What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Warrenville, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
5 Cyber Security Features/Protocols Your Business Needs To Protect Against Scammers, Hackers & Cyber Criminals Oct 30, 2017
Sometimes it sounds like the news and cyber experts are on loop or a broken record. Every day there is a new report about cyber security, threats and the like. But while these stories and warnings may start to seem like white noise in the background, the threats are still here and they are very real.
The upside of all of this coverage and conversation is that business owners are wising up and with the topic of cyber security taking center stage, users and business owners alike are being more proactive when it comes to protecting and educating themselves.
In the spirit of education we’d like to dive a little deeper into 5 features/protocols you can set up at your office to beef up your IT Security.
Top 5 Cyber Security Features/Protocols
Multi Factor Authentication
This feature is nothing new but it is becoming more and more common across all kinds of accounts. Financial services, email, social media and other applications/accounts are making use of multi or dual factor authentication. Essentially you have a password and second form of identification to prove your identity. Sometimes this is a randomly generated code – think Facebook’s code generator.
Another type of multi or dual factor authentication uses biometric data for identity verification. Things like a fingerprint or a retina scan are examples of this type of security measure. In fact, last month we took a look at biometrics, integrated security and banking applications – read more about that here.
An Employee Training Program
Statistically over 80% of all breaches and intrusions occur after an employee error. Clicking a link in an email, downloading a malicious file, visiting an infected website . . . there are so many ways this can happen and most of the time it isn’t intentional either. The best way to prevent this from happening is an ongoing security program for yourself and employees. A good program will have a varied focus: compliance standards for personal and customer info (commonly known as pii or personally identifiable information), strategies for recognizing and avoiding email scams, proper security protocols for best practices at the office and more. In 2017 Andromeda recognized this need and released our PII Protection/Cyber Security Training Program. See full details here.
Business Grade Firewall
A good firewall is your first defense against intrusion. With proper intrusion detection and intrusion prevention settings you arm yourself against cyber criminals and hackers. On top of that, a business grade firewall solution is an important piece of hardware when you want to set up public and private networks. You definitely don’t want guests at your building or passersby accessing company documents or networks because of low cyber security protocols.
Regularly Scheduled Updates/Patching
New viruses and threats hit the market every day. On top of that, hackers and criminals discover new vulnerabilities almost as fast as developers can protect against them. This is why keeping up to date and on top of patching and updates is so important. For instance, the WannaCry virus everyone heard so much about this year took advantage of a vulnerability that had already been addressed by a Windows patch. If companies had proactively updated and maintained their updates/patches, they wouldn’t have been as vulnerable to an attack.
This ties into both firewall protocols and employee training but of course, the fewer random emails that make it into your employee inboxes, the fewer links and files you need to worry about employee’s (or even yourself) clicking on. A professional spam tool can be configured to your liking and can do a whole lot to prevent content from making it to those that might accidentally infect your network. See the photos below for a few examples of emails we protect customers from on a daily basis.
As always, Andromeda is here to help you protect yourself and your business from these ongoing threats. Take the first step today and sign up for a cyber security audit with our team of experts.
The post 5 Cyber Security Features/Protocols Your Business Needs To Protect Against Scammers, Hackers & Cyber Criminals appeared first on Andromeda Technology Solutions.Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have Jul 06, 2018
Securing your data and your network is a bigger job in 2018 than it has been in years past – and if you’re looking at trends or the news, you can probably guess that network security is only going to get more important and cumbersome in the future.
Cybersecurity is now a common household term and that’s a good thing. The page has been turned on data security and people regularly recognize that we need to protect ourselves both personally and professionally from cyber crime and related threats.
To illustrate where the cybersecurity and cyber crime industries are moving here are a few stats (full article here):
- Cyber crime damage costs are predicted to hit $6 trillion annually by 2021
- Cybersecurity spending to exceed $1 trillion by 2021
- Global ransomware incidents are predicted to hit a rate of one attack every 14 seconds by 2019
The threats to data and networks are clearly going nowhere so it is important that you have a plan in place to protect your business (and yourself).
Different software applications and hardware solutions are designed to address specific security concerns. This means that while one solution may give you complete protection from one threat, it may not be suited to protect you from another.
The solution for these weak points is to ‘layer’ your security and design a solution that covers and protects your network to the best of its abilities.
What You Should Expect From A Layered Network Security Solution
A good layered security solution for your network is going to include the following components:
1. Professional Firewall Solution –
Your firewall is designed to help protect your network from external threats. It does this by blocking access to your network while allowing your users to communicate outside of the network. While a firewall is a great way to protect your network from intrusions, it can only protect your system from outside activity. A firewall cannot prevent one of your users from giving unauthorized permissions or access to programs or other users.
