time to get your hands on that offsite backup or to download an entire server from the cloud.
With a Disaster Recovery Plan option that offers backups both locally and offsite (cloud based), you are able to restore large quantities of files and entire server images quickly. Your onsite device should also have the capability to virtualize as a temporary server in the event your main server crashes.
Find a disaster recovery plan option that provides multiple restore options
When you think about restoring from a disaster, you may believe that so long as you have a version of your data somewhere, you are secure. In reality though, your recovery time objective can be greatly impacted by the different options available to you after a disaster. A disaster recovery plan with multiple options for virtualization, restoration and data access is an absolute must.
You may have heard the term “virtualization” before. Being able to virtualize your server either on a physical device at your location or in the cloud simply means that you have a temporary solution that will keep your business up and running while you resolve whatever issue corrupted your data, server or situation in the first place.
A catastrophic hardware failure can put your business down for hours, sometimes days. Rushing that process up can incur huge costs as well: rush delivery, emergency dispatch etc. In the event of a hardware failure, a virtual copy of your last backup can be spun up. Once completed, you can resume working swiftly. This quick recovery allows you to deal with hardware replacements, scheduling and budgets in an organized fashion.
A top tier solution will provide you with onsite virtualization and an option to virtualize in the cloud. Cloud virtualization is not as quick and can produce some lag time. Nonetheless, in the event your backups are stolen or disaster strikes your building (fire, flood etc.) – the ability to spin up and virtualize data from the cloud means that your business is not at a standstill.
Find out what type of support a vendor provides for disaster recovery plans.
Your company does not want to struggle to get their files restored. You can’t wait hours and hours to restore a file you accidentally deleted. Don’t wait for hours to hear back on the status of a data restore. Your IT partner should understand the solution they are providing and be able to work with you directly. Cut out the intermediary. Ensure your vendor monitors all the warranties, all the software support calls, and all monitoring; ensuring your backups are humming all day every day – as they should be.
Don’t trust just any business continuity or disaster recovery plan solution.
There are literally hundreds of options out there for Disaster Recovery. A quick Google search will give you pages of results. Comparing them is mind numbing, and if we are being honest . . . who takes the time to do all that? Your first step is to find an IT partner that you trust. Check their references. See if they have case studies to show how a disaster recovery functions with the product. Ask for a demonstration of the product. This is serious stuff and you need to trust the hands maintaining and protecting your data.
The post 5 Critical Components Any Professional Disaster Recovery Plan Must Have appeared first on Andromeda Technology Solutions.Are Graphics Processing Units Vulnerable To Hacker Attacks? Dec 04, 2018
Bad news for computer users everywhere.� Researchers at the University of California in Riverside have discovered that GPUs (Graphics Processing Units) are vulnerable to side-channel attacks like Spectre and Meltdown, which have been plaguing Intel CPU's for the better part of a year.
The team, (consisting of two computer science professors and two PhD students) reverse-engineered an Nvidia GPU and demonstrated three separate side-channel attacks. The attacks targeted both computational and graphics stacks, believing these to be the first ever side-channel attacks designed to work on GPUs.
All three of the newly discovered attacks exploit the user counter in the GPU, which is used for performance tracking and are available in user mode. This is significant because it means that literally anyone has access to them.� All three also require the victim to download a piece of malware designed to spy on the user's system to provide information back to the hacker executing the attack.
The first of the three attacks tracks a user's internet activity and is made possible because GPUs are used to render graphics in web browsers.� The attack is executed when a poisoned app utilizes OpenGL to infer browser behavior as it utilizes the resources of the GPU.
The second attack allows the hacker to glean password information, because GPU resources are used to render the login box on the user's screen.� By monitoring memory allocations in the chip, a hacker can identify the specific keys pressed when entering a password.
The third attack targets computational applications and is designed to target neural network architecture.� Its main purpose is to sniff out and steal neural network algorithms.
In terms of defending against these attacks, there's good news and bad news.� Turning off user mode access to the counters is a viable defense, but unfortunately, many applications rely on that functionality. Turning it off will cause a number of programs (that you probably need) to stop working.� Ultimately then, GPU manufacturers are going to need to engineer a fix in much the same way that Intel did for their impacted CPUs.
No instances of these types of attacks have been seen in the wild to this point, but now that the word is out, it's just a matter of time.� 2019 stands to be a brutal year until and unless a fix is found and pushed out.