What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Account Coordinator(AC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Saint Charles, IL Businesses:
What A Few Of Our Clients Have To Say
Andromeda IT Service Offerings
Here is just a quick list demonstrating the breadth of IT services you can expect from Andromeda:
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
How A Third-Party Data Breach Impacts Cybersecurity At Your Business Aug 05, 2019
With the average American adult maintaining over 130 different accounts online, the risk of a data breach or data being stolen continues to grow. Between social media, financials, productivity applications, email, business applications, online shopping and countless other accounts online, your “online life” becomes more and more a part of your day to day physical life as time passes.
As more of our lives and data are shared online, criminals are focused on breaking into these databases to steal the valuable info they hold:
- Personal Info such as name, address, dates of birth, social security numbers etc.
- Financial information such as bank info, credit cards etc.
- Social Information on social media accounts
This is a real problem facing consumers globally but the impacts span beyond individual damages and stolen identities (though, those damages are bad enough).
When a criminal steals your password, or the password of a coworker, chances are – they’ve gained access to many pieces of your “online life”.
Here’s an example to illustrate how a third party data breach can lead a criminal back to your business.
Your HR manager helps book travel for employees at the business. He set up a business account at a national hotel chain to book rooms for whatever the business travel needs are. The hotel chain’s database suffers a breach and cybercriminals steal thousands of email/password combos including your HR manager’s credentials.
Your HR manager used the same password he uses for all kinds of sites online when he created the login at the hotel company site. This means that the criminals who have this breached data, now have access to your payroll software, servers and all the other things your HR manager interacts with.
The criminals either use this data themselves or take it to the Dark Web to sell for a few dollars (password/email combinations go for $3-$5 on average on the Dark Web).
Breaches like these happen daily and criminals use the information they steal to do as much damage as they can.
This creates a unique problem for business owners and managers because what can you possibly do to protect yourself from a data breach happening at a hotel chain or some other account online?
Things get even trickier when the average span of time between a data breach and disclosure to the public reaches 15 months. Meaning, criminals have a 15-month head start to get to your business and do damage before your are notified on the 5 o’clock news or your social media feed.
So, how can you defend against this kind of thing?
First, implement a password policy at your business:
- Strong Passwords Required
- Change Passwords Regularly (90 days minimum)
- Dual Authentication
- Lockout Procedures
Second, roll out a password management tool across your organization.
As mentioned earlier, the average adult in America manages over 130 accounts online. It is no wonder that we have a hard time creating strong and unique passwords for each of those accounts. It would be nearly impossible to remember all of that without writing things down – which isn’t secure.
To bridge the gap between security and memory, implement a password management tool. Look for something that is encrypted, secure and be sure to consider mobile capabilities. We recommend LastPass as a great option to start.
Third, invest in Dark Web Monitoring
Dark Web Monitoring is still a newer service offered to businesses and professionals. This is a monitoring solution designed to scrub different areas of the Dark Web (chatrooms, discussion boards etc.) for data connected to your domain.
If we apply Dark Web Monitoring to the example above with the HR Manager for instance – when the criminals stole data from the hotel chain and went to sell/share it on the Dark Web, the monitoring tool would identify your IT company to have the HR manager change passwords. That way, the criminals have useless data and you are protected well before you learn about the breach 15 months later.
The post How A Third-Party Data Breach Impacts Cybersecurity At Your Business appeared first on Andromeda Technology Solutions.HTTPs Encryption: Why You Should Use SSL Certificates Jan 20, 2019
2018 was an eventful year for technology and it’s only going to increase in 2019. Between the Facebook security breach, the Google+ API vulnerability, and many other less famous incidents – one thing is for certain. Cybersecurity dominated 2018 and 2019 is expected to be no different.
With cyber attacks being so prevalent, businesses are starting to notice a shift in public perception when it comes to the companies they work with when it comes to data security. Feeling safe is priority: people don’t want to have to worry about their information being breached on or off the web.
While this has been a growing trend for a several years now, it has also transitioned cyber security from being a feature, to a necessity.
2019 is the year of HTTPs.
What Exactly is HTTPs?
To understand what HTTPs means and how it works, you need to know a few definitions.
HTTP (HyperText Transfer Protocol): In simple terms, this is an application layer protocol. Essentially, HTTP is the protocol that involves information sent between a browser (ex: Google Chrome or Firefox) and a website itself. If you were to interrupt that connection and intercept it, you’d see in plain text what was being communicated between the website and the browser.
This can create extremely vulnerable conditions in certain situations. For example, if you are purchasing products on a website with a basic HTTP, your personal information like your address, credit card info and whatever else you submit can be intercepted and stolen.
The thieves are the only ones who want this to happen – so HTTPs encryption was introduced as a secure option.
