What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Account Coordinator(AC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Palatine, IL Businesses:
What A Few Of Our Clients Have To Say
Andromeda IT Service Offerings
Here is just a quick list demonstrating the breadth of IT services you can expect from Andromeda:
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
How A Third-Party Data Breach Impacts Cybersecurity At Your Business Aug 05, 2019
With the average American adult maintaining over 130 different accounts online, the risk of a data breach or data being stolen continues to grow. Between social media, financials, productivity applications, email, business applications, online shopping and countless other accounts online, your “online life” becomes more and more a part of your day to day physical life as time passes.
As more of our lives and data are shared online, criminals are focused on breaking into these databases to steal the valuable info they hold:
- Personal Info such as name, address, dates of birth, social security numbers etc.
- Financial information such as bank info, credit cards etc.
- Social Information on social media accounts
This is a real problem facing consumers globally but the impacts span beyond individual damages and stolen identities (though, those damages are bad enough).
When a criminal steals your password, or the password of a coworker, chances are – they’ve gained access to many pieces of your “online life”.
Here’s an example to illustrate how a third party data breach can lead a criminal back to your business.
Your HR manager helps book travel for employees at the business. He set up a business account at a national hotel chain to book rooms for whatever the business travel needs are. The hotel chain’s database suffers a breach and cybercriminals steal thousands of email/password combos including your HR manager’s credentials.
Your HR manager used the same password he uses for all kinds of sites online when he created the login at the hotel company site. This means that the criminals who have this breached data, now have access to your payroll software, servers and all the other things your HR manager interacts with.
The criminals either use this data themselves or take it to the Dark Web to sell for a few dollars (password/email combinations go for $3-$5 on average on the Dark Web).
Breaches like these happen daily and criminals use the information they steal to do as much damage as they can.
This creates a unique problem for business owners and managers because what can you possibly do to protect yourself from a data breach happening at a hotel chain or some other account online?
Things get even trickier when the average span of time between a data breach and disclosure to the public reaches 15 months. Meaning, criminals have a 15-month head start to get to your business and do damage before your are notified on the 5 o’clock news or your social media feed.
So, how can you defend against this kind of thing?
First, implement a password policy at your business:
- Strong Passwords Required
- Change Passwords Regularly (90 days minimum)
- Dual Authentication
- Lockout Procedures
Second, roll out a password management tool across your organization.
As mentioned earlier, the average adult in America manages over 130 accounts online. It is no wonder that we have a hard time creating strong and unique passwords for each of those accounts. It would be nearly impossible to remember all of that without writing things down – which isn’t secure.
To bridge the gap between security and memory, implement a password management tool. Look for something that is encrypted, secure and be sure to consider mobile capabilities. We recommend LastPass as a great option to start.
Third, invest in Dark Web Monitoring
Dark Web Monitoring is still a newer service offered to businesses and professionals. This is a monitoring solution designed to scrub different areas of the Dark Web (chatrooms, discussion boards etc.) for data connected to your domain.
If we apply Dark Web Monitoring to the example above with the HR Manager for instance – when the criminals stole data from the hotel chain and went to sell/share it on the Dark Web, the monitoring tool would identify your IT company to have the HR manager change passwords. That way, the criminals have useless data and you are protected well before you learn about the breach 15 months later.
The post How A Third-Party Data Breach Impacts Cybersecurity At Your Business appeared first on Andromeda Technology Solutions.Ransomware, Disaster Recovery and Business Continuity: What Every Small Business Should Know Aug 30, 2019
The last few years have seen a large increase in ransomware incidents and 2019 has surely followed suit with many industries impacted. In the last few months manufacturing, municipalities, school districts and other small business sectors have all dealt with their share of attacks. Tens of townships in Texas were attacked in August 2019 with a total ransom of over 2.5 million dollars. School districts across the US were targeted for student and faculty data.
It’s been a rough one to say the least.
The best defense against ransomware for yourself and your business is still education and Andromeda can help with that. Read on to learn more about the threat of ransomware to your business and what you can do to prepare yourself.
Ransomware is a type of malicious program that encrypts a segment or all of your data. At that point, the data can only be decrypted with a key. The criminal ransoms your data until you pay them to decrypt it.
This means that whatever they get their hands on, is no longer of use to you until you pay up. Things like accounting information, client information, HR information – anything data related at the business.
With more and more incidents on the rise, it is important that you proactively defend yourself against this threat and have a plan in place to respond in case your business faces a ransomware incident of its own.
Employee Cyber Security Training
Over 90% of cyber security incidents facing businesses today originate with some kind of human error. Your staff and teammates don’t mean to make these mistakes and an honest error can happen to anyone. Clicking on a bad link, falling for a scam online, downloading an infected file – these things happen to the best of us.
