What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Account Coordinator(AC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Summit Argo, IL Businesses:
What A Few Of Our Clients Have To Say
Andromeda IT Service Offerings
Here is just a quick list demonstrating the breadth of IT services you can expect from Andromeda:
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
5 Ways Your Information Gets On The Dark Web May 03, 2019
In our last IT article we discussed the Dark Web. Specifically what the Dark Web is and why it is something that matters to just about everyone. If you missed the article make sure to give it a read here.
There are many ways your information can be compromised and inevitably end up in the hands of wrong doers on the dark web. On top of that, there are numerous ways that hackers and criminals can steal your data that are completely out of your control.
It is important that you put defense in place where you can but it is also important that you manage your risk by educating yourself on some of the top vulnerabilities out there.
With that in mind we’ve gathered 5 of the top ways hackers and criminals get around you to steal your data for the Dark Web.
5 Ways Your Information Gets On The Dark Web
1. Visiting & Using Unsecure Websites
If a website isn’t secure, information passed between you and the site can easily be compromised. In a nutshell, websites pass information to your browser (google chrome, firefox etc.) and your browser displays that information for you to look at/use. Without proper security protocols like an SSL or HTTPs, sites don’t secure that information transfer. So, if you enter personal data into a form, make a purchase or put any data on the site that isn’t secured, it is easy enough for a hacker or cyber-criminal to intercept that data and sell it on the Dark Web.
If you are interested in how to secure your website or tell if the sites you visit are secure, we have an easy to understand article here.
2. Consumer Database Breach
While hackers and criminals will go after your personal data on a small scale, a larger customer breach is what their dreams are made of. Just think back to the Target, Home Depot and Experian breaches of recent years. Even social media databases are full of rich information that hackers can make use of. If a hacker gets ahold of your Facebook password they might have also gotten ahold of your date of birth, where you live and other personal information that they can use to access financial accounts or other personal accounts.
While you can’t keep hackers out of Target’s database, you can practice your own security protocols to decrease the likelihood of criminals using compromised data to ruin you financially:
- Use different passwords for different sites
- Change passwords often (every 90 days is recommended at minimum)
- Use strong passwords
- Look into a monitoring service that alerts you of suspicious activity on financial accounts
3. Firewall Issues
You don’t necessarily have control over whether someone else secures their website and you definitely don’t have control of the security procedures at your local grocery store, but you do have control over the firewalls you use at your business.
First . . . make sure you are using a professional or business grade solution for your firewall. Consumer grade solutions are meant for home use and will not have adequate protections in place to keep your company’s private data secure.
Additionally, make sure that you have regular updates and software patches scheduled. These devices are only as good as the software they utilize. If your firewall is out of date or your software is out of date, chances are they cannot defend against the latest hacker strategies and viruses.
You will also benefit from a regular system audit to ensure all ports are secure and no user changes are impacting your network security. It is pretty common for businesses to forget these updates and checks and this is an incredibly vulnerable access point into your network if not properly configured.
4. Outdated Systems/Devices On Your Network
While your firewall controls much of the inbound and outbound traffic on your network, there are countless other devices that can create vulnerabilities. For instance, if you consider the Target breach of 2013, it is rumored that the criminals gained access to Target’s network via an HVAC company that monitored temperatures in stores. This brings up the fact that it is not just your own network but anything connected to it and the security of those ancillary devices/networks that you must be aware of.
If you have smart devices in the office, if you subscribe to any type of service that needs access to your network, all of these items and programs open you up to vulnerabilities. Even the smart devices you use at home can cause you trouble on a personal level. Imagine if a smart device on your home network was compromised and used by hackers to get into your work files on your home computer. This stuff happens and your information ends up on the dark web because of it.
5. Downloading untrusted applications/Opening Malicious Email
Email is essential to running your business but it is one of the best ways for hackers and criminals to gain access to your network. All they have to get you to do is click a link or download a file and BAM! your data might be compromised.
Email isn’t the only culprit though. Downloading files off the web can also give hackers access to your network and in turn your data. There are tools that can help you avoid this as well as training that helps you spot malicious links/sites.
How Can I Prevent My Info From Getting Onto Dark Web
With proper firewall configuration, professional anti-virus software that is updated regularly and employee training, you will dramatically decrease your vulnerability and incident rate.
There are so many ways hackers access your data. They can get to you through stores, websites, your email, the smart devices at your office/home and those are just a few examples. The scary part is that no matter how secure you make things, they will come up with a new approach that no one expects.
All hope isn’t lost though, with certain protections like professional cyber security consulting, monitoring software (both professional and personal), and specific security devices, you can protect yourself from cybercriminals.
If you’d like to discuss your options and make sure you are truly covered, reach out to our team and schedule a network security assessment.
The post 5 Ways Your Information Gets On The Dark Web appeared first on Andromeda Technology Solutions.Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have Jul 06, 2018
Securing your data and your network is a bigger job in 2018 than it has been in years past – and if you’re looking at trends or the news, you can probably guess that network security is only going to get more important and cumbersome in the future.
Cybersecurity is now a common household term and that’s a good thing. The page has been turned on data security and people regularly recognize that we need to protect ourselves both personally and professionally from cyber crime and related threats.
To illustrate where the cybersecurity and cyber crime industries are moving here are a few stats (full article here):
- Cyber crime damage costs are predicted to hit $6 trillion annually by 2021
- Cybersecurity spending to exceed $1 trillion by 2021
- Global ransomware incidents are predicted to hit a rate of one attack every 14 seconds by 2019
The threats to data and networks are clearly going nowhere so it is important that you have a plan in place to protect your business (and yourself).
