What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Darien, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
3 Critical Steps You MUST Take To Avoid WannaCry And Ransomware Like It Jun 05, 2017
Last month the world was hit by one of the largest cyber security attacks in history- affecting more than 200,000 organizations in 150 countries. WannaCry ransomware, the perpetrator of this attack, took advantage of outdated patches and software licenses. Infected computers and business owners risked losing critical data if they didn’t pay the ransom.
As cyber security & prevention experts, we are happy to report that not a single client of Andromeda Technology Solutions was affected by this attack because of our security protocols and procedures. The same can’t be said for Cook County.
Industry experts predict that this ransomware attack will hit again. Tech experts remain unsure how the new approach might be deployed – in a similar fashion or with a new “2.0” virus. While the specifics of future cyber security attacks are uncertain, we know some things for sure. Proper protocol is CRITICAL for data security and the safety of your business.
Ransomware: The Numbers **
- Almost 50% of Small Businesses have experienced some form of cyber attack
- MORE than 70% of attacks target Small Business
- As many as 60% of small businesses that experience a data breach go out of business within 6 months.
These numbers are scary. Cyber security demands the attention of business owners globally and the efforts of hackers/cyber criminals are only increasing. These criminals want your money and they don’t care about the damage left behind.
That being said, there is hope and there are measures you can take to prevent your business from becoming a victim of ransomware.
3 Security Protocols You MUST Implement Immediately For The Safety Of Your Data, Your Business AND Your Wallet . . .
- Update ALL Microsoft Licenses to Windows 7 At A Minimum & Maintain Up To Date Security Patching – Cyber criminals are no dummies. WannaCry and other viruses like it take advantage of out of date licenses. Too often, business owners sacrifice the security of their network because they don’t want to go through the grief of updating to the latest Microsoft License. Andromeda recommends updating ALL PC’s to Windows 7 at a minimum and, more importantly, make sure you perform regular patch and security updates.
- Test & Verify ALL Data Backups – When is the last time you tested and verified your backups? Are you backing up your data at all? How long would it take your current IT provider to get you back up in running in the event of a disaster (virtualization time)? It is a FACT . . . you will be hit by some form of ransomware, malware or virus. The real question becomes, do you have the protocols in place to defend and beat the attack? One of the most important things you can do to safeguard yourself is perform regular backups. (We recommend daily at a minimum). A cybercriminal can’t hold your data hostage if you follow this simple practice. AND – don’t accept a verbal confirmation your data continuously remains backed up as proof. Your IT partner should provide you regular, real time, proof that your data is backed up securely and that it can be visualized in an agreed upon length of time. If your IT provider can’t give these stats and proofs to you, time to find a new partner.
- Educate Your Team On How These Attacks Work And Where They Come From – Every office has that one employee that will click on ANYTHING (hopefully it isn’t you). Continued education is one of the first lines of defense against these attacks. Employees should know:
- What to look out for
- What phishing scams look like
- What to do when they suspect an email or link is suspect
- NEVER to check personal email at work
Proper spam filters set by your IT group should prevent the majority of these emails from getting to your inbox. However, it only takes ONE CLICK and an entire network is infected before you know what happened.
Ransomware Prevention constantly changing, be sure to stay on top of newest trends
When all is said and done, cyber security is an everyday battle. Hackers and criminals will keep attacking until you don’t have something they want. These 3 Security protocols are only the tip of the iceberg and should be part of a multiphase approach implemented by your internal staff and your IT partner. If you have any questions, please reach out to a representative at Andromeda today.
If you’ve found this article on ransomware prevention interesting, you might also want to consider attending our upcoming Executive Lunch & Learn Seminar.
**Statistics sourced from the National Cyber Security Alliance
The post 3 Critical Steps You MUST Take To Avoid WannaCry And Ransomware Like It appeared first on Andromeda Technology Solutions.To SSL or Not to SSL: What is HTTPs and Why it Matters to You Jan 12, 2018
2017 was a pretty eventful year for tech. Between the WannaCry ransomware virus, the data breach at Equifax and many other less famous incidents – one thing is for certain. 2017 was the year of cybersecurity and 2018 is expected to follow suit.
With cyber attacks on everyone’s mind and radar, businesses are starting to notice a shift in public perception when it comes to the companies they work with when it comes to data security. People want to feel safe – and they want to make sure that their information is safe, even on the web.
So while this has been a growing trend for a few years now, it is safe to say that moving forward, the trend has transformed into an expectation of security and protecting consumer data.
2018 is definitely the year of HTTPs.
What is HTTPs?
To understand what HTTPS means and how it works, you need to know a few definitions.
First – HTTP, HTTP stands for HyperText Transfer Protocol. Without diving too deep into the technical lingo, this is an application layer protocol. Basically, HTTP is the protocol that involves information sent between a browser (like google chrome) and a website itself. So if you were to interrupt that connection and intercept it, you’d see in plain text what was being communicated between the website and the browser.
