What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Palatine, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data Apr 27, 2018
Cyber-Security is a big topic in the news. New businesses fall victim to hackers and cyber criminals daily.
Even high quality security programs and protocols can fall victim to cyber-bullies without proper employee training, awareness and attention to detail.
We believe education is one of the best defenses against cyber criminals.
With that in mind, we want to provide some valuable tips for spotting and avoiding one of the most popular scams/tactics cyber-criminals use against you: the Phishing Scam.
Email is essential to your business and every day communication. It is also one of the prime spaces hackers focus on to steal your information and sneak into your network.
This is because it is SO much easier to get a person to click on a link, input account info or download a corrupt file via an email scam than many other hacker strategies.
You’ve probably heard this but it’s true – “There’s one person in every office that will click on anything.”
Hopefully that person isn’t you!
But – with the information below, you’ll learn how to spot these scams and some strategies to avoid them altogether.
Phishing Scams 101
What are some of the Goals of Phishing Scams?
- Steal Sensitive Personal Info – Credit Card Info, Account Login Info, Personally Identifiable Information (SSN, Birth Date etc.)
- Gain control of your computer or network
- Install malware or other computer viruses
How do cyber-criminals convince you to fall for their plans?
- Deliver file attachments with harmful software enclosed – viruses/malware/keystroke loggers
- Trick you into clicking on bad websites that secretly infect your PC with viruses etc.
- Convincing you to give them username info and password info to desired accounts
Things you should look out for to spot and prevent Phishing Scams
- Make sure that the “reply to” email address matches the sent address
- Any message that creates a sense of urgency – especially regarding login info
- Any message that requests sensitive data
- Questionable links or links that don’t match the anticipated site/source
- Random social media messages asking you to click a link to see a video or receive specific info
Keep in mind and remember that legitimate companies won’t email you asking for passwords, sensitive info (social security numbers) or other sensitive data via email.
Sample Phishing Scams Explained:
- The ‘From’ email address is suspicious
- ‘From’ and ‘Reply-To’ are different and both are suspicious again
- When you hover over the ‘Restore Access’ button there is a link that doesn’t match any Microsoft destinations
- Bad sender domain
- Suspicious Subject & Content – generic name and sense of urgency to give up account info
- Bad grammar
- Suspicious link if you hover over the masked link.
- Bad domain in ‘From’ section – firstname.lastname@example.org
- Generic Greeting
- Bad link redirect
- Sense of Urgency in message to get your account info
Response Strategies/Protocols for suspected phishing emails:
In the office it is important to have conversations with employees and make sure everyone knows what to do if they suspect a bad email.
- We recommend alerting your IT partner or IT staff members of the issue.
- NEVER click any links you think are suspicious.
- If you are unsure of an email you can always contact the related company direct. For example, with respect to any of the above emails you can always go directly to their official page, grab contact info and call/contact support to confirm that the email is real.
- NEVER use contact info in a suspicious email to figure out whether it is real or not. Criminals put fake phone numbers and contact info in their messages so of course they will tell you that the email is real.
- Hold regular cyber security and data security training in your office to make sure employees are up to speed on the latest techniques/red flags.
The post How to Spot Phishing Scams and Stop Cyber-Criminals from Stealing Your Data appeared first on Andromeda Technology Solutions.3 Ways Data Encryption Can Save You From Unnecessary Stress, Spending & Headaches Sep 04, 2017
When you think of data encryption, you might imagine top-secret files and espionage. Historically, militaries and governments protected messages and sensitive information using encryption. These days encryption has many more uses. And with hackers and cyber criminals constantly after your data, it is important that you make use of this security measure.
Encryption is defined as scrambling data or text to make it unreadable. This protects stored data and personal information from displaying to those without a proper clearance or key to decode that information. There are all kinds of pieces of information you have on file that a disgruntled employee or criminal could make use of:
- Home addresses
- Email Addresses
- Drivers Licenses
- Credit Card information
- Social Security Numbers
- Date of birth
- Medical history or records
- Financial information – routing numbers, account numbers etc.
Depending on your industry, this information may be subject to state and federal regulation, hefty fines and, in cases of negligence, even jailtime (we’re talking hundreds of thousands of dollars). Businesses close their doors over this stuff.
While employee training and proper cyber protocols are great at protecting you and your business from user error and data breach – encryption is an added layer of security every business benefits from.
