What Is An Andromeda C‑CAT?A C‑CAT (Client-Centric Action Team) is a dedicated team that includes one or more two Remote Service Techs, and one or more IT Field Techs whose activities are curated by a Service Coordinator(SC)—each specifically appointed to service your organization. With cat-like reflexes and precision, your Andromeda C-CAT will pounce on any IT issue, upgrade, or project. It's really the cat's meow for your IT needs!)
Professional IT Services that Andromeda Provides for Wheeling, IL Businesses:
What A Few Of Our Clients Have To Say
AndroPedia Tech Library
As part of our service, it is important to keep our client-partners well informed on IT developments, news, and best practices. Here is just a sampling of typical items from our AndroPediaSM library archive:
5 Ways Your Information Gets On The Dark Web Jan 26, 2018
In our last IT article we discussed the Dark Web. Specifically what the Dark Web is and why it is something that matters to just about everyone. If you missed the article make sure to give it a read here.
There are many ways your information can be compromised and inevitably end up in the hands of wrong doers on the dark web. On top of that, there are numerous ways that hackers and criminals can steal your data that are completely out of your control.
It is important that you put defense in place where you can but it is also important that you manage your risk by educating yourself on some of the top vulnerabilities out there.
With that in mind we’ve gathered 5 of the top ways hackers and criminals get around you to steal your data for the Dark Web.
5 Ways Your Information Gets On The Dark Web
1. Visiting & Using Unsecure Websites
If a website isn’t secure, information passed between you and the site can easily be compromised. In a nutshell, websites pass information to your browser (google chrome, firefox etc.) and your browser displays that information for you to look at/use. Without proper security protocols like an SSL or HTTPs, sites don’t secure that information transfer. So, if you enter personal data into a form, make a purchase or put any data on the site that isn’t secured, it is easy enough for a hacker or cyber-criminal to intercept that data and sell it on the Dark Web.
If you are interested in how to secure your website or tell if the sites you visit are secure, we have an easy to understand article here.
2. Consumer Database Breach
While hackers and criminals will go after your personal data on a small scale, a larger customer breach is what their dreams are made of. Just think back to the Target, Home Depot and Experian breaches of recent years. Even social media databases are full of rich information that hackers can make use of. If a hacker gets ahold of your Facebook password they might have also gotten ahold of your date of birth, where you live and other personal information that they can use to access financial accounts or other personal accounts.
While you can’t keep hackers out of Target’s database, you can practice your own security protocols to decrease the likelihood of criminals using compromised data to ruin you financially:
- Use different passwords for different sites
- Change passwords often (every 90 days is recommended at minimum)
- Use strong passwords
- Look into a monitoring service that alerts you of suspicious activity on financial accounts
3. Firewall Issues
You don’t necessarily have control over whether someone else secures their website and you definitely don’t have control of the security procedures at your local grocery store, but you do have control over the firewalls you use at your business.
First . . . make sure you are using a professional or business grade solution for your firewall. Consumer grade solutions are meant for home use and will not have adequate protections in place to keep your company’s private data secure.
Additionally, make sure that you have regular updates and software patches scheduled. These devices are only as good as the software they utilize. If your firewall is out of date or your software is out of date, chances are they cannot defend against the latest hacker strategies and viruses.
You will also benefit from a regular system audit to ensure all ports are secure and no user changes are impacting your network security. It is pretty common for businesses to forget these updates and checks and this is an incredibly vulnerable access point into your network if not properly configured.
4. Outdated Systems/Devices On Your Network
While your firewall controls much of the inbound and outbound traffic on your network, there are countless other devices that can create vulnerabilities. For instance, if you consider the Target breach of 2013, it is rumored that the criminals gained access to Target’s network via an HVAC company that monitored temperatures in stores. This brings up the fact that it is not just your own network but anything connected to it and the security of those ancillary devices/networks that you must be aware of.