This can be very dangerous in certain situations. For example, if you are purchasing goods on a website with a basic HTTP (basic meaning unsecured), your personal information like your address, credit card info and whatever else you submit can be intercepted and stolen.
Nobody wants this to occur – except the thieves – so HTTPs was introduced as a secure option.
Like HTTP, HTTPs stands for HyperText Transfer Protocol but it has an additional Security component; hence the “S”.
By adding additional security components, the language being transmitted between website and browser is encrypted and kept from being read by evil doers and criminals.
Another term you might hear thrown around regarding this security protocol is an SSL or Secure Socket Layer Certificate. Again, this is just another way of saying that your site has the technology in place to securely encrypt transactions between the website and browsers etc.
The types of SSL Certificates may vary, but their basic coding provides security and encryption.
You can always tell if a website is secure in a few different ways.
- https:// precedes the URL destination i.e. https://www.google.com
- A lock shows up in the leftmost corner of your navigation bar
- A green lock shows up in the leftmost corner of your navigation bar
Sounds pretty good, right?
There was a time when this added security feature was mainly used on websites that transfer personal information such as ecommerce, financial, medical, legal etc. but these days the added security of an SSL or HTTPs on your site is more of a standard.
It is something that savvy consumers look for to avoid vulnerability.
Now that we’ve gone through what this feature is and how it operates in respect to your website you might have some additional questions about whether this feature would benefit you. We’ve touched on a few of the most common topics below.
I’m Just A Small Business Website,
Why Should HTTPs Matter to Me?
An SSL Shows Your Customer Base You Care About Their Security
By adding an SSL certificate to your website, and turning it from HTTP to HTTPs, you are providing an extra level of security for your users. They know right away that your website is secure- that nothing they are viewing or how they are interacting on your website is being monitored or watched by a malicious entity. It shows that you care about your customer’s user experience – and that reflects highly upon your company brand.
It Actually Provides Additional Security Against Hackers
Having an SSL certificate installed on your website also helps protect your website from a possible breach or hacking attempt. The extra level of encryption provides an external wall that is harder for hackers to break and infect. So while you might not necessarily need one for the type of website your business uses – it does help you protect yourself against would-be attackers and saves you money on potential cleanup and patches once a website does get infected or breached.
HTTPs Help Improve Website Search Engine Rankings and Traffic
Having this added security installed on your website shows popular search engines like Google, Yahoo and Bing! that you take your user’s experience and security seriously. So seriously that they award your website with increased rankings.
And we all know higher rankings lead to more traffic which you hope leads to more clients/customers.
Google has been favoring websites with HTTPs for a few years now; however, after recent technology-related world events, they have doubled-down.
Starting this past October, websites that use a form or search tool on their website will not have a Not Secure warning when viewed on Google Chrome browser. The last thing you want your prospective clients to see when visiting your site is a message about poor security.
Google also has been blatantly favoring websites with HTTPs over HTTP. About have of all 1st page results on Google are websites with HTTPs, up over 30% since the end of 2016.
Failure to increase security on your site risks lower search rankings and even increases bounce rates. It is also proven that HTTP sites load slower, causing Google to penalize them for site speed as well. Overall, the industry is punishing sites that do not value security.
So, what should you take away from all of this?
An SSL does incur extra costs (but they are minimal) but failure to secure your website can cost you potential new customers, reduce website traffic and impact overall user experience.
Your IT partner or web hosting provider should have the necessary tools to help you with your website security. It should be fairly simple and won’t break your budget either.
Want to take the next step and convert to HTTPs but not sure how?
Andromeda has trained technicians and developers that are more than happy to help you with the conversion. Just give us a call to get started today!
The post To SSL or Not to SSL: What is HTTPs and Why it Matters to You appeared first on Andromeda Technology Solutions.Name Of Utility Company That Leaked Information Just Released Sep 15, 2018
In 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld.
That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident.
Initially, the company admitted that they unintentionally exposed the database in question, but that it contained fake data. As the investigation into the matter continued, it became apparent that the data was not only real, but that it included hashed passwords for administrators that hackers could have easily reverse-engineered. PG&E subsequently reversed their fake data assertion.
The exposed data was found by independent security researcher Chris Vickery, who indicated at the time that the database contained details for some 47,000 computers, virtual machines, servers and other devices.
In addition to that a number of non-encrypted email passwords were found, along with 120 encrypted passwords. In Vickery's words, "This would be a treasure trove for any hostile nation-state hacking group."
According to the official NERC notice regarding the incident:
"The data was exposed publicly on the internet for 70 days. The usernames of the database were also exposed, which included cryptographic information of those usernames and passwords. Exposure of the username and cryptographic information could aid malicious attackers in using this information to decode passwords."
Once PG&E was made aware of the problem, it took a server offline, which removed the exposed data. They also brought in third-party forensic experts to investigate, and as a result of that investigation, revised a number of their security policies.
Overall, the company's handling of the matter was spotty at best, but in light of the record-setting fine, the hope is that we won't see a similar instance of carelessness in the future.