HTTPs (HyperText Transfer Protocol Security): Adding additional security components, the language being transmitted between website and browser is encrypted and kept from being read cyber criminals.
SSL (Secure Socket Layer): This is a certificate that enhances your security protocol. This is just another way of saying that your site has the technology in place to securely encrypt transactions between the website and browsers etc.
The types of SSL Certificates may vary, but their basic coding provides security and encryption.
You can always tell if a website is secure by looking for certain factors:
- https:// shows before the URL destination (ex: https://www.google.com)
- A lock (sometimes green) icon may appear in the left corner of your navigation bar
Today, many users look for these key signals to see if they are using a secured website.
When this was first being used, its primary purpose was a security feature for websites that utilized ecommerce and to transfer personal information (ex: financial, medical, legal). However, it has transitioned into having an HTTPs encryption as a standard.
After going through the basics of this HTTPs encryption, you may still have some additional questions about which feature would best suit your business. Here are a few of the most common topics and questions below:
I Don’t Have A Large Business – Do I Still Need HTTPs?
Providing An SSL Tells Your Customers That You Care About Their Security
By utilizing an SSL certificate and transforming it from HTTP to HTTPs, you are providing an extra layer of security for your consumers. They know right away that your website is secure. Nothing they are viewing or how they are interacting on your website is being monitored or watched by a malicious user. It shows that you care about your customer’s user experience – and that reflects highly for company brand.
It Provides Additional Security Against Hackers
Having an SSL certificate installed on your website also helps protect your website from potential breaches or hacking attempts. The extra layer of HTTPs encryption provides an external wall that is difficult for hackers to break and infect. While you might not exactly need one for the style of your business’ website, it still helps protect against possible attacks and saves you capital on potential cleanup and patches once a website does get infected or breached.
HTTPs Improves SEO (Search Engine Optimization)
Having this HTTPs encryption applied on your website shows popular search engines like Google, Yahoo and Bing! that you take your user’s experience and security seriously. They are able to recognize this and return with increased rankings on their engines.
We all know that higher rankings lead to more traffic – this leads to more clients and customers.
Google has been favoring websites with HTTPs for awhile now. However, after recent technology-related world events, they have doubled-down.
Starting July 2018, websites that do not use HTTPs will be labeled “Not Secure”. The last thing you want your prospective clients to see when visiting your site is a message about poor security.
More than 70% of websites are utilizing HTTPs and Google is really trying to make it the norm across the board.
Failure to increase security on your site risks lower search rankings and even increases bounce rates. It is also proven that HTTP sites load slower, causing Google to penalize them for site speed. Overall, the industry is punishing sites that do not value security because they are striving to give the best user experience possible.
So, what should you take away from all of this?
An SSL does incur minimal extra costs, but failure to secure your website can cost you a lot more: potential customers, reduced website traffic and impact overall user experience.
Your IT partner or web hosting provider should have the necessary tools to help you with your website security. It should be simple and affordable enough to keep from breaking your budget.
Want to take the next step and convert to HTTPs, but not sure how?
Andromeda has trained technicians and developers that are more than happy to help you with the conversion. Just give us a call to get started today!
The post HTTPs Encryption: Why You Should Use SSL Certificates appeared first on Andromeda Technology Solutions.Hackers Now Can Access Data In Secure PDF Files Oct 10, 2019
A team of six researchers from Ruhr-University Bouchum and Munster University, in Germany have discovered a critical flaw in the way that popular PDF viewers display data.
This makes it possible for an attacker to exfiltrate data from encrypted PDF files.
The researchers tested twenty-seven different desktop and web-based PDF viewer apps ranging from the ubiquitous Adobe Reader, to Foxit, and even the viewers built into both Chrome and Firefox. They found that every single one of them were vulnerable to the new attacks they engineered. The researchers developed two major lines of attacks with a few variants based on each type.
They had this to say about their findings:
"Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels, which are based on standard-compliant PDF properties...our evaluation shows that among 27 widely used PDF viewers, all of them are vulnerable to at least one of these attacks. These alarming results naturally raise the question of the root causes for practical decryption exfiltration attacks.� We identified two of them.
First, many data formats allow to encrypt only parts of the content.� This encryption flexibility is difficult to handle and allows an attacker to include their own content, which can lead to exfiltration channels.
Second, when it comes to encryption, AES-CBC--or encryption without integrity protection in general--is still widely supported.� Even the latest PDF 2.0 specification released in 2017 still relies on it.� This must be fixed in future PDF specifications."
This is an alarming discovery although these attacks have not yet been seen in the wild. Now that the word is out, it's just a matter of time.� Worse, there's no fix on the horizon, which means that the PDFs you may be relying on to help keep your data secure, simply aren't.