What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Naperville, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
5 Ways Your Information Gets On The Dark Web Jan 26, 2018
In our last IT article we discussed the Dark Web. Specifically what the Dark Web is and why it is something that matters to just about everyone. If you missed the article make sure to give it a read here.
There are many ways your information can be compromised and inevitably end up in the hands of wrong doers on the dark web. On top of that, there are numerous ways that hackers and criminals can steal your data that are completely out of your control.
It is important that you put defense in place where you can but it is also important that you manage your risk by educating yourself on some of the top vulnerabilities out there.
With that in mind we’ve gathered 5 of the top ways hackers and criminals get around you to steal your data for the Dark Web.
5 Ways Your Information Gets On The Dark Web
1. Visiting & Using Unsecure Websites
If a website isn’t secure, information passed between you and the site can easily be compromised. In a nutshell, websites pass information to your browser (google chrome, firefox etc.) and your browser displays that information for you to look at/use. Without proper security protocols like an SSL or HTTPs, sites don’t secure that information transfer. So, if you enter personal data into a form, make a purchase or put any data on the site that isn’t secured, it is easy enough for a hacker or cyber-criminal to intercept that data and sell it on the Dark Web.
If you are interested in how to secure your website or tell if the sites you visit are secure, we have an easy to understand article here.
2. Consumer Database Breach
While hackers and criminals will go after your personal data on a small scale, a larger customer breach is what their dreams are made of. Just think back to the Target, Home Depot and Experian breaches of recent years. Even social media databases are full of rich information that hackers can make use of. If a hacker gets ahold of your Facebook password they might have also gotten ahold of your date of birth, where you live and other personal information that they can use to access financial accounts or other personal accounts.
While you can’t keep hackers out of Target’s database, you can practice your own security protocols to decrease the likelihood of criminals using compromised data to ruin you financially:
- Use different passwords for different sites
- Change passwords often (every 90 days is recommended at minimum)
- Use strong passwords
- Look into a monitoring service that alerts you of suspicious activity on financial accounts
3. Firewall Issues
You don’t necessarily have control over whether someone else secures their website and you definitely don’t have control of the security procedures at your local grocery store, but you do have control over the firewalls you use at your business.
First . . . make sure you are using a professional or business grade solution for your firewall. Consumer grade solutions are meant for home use and will not have adequate protections in place to keep your company’s private data secure.
Additionally, make sure that you have regular updates and software patches scheduled. These devices are only as good as the software they utilize. If your firewall is out of date or your software is out of date, chances are they cannot defend against the latest hacker strategies and viruses.
You will also benefit from a regular system audit to ensure all ports are secure and no user changes are impacting your network security. It is pretty common for businesses to forget these updates and checks and this is an incredibly vulnerable access point into your network if not properly configured.
4. Outdated Systems/Devices On Your Network
While your firewall controls much of the inbound and outbound traffic on your network, there are countless other devices that can create vulnerabilities. For instance, if you consider the Target breach of 2013, it is rumored that the criminals gained access to Target’s network via an HVAC company that monitored temperatures in stores. This brings up the fact that it is not just your own network but anything connected to it and the security of those ancillary devices/networks that you must be aware of.
If you have smart devices in the office, if you subscribe to any type of service that needs access to your network, all of these items and programs open you up to vulnerabilities. Even the smart devices you use at home can cause you trouble on a personal level. Imagine if a smart device on your home network was compromised and used by hackers to get into your work files on your home computer. This stuff happens and your information ends up on the dark web because of it.
5. Downloading untrusted applications/Opening Malicious Email
Email is essential to running your business but it is one of the best ways for hackers and criminals to gain access to your network. All they have to get you to do is click a link or download a file and BAM! your data might be compromised.
Email isn’t the only culprit though. Downloading files off the web can also give hackers access to your network and in turn your data. There are tools that can help you avoid this as well as training that helps you spot malicious links/sites.
How Can I Prevent My Info From Getting Onto Dark Web
With proper firewall configuration, professional anti-virus software that is updated regularly and employee training, you will dramatically decrease your vulnerability and incident rate.
There are so many ways hackers access your data. They can get to you through stores, websites, your email, the smart devices at your office/home and those are just a few examples. The scary part is that no matter how secure you make things, they will come up with a new approach that no one expects.
All hope isn’t lost though, with certain protections like professional cyber security consulting, monitoring software (both professional and personal), and specific security devices, you can protect yourself from cybercriminals.
If you’d like to discuss your options and make sure you are truly covered, reach out to our team and schedule a network security assessment.
