What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Summit Argo, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have Jul 06, 2018
Securing your data and your network is a bigger job in 2018 than it has been in years past – and if you’re looking at trends or the news, you can probably guess that network security is only going to get more important and cumbersome in the future.
Cybersecurity is now a common household term and that’s a good thing. The page has been turned on data security and people regularly recognize that we need to protect ourselves both personally and professionally from cyber crime and related threats.
To illustrate where the cybersecurity and cyber crime industries are moving here are a few stats (full article here):
- Cyber crime damage costs are predicted to hit $6 trillion annually by 2021
- Cybersecurity spending to exceed $1 trillion by 2021
- Global ransomware incidents are predicted to hit a rate of one attack every 14 seconds by 2019
The threats to data and networks are clearly going nowhere so it is important that you have a plan in place to protect your business (and yourself).
Different software applications and hardware solutions are designed to address specific security concerns. This means that while one solution may give you complete protection from one threat, it may not be suited to protect you from another.
The solution for these weak points is to ‘layer’ your security and design a solution that covers and protects your network to the best of its abilities.
What You Should Expect From A Layered Network Security Solution
A good layered security solution for your network is going to include the following components:
1. Professional Firewall Solution –
Your firewall is designed to help protect your network from external threats. It does this by blocking access to your network while allowing your users to communicate outside of the network. While a firewall is a great way to protect your network from intrusions, it can only protect your system from outside activity. A firewall cannot prevent one of your users from giving unauthorized permissions or access to programs or other users.
2. Professional Antivirus Software –
Antivirus software is a standard security solution designed to detect and block malware, viruses and other bugs from taking action against your network. An antivirus solution typically depends on a predefined catalog of known issues. The software uses this catalog to block those known issues from impacting you. The issue with this is that new viruses, malware, spyware and bugs are produced daily. If your solution is not actively updating and monitoring the internet for new incidents, it won’t be able to protect you from new threats in real time. Antivirus solutions also cannot always block a user from disregarding a warning and downloading a bad file/clicking on a bad link.
3. Email Spam Prevention/Filters –
Spam is more than just an annoying thing filling up your inbox. A majority of viruses and bugs that get through your firewall/antivirus do so by hiding in email messages. Cyber criminals know that if they send enough emails, somebody is going to click a bad link or download a compromised attachment. By filtering out spam, you dramatically decrease the opportunity for someone to accidentally introduce a virus to the network. Again though, spam filters don’t catch everything so they cannot prevent a user from making a mistake.
4. DNS Filtering/Protection –
DNS stands for Domain Name System. This piece of your network controls email delivery and is the component that allows you to browse websites. When configured, a DNS filter can prevent your employees from accessing specific types of sites. For example, a DNS filter can be set up to prevent employees from accessing social media or other blacklisted sites. This security also helps keep malware or other viruses from spreading throughout your network by masking your devices and server. This is one element of your network security that isn’t heavily impacted by regular users but if it is not set up properly and managed properly it can’t protect you from much.
5. Employee Training & Education –
You may have noticed that almost any of the security layers mentioned above have specific strengths and weaknesses. Additionally, each component had a weakness related to human or user error. The fact is that users and honest mistakes are the root cause of the majority of data breaches, viruses, downtime and incidents on your network. That doesn’t mean your employees and coworkers are intentionally breaking protocol or doing things wrong. Most of the time these are honest mistakes like clicking a link in an email, downloading a file with a hidden virus or visiting an infected/malicious site and unknowingly giving cyber criminals usernames & password information.
And That’s Just The Beginning…
These are just five common pieces of a layered network security setup. They all work together to help cover different vulnerabilities and behaviors. There are many other software and hardware solutions that can increase your layered network security and reduce vulnerability. Some of those include:
- Dark Web Monitoring Services
- Dual Authentication
- Password Management
- Data Backups
- Disaster Recovery Planning
- Scheduled & Regular Patches/Updates
- Security Protocols for Remote Devices
- Network Security Assessments (at least once a year)
The most important part to a successful layered network security setup is to take your individual needs and environment into account. There is no ‘One Size Fits All’ solution and there is no one solution that is going to guarantee 360 protection for your network. Be wary of any vendor who tries to sell you something like that.
The goal should be to protect your environment to the best of anyone’s ability and to educate/train your staff adequately to mitigate risk.
You will also want to make sure and take any specific compliance requirements or regulations for your industry into account. Most any business that has data needs to maintain certain standards for data protection.
To discuss any of the layers for a layered network security solution listed above or your environment please reach out to our team.
For more information on employee data security training go here.
The post Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have appeared first on Andromeda Technology Solutions.5 Ways To Keep Cyber Criminals At Bay This Holiday Dec 04, 2017
The holidays are a magical time. Snow covered trees, festive lights decorating houses, time with family, parties . . . and an incredible increase in cybercrime and cyber criminals.
Didn’t see that one coming did you?
