What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Lockport, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
Network Security Assessment – The Single Most Important Cyber Security Tool You Are Neglecting Every Year May 01, 2017
Why you should have a network security assessment at least once per year
Let’s face it – our digital world is under constant attack and your corporate network is one of the biggest targets out there. Why? Because it also tends to be an easy mark. Year after year we see large scale attacks against corporations, but did you know that the majority of cyber incidents occur against small business? Ask yourself, when was the last time you had a professional network security assessment? We’d like to share why assessments are an important piece of the multi-layered approach to cyber security for your business.
Let’s start by stating something that you might not expect a tech company to express. At some point, your network and computer systems WILL BE breached by some type of cyber attack. No amount of effort or software can protect you 100%. The key is to take as many steps as you can to make it less likely you will be hacked or more realistically, take as many steps to ensure that a breach can do no real or sustainable harm to your business. No approach on the market can guarantee you will never be breached and if you run into an IT firm or product that tries to make this guarantee . . . run for the hills because it just “ain’t” true.
Now, there are the obvious steps that you can take to protect yourself and make it harder on the criminals:
- good Email habits
- anti-malware software
- employee training
- a professional Disaster Recover (DR) plan/device
However, there is another tool in the arsenal that you should use regularly and that is an annual (at minimum) Network Security Assessment.
How Is A Network Security Assessment Done?
Your IT support company can do an assessment; they should then give you a risk report displaying areas that need to be tightened up. If your IT company does not perform these, it may be time to start looking into someone new. Cyber threats are more prevalent every day and it is important to partner with an IT company that recognizes this and protects your business accordingly.
We find that our assessment usually uncovers security threats and holes; even when a business has the right practices and has done their research. Cyber security is a daily battle. When we run our assessment we use the results to constantly improve the defenses of our clients. And that is why, like most things in tech, an assessment should be a regular event.
The Network Security Assessment Is Done. What’s Next?
The network security assessment itself is not the only thing to request though. It is equally important to make sure that your firm supplies you with a report of their findings. This report should be simple to understand, contain an overall score and give you a breakdown of each issue found, along with how serious those specific issues are. Ask for an action plan detailing fixes for any issues that are found. Why go through the assessment if you aren’t going to DO anything with the data?
How important and helpful are these reports? We are an IT company with a background protecting our partners from risk, we place protections in place for our partners and still find ways to improve our customer cyber safety every time we run an assessment.
Why? Because cyber security is a dynamic, ever changing landscape and you need to proactively search for issues. Don’t let yourself learn the hard way. You never want to discover there is a hole in your cyber security by way of an attack or breach.
Interested in a Network Security Assessment?
If this article has you questioning your current setup, or if you are simply interested in starting a conversation regarding the cyber security protections necessary for your business, a network security assessment with Andromeda is a great place to start. With this in mind, we will be discounting our network security assessment thru 05/31/17. Fill out the form below for access to our promotional rate and begin a discussion with one of our security experts.
Fill out the form below to receive a $500 discount on a Network Security Assessment valid for the month of May
The post Network Security Assessment – The Single Most Important Cyber Security Tool You Are Neglecting Every Year appeared first on Andromeda Technology Solutions.Dark Web Series Part 1 – What Is the Dark Web & Why It Matters To You Dec 29, 2017
Ransomware, cybercrime, hackers . . .
It’s safe to say that you’ve at least heard of these terms in the news and if you are like most people, you’ve heard them over and over on the news, in the office and just in everyday conversation for the past few years.
This progression in the cybersecurity world may come with unique phrases and buzzwords but the trend itself is nothing new. Since the internet’s beginning, there have been people working to cause chaos.
Think computer viruses, Trojan horses, scams, spam, malware etc.
Like most technology, the internet is used predominantly for good. But, there are always a few bad apples who take good technology and choose to use it with less than the best intentions. And while there have always been “bad guys” out there trying to disrupt good works from being done, over the last decade and specifically in the last few years we’ve seen an incredible increase in spending, vulnerability and rates of incident for large scale cyber-attacks.
To put this in perspective, spending on cybersecurity is projected to exceed 1 trillion dollars by 2021. In 2017, information security (a subset of the cybersecurity industry) spending hit over 86 billion dollars.