If you have smart devices in the office, if you subscribe to any type of service that needs access to your network, all of these items and programs open you up to vulnerabilities. Even the smart devices you use at home can cause you trouble on a personal level. Imagine if a smart device on your home network was compromised and used by hackers to get into your work files on your home computer. This stuff happens and your information ends up on the dark web because of it.
5. Downloading untrusted applications/Opening Malicious Email
Email is essential to running your business but it is one of the best ways for hackers and criminals to gain access to your network. All they have to get you to do is click a link or download a file and BAM! your data might be compromised.
Email isn’t the only culprit though. Downloading files off the web can also give hackers access to your network and in turn your data. There are tools that can help you avoid this as well as training that helps you spot malicious links/sites.
How Can I Prevent My Info From Getting Onto Dark Web
With proper firewall configuration, professional anti-virus software that is updated regularly and employee training, you will dramatically decrease your vulnerability and incident rate.
There are so many ways hackers access your data. They can get to you through stores, websites, your email, the smart devices at your office/home and those are just a few examples. The scary part is that no matter how secure you make things, they will come up with a new approach that no one expects.
All hope isn’t lost though, with certain protections like professional cyber security consulting, monitoring software (both professional and personal), and specific security devices, you can protect yourself from cybercriminals.
If you’d like to discuss your options and make sure you are truly covered, reach out to our team and schedule a network security assessment.
The post 5 Ways Your Information Gets On The Dark Web appeared first on Andromeda Technology Solutions.4 Key Questions Any Business Owner Should Ask Before Performing A Cloud Migration Sep 28, 2018
The solutions, procedures and technologies business owners and staff depend on are continuing their move to the cloud at a steady pace.
Predictions and trends point to over 80% of all enterprise workflow to be managed by the cloud by 2020.
While total adoption of cloud in the workplace is still believed to be 10 or more years away, the benefits to business are clearly driving the adoption of cloud technologies and solutions.
This does not mean that you should perform a cloud migration just because everyone else is doing it. You want to make sure that when you migrate different elements of your business to the cloud, you are doing so in the most secure, compliant and pain-free ways.
That being said, there are some questions you should really ask yourself when planning for or considering your migration.
4 Key Questions About Cloud Migration
1. What are the long term costs for my IT when I migrate to the cloud?
There are quite a few different aspects of your budget that a cloud migration can impact. The first thing you will want to consider is the overall cost of the project. For example, if you have a server and you are considering the costs of a cloud migration vs. buying new hardware, there are a few things you want to look into.
- What is the physical cost of the hardware including labor for install and setup?
- What is the initial setup and migration cost if you move to the cloud?
- What are your anticipated maintenance costs for a physical server over the next 3-5 years?
- What are the maintenance costs and recurring costs for your cloud environment for the next 3-5 years?
- If you stick with an on-prem solution, how long until you have to replace your new hardware on average?
All of these questions you should ask yourself and your IT vendor/department when considering the cloud. Often, when you take long term maintenance and hardware replacement into consideration, you will end up being more cost effective with a cloud solution. But, this is not always the case.
2. What areas of our business will see benefit from a cloud migration?
The cloud has offered many benefits to business. The cloud environment lends itself to collaboration in many ways. Staff will likely enjoy the ability to access data, software and systems remotely. Departments will notice that different integrations are easier when software is in the cloud as well. Companies like Zapier, IFTTT and even Microsoft with Microsoft Flow are in the business of helping you integrate workflows and get a whole lot more done.
This means more productivity, automating repetitive tasks and hopefully better results for both your employees and clients.
3. Do you have specific security/compliance requirements?
Different industries have specific security requirements and compliance standards for data. This means that you will want to consult with experts in your industry to make sure that the solutions you choose are above board.
For instance, if you chose to migrate your email server to a hosted cloud solution, you still need to make sure that the email service is secure. Solutions like G Suite and Office 365 state in their user agreements that they are responsible for the security of the cloud environment but that YOU are responsible for all of your data.
Meaning – Microsoft or Google makes sure the cloud is secure, YOU make sure that you have backups of your emails and all of your data in case of emergency.