2. Professional Antivirus Software –
Antivirus software is a standard security solution designed to detect and block malware, viruses and other bugs from taking action against your network. An antivirus solution typically depends on a predefined catalog of known issues. The software uses this catalog to block those known issues from impacting you. The issue with this is that new viruses, malware, spyware and bugs are produced daily. If your solution is not actively updating and monitoring the internet for new incidents, it won’t be able to protect you from new threats in real time. Antivirus solutions also cannot always block a user from disregarding a warning and downloading a bad file/clicking on a bad link.
3. Email Spam Prevention/Filters –
Spam is more than just an annoying thing filling up your inbox. A majority of viruses and bugs that get through your firewall/antivirus do so by hiding in email messages. Cyber criminals know that if they send enough emails, somebody is going to click a bad link or download a compromised attachment. By filtering out spam, you dramatically decrease the opportunity for someone to accidentally introduce a virus to the network. Again though, spam filters don’t catch everything so they cannot prevent a user from making a mistake.
4. DNS Filtering/Protection –
DNS stands for Domain Name System. This piece of your network controls email delivery and is the component that allows you to browse websites. When configured, a DNS filter can prevent your employees from accessing specific types of sites. For example, a DNS filter can be set up to prevent employees from accessing social media or other blacklisted sites. This security also helps keep malware or other viruses from spreading throughout your network by masking your devices and server. This is one element of your network security that isn’t heavily impacted by regular users but if it is not set up properly and managed properly it can’t protect you from much.
5. Employee Training & Education –
You may have noticed that almost any of the security layers mentioned above have specific strengths and weaknesses. Additionally, each component had a weakness related to human or user error. The fact is that users and honest mistakes are the root cause of the majority of data breaches, viruses, downtime and incidents on your network. That doesn’t mean your employees and coworkers are intentionally breaking protocol or doing things wrong. Most of the time these are honest mistakes like clicking a link in an email, downloading a file with a hidden virus or visiting an infected/malicious site and unknowingly giving cyber criminals usernames & password information.
And That’s Just The Beginning…
These are just five common pieces of a layered network security setup. They all work together to help cover different vulnerabilities and behaviors. There are many other software and hardware solutions that can increase your layered network security and reduce vulnerability. Some of those include:
- Dark Web Monitoring Services
- Dual Authentication
- Password Management
- Data Backups
- Disaster Recovery Planning
- Scheduled & Regular Patches/Updates
- Security Protocols for Remote Devices
- Network Security Assessments (at least once a year)
The most important part to a successful layered network security setup is to take your individual needs and environment into account. There is no ‘One Size Fits All’ solution and there is no one solution that is going to guarantee 360 protection for your network. Be wary of any vendor who tries to sell you something like that.
The goal should be to protect your environment to the best of anyone’s ability and to educate/train your staff adequately to mitigate risk.
You will also want to make sure and take any specific compliance requirements or regulations for your industry into account. Most any business that has data needs to maintain certain standards for data protection.
To discuss any of the layers for a layered network security solution listed above or your environment please reach out to our team.
For more information on employee data security training go here.
The post Layered Network Security: 5 Components Every Layered Security Solution Should Have & Why Employee Training Is A Must Have appeared first on Andromeda Technology Solutions.Vulnerability Found In Major Manufacturers Of Android Phones� Sep 07, 2018
Researchers operating out of the University of Florida, Stony Brook University and Samsung Research America have made a disturbing discovery. Millions of Android smartphones manufactured by eleven different OEMs (Original Equipment Manufacturers) were found to be vulnerable to attack via AT Commands.
If you're not sure what an "AT Command" is, you're not alone. Part of the Hayes Command Set, ATtention Commands were developed in the early 1980s and designed to be transmitted via phone lines to issue commands to modems.
Most people aren't even aware of the fact that their high-tech smartphones contain a basic modem within them, which allows the high-tech wonder to connect to the internet. While AT Commands have been standardized, many vendors have added custom AT Commands to their devices, and unfortunately, these commands can control a surprising variety of advanced features including the built-in camera and the touchscreen interface.
The AT Commands can be accessed via the phone's USB interface. This means that a would-be attacker would have to gain physical access to the device, or place a malicious component inside a user's charger, charging station, or USB dock.
Once a hacker is connected in this manner to the victim's phone, he could use one of the AT Commands to steal data, unlock the screen, mimic touchscreen events, or even rewrite the phone's firmware.
The research team has complied a database of phone models and firmware versions that are vulnerable to this type of attack. They have contacted all the vendors, and are continuing their testing.
Initially, the team tested AT Commands via the USB interface. Phase two of the research will test to see if those commands can be issued via WiFi or Bluetooth connections. The team has also published the Shell script they used in their original testing, available on GitHub.
So far, none of the OEMs contacted have released any information or given a timetable for a fix.