The cyber criminals think and hope so too.
While people hit the web to shop for holiday gifts, deals and plane tickets to visit loved ones, hackers are doing their best to steal your data and use it for their own purposes.
In the spirit of giving, check out these 5 quick tips to keep cyber criminals and hackers at bay during the holiday!
5 quick tips to keep cyber criminals and hackers at bay during the holiday
1. Make sure that you do your shopping at secure websites
Any time you are purchasing something online you want to make sure you are doing so from a secure website. A secure website will encrypt your information. The means that only the authorized parties (the seller) receives that information and it can’t fall into the hands of hackers or criminals.
You can tell if a website is secure by looking at the URL. If the URL begins with https:// that means it is secure. Specifically you are looking for the S after the http portion. You may also see a lock symbol. Make sure that you never enter information into a website without this. Look out for locks with warning symbols like question marks or red lines – this signals that the site is only partially encrypted and you should never trust it. Buy your stuff somewhere else.
2. Use Credit Cards instead of Debit Cards online – and probably in general where possible
There are so many different ways scammers attack your data. Think back to the big breaches of the last few years – Target, Home Depot etc. Your data can get stolen both online and at brick and mortar locations.
The most secure thing – aside from cash which obviously cannot be used for shopping online – is to shop with a credit card. Credit card companies are required to protect you from fraudulent purchases, if your account number is stolen or even if you purchase something online and it is never delivered.
The protections a consumer is guaranteed by credit cards far outweighs protections offered with debit cards and obviously, if your info is stolen, you’d much rather have that happen on a credit card than having your bank account liquidated.
3. Sign up for alerts
There are many options out there for alert programs and applications. Some let you know any time your social security number is used, some monitor your credit score and other vital information.
In regard to your credit cards and bank accounts specifically, you can have alerts sent to your email or your smartphone via text for activity. For example, you can have any purchase made on your bank card/credit card alert your phone. If that seems a bit overboard, you can set it up to alert you to purchases over a specific threshold.
Additionally, you want to make sure you are checking your bank account every day or so just to make sure nothing strange is occurring. That goes for holiday season and the rest of the year.
4. Check out third party payment systems
You’ve probably heard of PayPal but have you ever looked into why using a third party payment system like PayPal is beneficial for both the buyer and the seller?
Systems like these are middle men that help protect both sides of a transaction. The seller knows that the funds are verified but the seller also gets NO ACCESS to your account information. This is a great benefit to you. Instead of using your card and spreading your information from site to site and exposing your information to different destinations, your information is shared with one company.
Another benefit is that these third party payment options are readily available at most stores online and even at brick and mortar locations these days.
Some popular options are PayPal as mentioned, Apple Pay, Amazon Payments, Venmo, Samsung Pay and more.
5. Check Reviews and beware of the “Too Good To Be True”
It is the season for deals without a doubt. But be smart when you see an offer for something that is well below the market value.
That new iPhone isn’t going to retail for $200 no matter how great a deal they are giving you. Hate to say it but there is no free lunch and one of the best ways for criminals to get you on their sites is by advertising an incredible price for a product.
Even Amazon isn’t immune to this. Bogus retailers will advertise products that are never delivered or that have no resemblance to the pictures online. Pretty sure we have all fallen victim to that, holiday season or not.
But this time of year, make sure you read reviews. Do your research and take all the steps available to you to ensure you are protected.
We hope you have a great end of year and that you start 2018 without any personal stories about how cybercrime impacted your holidays.
If you have any further questions, feel free to reach our team and shop safe!
The post 5 Ways To Keep Cyber Criminals At Bay This Holiday appeared first on Andromeda Technology Solutions.Name Of Utility Company That Leaked Information Just Released Sep 15, 2018
In 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld.
That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident.
Initially, the company admitted that they unintentionally exposed the database in question, but that it contained fake data. As the investigation into the matter continued, it became apparent that the data was not only real, but that it included hashed passwords for administrators that hackers could have easily reverse-engineered. PG&E subsequently reversed their fake data assertion.
The exposed data was found by independent security researcher Chris Vickery, who indicated at the time that the database contained details for some 47,000 computers, virtual machines, servers and other devices.
In addition to that a number of non-encrypted email passwords were found, along with 120 encrypted passwords. In Vickery's words, "This would be a treasure trove for any hostile nation-state hacking group."
According to the official NERC notice regarding the incident:
"The data was exposed publicly on the internet for 70 days. The usernames of the database were also exposed, which included cryptographic information of those usernames and passwords. Exposure of the username and cryptographic information could aid malicious attackers in using this information to decode passwords."
Once PG&E was made aware of the problem, it took a server offline, which removed the exposed data. They also brought in third-party forensic experts to investigate, and as a result of that investigation, revised a number of their security policies.
Overall, the company's handling of the matter was spotty at best, but in light of the record-setting fine, the hope is that we won't see a similar instance of carelessness in the future.