3 Ways Data Encryption Can Save You From Unnecessary Stress, Spending & Headaches
- Encryption Saves Your Reputation – More and more employees are working on the go in 2017. With employees working from home, sales staff in the field and the hustle and bustle of every day, you don’t want to hold your employees back or decrease productivity by preventing devices from leaving the office. But imagine your employee runs into the neighborhood Starbucks and leaves their company laptop in their front seat. While they are ordering their venti latte, a criminal breaks into their car and steals their belongings – your laptop included. Now you’re out the hardware but more importantly, you have a criminal at large with sensitive data. If this data has any sensitive personally identifiable information (PII) on it, you are required to report the incident. Do you want your customers losing valuable trust in your company? In fact, this fear of reputational damage is the reason that three out of every four victims to ransomware, data breach or cyber-attack do not report the incident. Think back to 2013 when 41 million people found out Target compromised their sensitive data. You’d probably think twice about shopping there again if you were one of them. If the stolen laptop had been encrypted, you wouldn’t have to report an incident. The criminal would have no way of deciphering data on the equipment.
- Encryption Keeps Designated Information Private – Let’s bring this example back into your office for a moment. Even if you don’t keep sensitive customer information on file or process credit cards. You have personal information for employees on file: Performance reviews, social security numbers, salary information and more. You don’t need a hacker or even a disgruntled employee gaining access to these records. With encryption you can ensure that even if an employee accidentally or intentionally stumbles into an area they shouldn’t be, they can’t make sense of any of that information.
- Encryption Can Save You From The Unexpected – Whether a device goes missing from the office, is stolen from a front seat or possibly snatched by a disgruntled employee, you can’t have sensitive information at large. Your reputation aside, as mentioned earlier, these types of breaches can result in very large fines, prosecution and years in prison. Nobody needs that on their mind every night. With encryption you can rest easy that even in the wrong hands, your data can’t be manipulated or exposed. To take this a step further, certain encryption management tools have the ability to remotely disable and even wipe devices. This comes in handy in all of the examples we have described. So now, not only is the information on your device useless, but after your IT company takes necessary steps, the device shows nothing but the “blue screen of death”.
Encryption is a powerful tool. It is an incredibly useful and we would say necessary piece of your cyber security and data protection plan. It is important that you protect sensitive information. Even if you don’t want to believe it, there are criminals and people out there that would wreak havoc with that data if given the chance.
For more information on our encryption software and other cyber security training, protocols and plans, give us a call at (815) 836-0030.
And be sure to click here and explore our Unlimited Security Training Program. Over 80% of data breaches are a result of human error and the first step to prevention is education.
Mention this blog and receive 50% off your first annual subscription.
The post 3 Ways Data Encryption Can Save You From Unnecessary Stress, Spending & Headaches appeared first on Andromeda Technology Solutions.Another Intel Processor Vulnerability Found Nov 12, 2018
Intel just can't seem to catch a break.� By now, almost everyone has heard about the dreaded Spectre and Meltdown vulnerabilities which have been plaguing the chip maker since they were first discovered.� Now, it seems there's a new chip-based threat.
This latest threat has been dubbed PortSmash by the research team from the Tampere University of Technology in Finland and the Technical University of Havana, in Cuba who jointly discovered it.� It works by abusing a weakness in Intel's Hyper-Threading technology, which is Intel's implementation of SMT (Simultaneous Multi Threading).
The researchers had this to say about the attack:
"We recently discovered a new CPU microarchitecture attack vector.� The nature of the leakage is due to execution engine sharing on SMT (e.g., Hyper-Threading) architecture.
More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core."
In plain English, the vulnerability allows hackers to run a PortSmash process alongside a selected process running on the same CPU core. In doing so, the ProtSmash process can spy on that application and even lift data from it as desired by the hackers.
The team released a proof of concept on Github and demonstrated their ability to steal private decryption keys.
So far, the team has confirmed that the exploit works on Intel's Skylake and Kaby Lake processors, but there's strong circumstantial evidence that with modifications, the exploit would work on other chipsets as well, including those developed by rival AMD.
The reason for this is because the researchers believe SMT to be fundamentally flawed. It shares resources between two CPU instances while not providing any form of security differentiators between the two instances.
The research team responsibly reported the flaw to Intel, but the company did not respond in a timely manner, so the team published their findings, which prompted action by Intel.� The company released a security patch on November 1.