Different software applications and hardware solutions are designed to address specific security concerns. This means that while one solution may give you complete protection from one threat, it may not be suited to protect you from another.
The solution for these weak points is to ‘layer’ your security and design a solution that covers and protects your network to the best of its abilities.
What You Should Expect From A Layered Network Security Solution
A good layered security solution for your network is going to include the following components:
1. Professional Firewall Solution –
Your firewall is designed to help protect your network from external threats. It does this by blocking access to your network while allowing your users to communicate outside of the network. While a firewall is a great way to protect your network from intrusions, it can only protect your system from outside activity. A firewall cannot prevent one of your users from giving unauthorized permissions or access to programs or other users.
2. Professional Antivirus Software –
Antivirus software is a standard security solution designed to detect and block malware, viruses and other bugs from taking action against your network. An antivirus solution typically depends on a predefined catalog of known issues. The software uses this catalog to block those known issues from impacting you. The issue with this is that new viruses, malware, spyware and bugs are produced daily. If your solution is not actively updating and monitoring the internet for new incidents, it won’t be able to protect you from new threats in real time. Antivirus solutions also cannot always block a user from disregarding a warning and downloading a bad file/clicking on a bad link.
3. Email Spam Prevention/Filters –
Spam is more than just an annoying thing filling up your inbox. A majority of viruses and bugs that get through your firewall/antivirus do so by hiding in email messages. Cyber criminals know that if they send enough emails, somebody is going to click a bad link or download a compromised attachment. By filtering out spam, you dramatically decrease the opportunity for someone to accidentally introduce a virus to the network. Again though, spam filters don’t catch everything so they cannot prevent a user from making a mistake.
4. DNS Filtering/Protection –
DNS stands for Domain Name System. This piece of your network controls email delivery and is the component that allows you to browse websites. When configured, a DNS filter can prevent your employees from accessing specific types of sites. For example, a DNS filter can be set up to prevent employees from accessing social media or other blacklisted sites. This security also helps keep malware or other viruses from spreading throughout your network by masking your devices and server. This is one element of your network security that isn’t heavily impacted by regular users but if it is not set up properly and managed properly it can’t protect you from much.
5. Employee Training & Education –
You may have noticed that almost any of the security layers mentioned above have specific strengths and weaknesses. Additionally, each component had a weakness related to human or user error. The fact is that users and honest mistakes are the root cause of the majority of data breaches, viruses, downtime and incidents on your network. That doesn’t mean your employees and coworkers are intentionally breaking protocol or doing things wrong. Most of the time these are honest mistakes like clicking a link in an email, downloading a file with a hidden virus or visiting an infected/malicious site and unknowingly giving cyber criminals usernames & password information.
And That’s Just The Beginning…
These are just five common pieces of a layered network security setup. They all work together to help cover different vulnerabilities and behaviors. There are many other software and hardware solutions that can increase your layered network security and reduce vulnerability. Some of those include:
- Dark Web Monitoring Services
- Dual Authentication
- Password Management
- Data Backups
- Disaster Recovery Planning
- Scheduled & Regular Patches/Updates
- Security Protocols for Remote Devices
- Network Security Assessments (at least once a year)
The most important part to a successful layered network security setup is to take your individual needs and environment into account. There is no ‘One Size Fits All’ solution and there is no one solution that is going to guarantee 360 protection for your network. Be wary of any vendor who tries to sell you something like that.
The goal should be to protect your environment to the best of anyone’s ability and to educate/train your staff adequately to mitigate risk.
You will also want to make sure and take any specific compliance requirements or regulations for your industry into account. Most any business that has data needs to maintain certain standards for data protection.
To discuss any of the layers for a layered network security solution listed above or your environment please reach out to our team.
For more information on employee data security training go here.
The post Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have appeared first on Andromeda Technology Solutions.Security Flaw Found In Open Source Office Program LibreOffice Aug 10, 2019
Do you use LibreOffice? It's an open source clone that's functionally similar to Microsoft Office that has grown quite popular over the years. It is available for Windows, macOS and Linux systems.
While open-source software solutions generally have the reputation of being safer and more secure, they're not immune to vulnerabilities.
Recently, a pair of serious un-patched code execution vulnerability has been discovered that could result in malware being installed on your system if you're not careful. In order to take advantage of the flaw, a hacker would need to create a special "poisoned" LibreOffice document and use social engineering tricks to convince you to open it.
While the company behind LibreOffice moved quickly to patch their software, independent security researcher Alex Infuhr has reported that the patch only corrected one of the two issues. �In addition, he was able to find a way around the company's fix for the second.
The first vulnerability resides in LibreLogo, which is a programmable vector graphics script that ships by default with LibreOffice.� It allows users to specify pre-installed scripts in a document that can be executed on various events, such as a click or even a mouse hover.
The second issue could allow the inclusion of remote, arbitrary content within a document, even when "Stealth Mode" is enabled.� Note, however, that stealth mode is not enabled by default, but users can activate it to instruct documents to retrieve remote resources only from trusted locations. This is the issue that LibreOffice tried to fix but Infuhr found a way around.
If you want to protect your system from this issue, the best thing you can do would be to manually disable the LibreLogo component by opening the setup to begin the installation, then:
- Select "Custom" installation
- Expand "Optional Components"
- Click on "LibreLogo" and select "This Feature Will Not Be Available."
- Then click "Next" and install the software.
That should take care of it!