Additionally, if your industry has requirements for sending secure/encrypted emails, you’ll want to make sure that the solution you choose meets said requirements.
This was just an example of how security and compliance can impact your choice of cloud email solution. Depending on what you want to move to the cloud (infrastructure, software, OS etc.), you will want to consult with industry experts to ensure success.
4. Public, Private or Hybrid Cloud Solutions?
On the surface, the concept of public or private cloud solution is straight forward.
A public cloud is owned by a company like Microsoft (Azure) or Amazon (AWS). This company owns the physical space where the ‘cloud’ is hosted. In a public cloud, your business essentially leases space to host your environment. This space is technically shared but can be segmented for security purposes.
This decreases your overall time and material cost for maintenance of the environment. You access services and can manage your account by logging in from your internet browser. These public solutions are best for email solutions, office software, applications, testing environments, development environments and more.
A private cloud is owned and managed by one specific entity (either you or your IT service provider). There are no other businesses sharing your space or stored on the equipment. This is definitely a more secure solution for highly regulated industries.
A benefit with privately hosted cloud environments is that they are more customizable for specific business needs. Additionally, a private cloud is easily scaled to grow with your needs – you will just have to account for any additional hardware or bandwidth needs as you grow.
A hybrid cloud solution is a mixture of any or all solutions including: on-premises solutions, public cloud and/or private cloud.
For some industries, there may be specific elements of the business that must remain on site. In other instances, you may have proprietary software that just isn’t cloud compatible or doesn’t make sense to migrate.
You may also have certain needs that make sense to offload into a public environment where you aren’t responsible for maintenance.
The beauty of cloud migration solutions for business is that they are highly customizable. They help you get more done and stay connected in innovative ways. There is a reason that technology is steadily migrating to the cloud across our professional and personal lives.
If you have any questions about the cloud or want to discuss how the cloud can elevate your business, please give us a call at (815) 836 – 0030 or send an email to Contact@WeNetwork.com. Our team is ready and eager to help you.
The post 4 Key Questions Any Business Owner Should Ask Before Performing A Cloud Migration appeared first on Andromeda Technology Solutions.Government Payment Processor Exposes Data On Millions Of Americans Oct 03, 2018
If you use the GovPayNet portal, be advised that your personal information is currently at risk. Although at this point, there's no indication that any hacker has made use of it.� The portal is run by Government Payment Service, and is used by many Americans to pay fines, fees and bills generated by more than two thousand different government agencies operating in 35 states.
Unfortunately, the way the website is configured, when it issues a receipt for a payment, it numbers those receipts sequentially. All a hacker would have to do would be to change the receipt number in the URL to see any previous receipts, and all of the information it contains.
When the flaw was discovered by journalist Brian Krebs, more than fourteen million old records were exposed in this manner.� He contacted Government Payment Service to inform them of the flaw, and the agency moved quickly to address the issue. They said in a formal statement that they "did not adequately restrict access to only authorized recipients."
They went on to assure their users that there's no indication that any data had been improperly accessed. They added that the receipts generated don't include any information that could be used by a hacker to initiate any type of financial transaction.
Unfortunately, the reality was a bit different.� The receipts contain the names, addresses and phone numbers of the person paying the fee in question, along with the last four digits of whatever credit or debit card was used to make payment. That is more than enough information to enable a hacker to initiate a phishing attack to get the rest.
Nick Bilorgoskiy of Juniper Networks had this to say about the matter:
"Online payment providers...should take special care to protect their customers' receipts by using HTTPS and checking that the user is logged in and has permissions to view them.� To avoid information disclosure and directory traversal issues, I also recommend denying anonymous web visitors the ability to read permissions for any unnecessary files from web-accessible directories."
It's good advice, and here's hoping that Government Payment Service will take it.� If you use the service, there's nothing for you to do.� You don't need to change your password, since it was never exposed.� Just be mindful that someone may have seen any data your receipts contain before the site was secured.