On top of this, there has been a dramatic increase of incidents in the small to medium sized business arena. When a local business gets hit, it may not make the 5 o’clock news like Home Depot or Target, but it hurts just the same – and maybe even more.
The crazy thing when it comes to cybercrime, ransomware and other infections is that you can be doing regular updates, implement antivirus etc. and you still can fall victim to identity theft, breaches and other cyber incidents.
All of this cyber-security and cyber-crime discussion lays the groundwork for this Dark Web discussion.
What is the Dark Web?
First, what is the Dark Web? In a simple and brief explanation, the Dark Web is a mostly anonymous space online that you need special software to access. The experience is much like a normal internet browser but the sites and activities available are very different.
Many times the Dark Web is described using an iceberg illustration.
- The internet as we know it is what you can see above sea level.
- There is a larger space just below the surface of the iceberg where the ‘darknet’ lives, this is dominantly used for large data stores. Financial records, academic databases, government records etc. live here.
- Then there is the bottommost layer of the iceberg, this is the Dark Web – here you’ll find illegal activity like drug trafficking, illegal gun sales, and even personal data for sale.
Now, you may be thinking,
“This is interesting information but what in the heck does the Dark Web have to do with me? Why do I care about it? I don’t use it. I don’t know anyone who does. . .” And we get that, but even if you don’t use the Dark Web you may be on it.
The Dark Web is one of the largest sources of stolen data available to criminals. While some may use it to buy goods, other criminals purchase pieces of your information like credit card information, passwords, social security information and more to use for their own purposes.
When cybercriminals go to places like your local grocery store, Experian and other sites to wreak havoc, the information they steal ends up for sale on the Dark Web.
All of this taken into consideration, the everyday consumer and business professional shouldn’t be scanning these areas of the web to try and protect their data.
Instead, a business professional like yourself should make sure that you are following proper security protocols:
- Anti-Virus Software Regularly Updated and on every device
- Proper Firewalls and regular updates
- Employee training
- Regular Professional Backups (also regularly tested and verified)
- Disaster Recovery Plan
- Spam filtering
- Encourage employees to speak up if they see a weird email or link
- Bring in professional cyber security consulting
With all of these items and a few more in place, you make it much more difficult for a cyber-criminal to get into your network and steal your data. This in turn will help keep your data and that of your employees off of the Dark Web. Of course, nothing is foolproof and that is why an exceptional cyber-security partner should offer Dark Web monitoring.
Dark Web monitoring is a program some IT professionals offer businesses where scans are going on constantly in the background and are looking for a specific domain. When the scan recognizes your domain in a database, it flags the software and you are alerted to change passwords or address the breach.
This way, you are always a step ahead of the criminals without lowering yourself to the “Dark Web” itself.
We hope you found this first installment in our Dark Web series helpful. Look out for our next article in February focused on 5 ways you can keep your information off of the Dark Web entirely.
The post Dark Web Series Part 1 – What Is the Dark Web & Why It Matters To You appeared first on Andromeda Technology Solutions.Name Of Utility Company That Leaked Information Just Released Sep 15, 2018
In 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld.
That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident.
Initially, the company admitted that they unintentionally exposed the database in question, but that it contained fake data. As the investigation into the matter continued, it became apparent that the data was not only real, but that it included hashed passwords for administrators that hackers could have easily reverse-engineered. PG&E subsequently reversed their fake data assertion.
The exposed data was found by independent security researcher Chris Vickery, who indicated at the time that the database contained details for some 47,000 computers, virtual machines, servers and other devices.
In addition to that a number of non-encrypted email passwords were found, along with 120 encrypted passwords. In Vickery's words, "This would be a treasure trove for any hostile nation-state hacking group."
According to the official NERC notice regarding the incident:
"The data was exposed publicly on the internet for 70 days. The usernames of the database were also exposed, which included cryptographic information of those usernames and passwords. Exposure of the username and cryptographic information could aid malicious attackers in using this information to decode passwords."
Once PG&E was made aware of the problem, it took a server offline, which removed the exposed data. They also brought in third-party forensic experts to investigate, and as a result of that investigation, revised a number of their security policies.
Overall, the company's handling of the matter was spotty at best, but in light of the record-setting fine, the hope is that we won't see a similar instance of carelessness in the future.