Tricking you into downloading malicious files to your PC is still a method criminals use to try and get into your computer but the primary two methods to gain access and do damage to your systems in 2019 are via third party data breaches (learn more about third party breaches here and phishing email attacks (learn more about phishing scams here .
To help your employees stay ahead of criminals and defend your business, you want to invest in regular training for the team. Professional cyber security training programs include simulated phishing email tests, individual scores, weekly quizzes, newsletters and more.
Data Backups & Disaster Recovery Planning
Employee training will do a good job at helping your staff defend the business but there is still always a chance that ransomware can happen.
When it comes to ransomware, there is little you can do to remove the damages. There is no ‘debug’ or troubleshooting technique that will make it go away. To get the encrypted data, you have to have the decryption code.
The only alternate solution available to you would be to restore from a backup. That way, you don’t need to decrypt anything. Of course, this is dependent on the quality and safety of your existing backups.
We recommend looking for a backup solution with an on premises copy as well as a secure cloud copy of your data backups.
The best data backup and recovery solutions take regular snapshots of your environment. Even better solutions can spin up a virtual ‘copy’ of your environment so you can keep working while your IT team works in the background to get systems back up and running like normal.
Make sure to ask the team or individual who handles your backups how often they test them. It’s also good to have a clear understanding of what it takes to get you back up and running in the event of an incident (what does it look like if we have an equipment failure? How do you respond if we are hit with ransomware?).
Training staff on how to avoid scams and criminal tactics online is a great way to defend against Ransomware and other incidents.
Having a good data backup and disaster recovery plan is what you want to do to make sure your business can handle this type of attack.
The final piece of the Ransomware puzzle for now is going to be your business continuity plan.
When it’s said and done, you are most likely going to experience some amount of downtime in the event of a Ransomware attack. It’ll take time to recognize what is happening, to contact the proper parties (IT staff or your outsourced team and decision makers), respond to the incident etc.
All of this time costs your business money, productivity and opportunities. This is why many vendors suggest coming up with Business Continuity plans for different types of incidents at the office.
Have a plan for equipment failure (like a server crash), a plan for a major cybersecurity incident (ransomware across the network), have a plan for minor cybersecurity incidents (single user hit with malware or a virus). You get the idea.
Some great questions for Business Continuity plans:
- How does my business or staff respond to this incident?
- Do you unplug workstations?
- Does the employee call you first or IT?
- Is there anything you should do on site while your IT team gets to work?
- How long will it take to get us back up and running? (this will differ depending on what you face)
- How do we keep the business running while designated teams respond?
- Can we make use of the cloud?
- Do we need to work from pen and paper while things resolve?
A professional team will help you work through these questions and come up with the solutions your specific business and business model needs to keep things running in the event of a disaster, accident or incident.
The key is really in the preparation.
If you have any questions about any of the topics above or want to discuss your own disaster recover, data backups or business continuity plans, please give us a call at (815) 836-0030 or contact our team via email at Contact@wenetwork.com.
The post Ransomware, Disaster Recovery and Business Continuity: What Every Small Business Should Know appeared first on Andromeda Technology Solutions.If 123456 Is Your Password, Change It Immediately Jul 11, 2020
You probably aren't familiar with the name Ata Hakcil. He's a computer engineering student who recently conducted one of the largest password security surveys currently available.
To conduct his research, he collected a number of username and password "data dumps" from the Dark Web and analyzed the passwords he found there. Hakcil was able to analyze a massive collection of more than a billion passwords, looking for trends and commonalities.
IT Security Professionals have long known that password security is an area of persistent weakness that leaves companies of all shapes and sizes exposed. Hakcil was able to measure and assess just how bad that problem is. What he found was depressing.
The most commonly used password in the collection he analyzed was simply '123456,' which appeared in his dataset more than seven million times. It is the most widely used password in the world. Put another way, a staggering 1 person in 142 was found to have used that simple password. As you might suspect, that is laughably easy for a hacker to guess using the simplest of techniques.
In addition to that, Hakcil discovered that the average password length is 9.48 characters, which isn't great. Given the password referenced above, is better than you might have guessed.
Other relevant and intriguing statistics culled from this study include things like:
- Only 12 percent of passwords include a special character
- 29 percent of the passwords reviewed used alphabet characters only
- 13 percent used numbers only
- Given the above, fully 42 percent of all the passwords in the dataset were vulnerable to quick "dictionary style" attacks that would allow a hacker to gain access with minimal effort.
- The most common 1000 passwords unearthed by this research accounted for 6.607 percent of the total, which gives hackers a long list of low hanging fruit to work with.
- With the most common 1 million passwords, the hit rate is 36.28 percent. With the most common 10 million passwords, the hit rate is 54 percent. This makes most networks incredibly easy to breach.
If you're wondering why we keep reading about so many high profile data breaches month after month, the results of this research go a long way toward explaining it, and that's unfortunate.