The post 5 Ways Your Information Gets On The Dark Web appeared first on Andromeda Technology Solutions.How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data Apr 27, 2018
Cyber-Security is a big topic in the news. New businesses fall victim to hackers and cyber criminals daily.
Even high quality security programs and protocols can fall victim to cyber-bullies without proper employee training, awareness and attention to detail.
We believe education is one of the best defenses against cyber criminals.
With that in mind, we want to provide some valuable tips for spotting and avoiding one of the most popular scams/tactics cyber-criminals use against you: the Phishing Scam.
Email is essential to your business and every day communication. It is also one of the prime spaces hackers focus on to steal your information and sneak into your network.
This is because it is SO much easier to get a person to click on a link, input account info or download a corrupt file via an email scam than many other hacker strategies.
You’ve probably heard this but it’s true – “There’s one person in every office that will click on anything.”
Hopefully that person isn’t you!
But – with the information below, you’ll learn how to spot these scams and some strategies to avoid them altogether.
Phishing Scams 101
What are some of the Goals of Phishing Scams?
- Steal Sensitive Personal Info – Credit Card Info, Account Login Info, Personally Identifiable Information (SSN, Birth Date etc.)
- Gain control of your computer or network
- Install malware or other computer viruses
How do cyber-criminals convince you to fall for their plans?
- Deliver file attachments with harmful software enclosed – viruses/malware/keystroke loggers
- Trick you into clicking on bad websites that secretly infect your PC with viruses etc.
- Convincing you to give them username info and password info to desired accounts
Things you should look out for to spot and prevent Phishing Scams
- Make sure that the “reply to” email address matches the sent address
- Any message that creates a sense of urgency – especially regarding login info
- Any message that requests sensitive data
- Questionable links or links that don’t match the anticipated site/source
- Random social media messages asking you to click a link to see a video or receive specific info
Keep in mind and remember that legitimate companies won’t email you asking for passwords, sensitive info (social security numbers) or other sensitive data via email.
Sample Phishing Scams Explained:
- The ‘From’ email address is suspicious
- ‘From’ and ‘Reply-To’ are different and both are suspicious again
- When you hover over the ‘Restore Access’ button there is a link that doesn’t match any Microsoft destinations
- Bad sender domain
- Suspicious Subject & Content – generic name and sense of urgency to give up account info
- Bad grammar
- Suspicious link if you hover over the masked link.
- Bad domain in ‘From’ section – firstname.lastname@example.org
- Generic Greeting
- Bad link redirect
- Sense of Urgency in message to get your account info
Response Strategies/Protocols for suspected phishing emails:
In the office it is important to have conversations with employees and make sure everyone knows what to do if they suspect a bad email.
- We recommend alerting your IT partner or IT staff members of the issue.
- NEVER click any links you think are suspicious.
- If you are unsure of an email you can always contact the related company direct. For example, with respect to any of the above emails you can always go directly to their official page, grab contact info and call/contact support to confirm that the email is real.
- NEVER use contact info in a suspicious email to figure out whether it is real or not. Criminals put fake phone numbers and contact info in their messages so of course they will tell you that the email is real.
- Hold regular cyber security and data security training in your office to make sure employees are up to speed on the latest techniques/red flags.
The post How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data appeared first on Andromeda Technology Solutions.Another Chrome Extension Is Stealing Passwords Sep 18, 2018
Do you use the Chrome browser extension for the MEGA file storage service? If you do, please read this article carefully. The official extension for that service has been compromised. It has been replaced with a malware version that has the capability to steal user login data for a number of popular websites, including Github, Google, Amazon, Microsoft and more.
The extension was compromised on September 4th, when an unknown attacker breached MEGA's Chrome Web Store account and uploaded the poisoned version of the extension. Any user who installs it is at risk of having their other login credentials stolen.
It gets worse. If you allow auto-updates, then the poisoned version of the extension would have automatically "updated" on your PC or smartphone when the malware was uploaded. Note that when the extension attempted to update, it would have asked users for elevated permissions. Those elevated permissions would allow the extension access to personal information, which is the mechanism by which the credentials are stolen.
The poisoned file was in place for a total of four hours before it was found, eradicated and replaced by a clean version (version 3.39.5).
According to MEGA:
"You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled, and you accepted the additional permission, or if you freshly installed version 3.39.4."
If you think there's even a chance you were impacted by this event, your best bet would be an across-the-board change of all your passwords, as there's no way to be sure which ones may have been compromised.
Two things to note here: The Firefox extension was not impacted. This applies only to chrome users who have the MEGA extension installed. Also, you should check your extension version number immediately to be sure you're not running version 3.39.4. If you are, uninstall it immediately and grab the clean version referenced above.