Why is Ransomware on the Rise in St. Louis?

Ransomware is on the rise everywhere, not just in St. Louis. Ransomware can cost a small business tens of thousands of dollars—or even more! Let’s take a look at the proliferation of ransomware, and how your business can protect itself.

A small business’s data is one of its most valuable assets. When criminals launch a ransomware attack, they use malicious software to hold your data hostage. They claim they will give you access to your data in return for a “ransom” payment (although criminals aren’t exactly known for being true to their word).

One of the most common ways in which cyber criminals launch ransomware attacks is by sending phishing or spear-phishing emails. Employees download attachments or click links that look innocuous enough, but they end up inadvertently installing ransomware on their computers as a result. The ransomware then searches for user data to encrypt on the computer or on the network or cloud-based storage system. Once data is encrypted, you won’t be able to use it, and the bad guys send a message with instructions on how to render your files usable again—by paying a “ransom,” often in the form of bitcoins. Often sending money to the criminals provides no guarantee they will release your data.

According to the United States Department of Justice, more than 4,000 reported ransomware attacks occurred daily since January 2016. That is a 300 percent increase in just one year.1  At Anderson Technologies, we frequently hear about St. Louis ransomware attacks—both from local small businesses and reports in the media. Earlier this year, ransomware impacted all 17 branches of the public library in St. Louis. Ransomware rendered their computers unusable. Library management refused to pay the $35,000 ransom and worked with its IT staff to remove the virus and restore service.

Ransomware Makes the Bad Guys Big Money

The reason ransomware is on the rise comes down to economics. In 2015, the FBI reported  approximately 327,000 robberies in the U.S., which accounted for an estimated $390 million in losses.

That same year, there were approximately 127,000 cyberattacks reported in the U.S., accounting for over $1 billion in losses. It’s no wonder criminals are turning to cybercrime. That’s a whole lot fewer attacks for a whole lot more money. Plus, currency like bitcoin makes it easier for criminals to carry out crimes since they can anonymously collect the ransom.

If you factor in downtime and the cost of recovering files, cybercrime actually costs companies approximately $75 billion each year.

Is Your Business Protected from Ransomware?

Ransomware is also on the rise because the bad guys are getting better at designing believable phishing and spear-phishing emails. Gone are the days of scams that are easily identifiable, ridden with typos and strange verbiage. Today, cybercriminals have gotten better at mimicking the language and graphical design of reputable companies, which improves their chances of someone clicking a harmful link or attachment.

For small businesses in St. Louis, cybersecurity protection is an intricate process. You need a multi-tiered approach that includes a firewall, intrusion protection system, internet content filtering, anti-virus and anti-malware software that runs in real-time and is updated regularly, and a thorough and tested approach to backing up your system files. You also need to educate your employees. Even if you are working together with a managed IT services provider to do “everything right,” it takes just one click from an unsuspecting employee to introduce an issue your prevention efforts will have to deal with.

Although your managed IT services partner can reduce the likelihood of an email containing ransomware hitting your employees’ inbox in the first place, malicious messages can still get through. Email providers like Google and Microsoft scan your messages and try to filter out ones that look suspicious, but criminals are working just as hard to update their tactics. The final layer of protection between a St. Louis business (or any business for that matter) and ransomware is employee education.

Just last month, a St. Louis small business called Anderson Technologies in distress. It had just fallen victim to a ransomware attack. Its previous IT services provider wasn’t able to restore its files, but Anderson Technologies experts managed to eradicate the malware and recover the compromised data!

Ransomware stories don’t always have such a happy ending. Indisputably, your best bet is to reduce your chances of coming into contact with ransomware in the first place. Anderson Technologies has a team of St. Louis cybersecurity and ransomware experts who can help protect your business. For more information on our St. Louis cybersecurity services, email info@andersontech.com or call 314.394.3001.


1 “How to Protect Your Networks from Ransomware” U.S. Justice Department. Retrieved on April 20, 2017 from https://www.justice.gov/criminal-ccips/file/872771/download

Encryption: The Small Business Owner’s Secret Weapon

With small business cybercrime on the rise, business owners need to do everything they can to protect themselves and their data. Here’s how encryption can help.  

Encryption is a way to secure your data, either while it is stored on a system or device, such as a hard drive or smartphone, or while it is in transit, such as being transmitted across networks.

Encryption comes from the Greek word “kryptos,” meaning hidden or secret. When data is encrypted, it is transformed so only the intended parties can read it by utilizing a secret key. This is done automatically with the help of encryption technology, which uses an algorithm called a cipher to “disguise” your data and allows people with the right key to decrypt, or unscramble, the information and view the plain text. (For a more in-depth description of how encryption works, review this article from MakeUseOf.)  Encryption is used routinely in the digital realm to keep businesses and customers secure. For example, encryption protects your financial information at the ATM, or when you are making an online purchase if you are patronizing a site using SSL.

For small businesses, encryption is an underutilized form of protection. When your information is not encrypted, you make a hacker’s job easier. Should they infiltrate your network, they will be able to easily use the plain-text information they steal. However, if your data is encrypted, they won’t be able to interpret it, or you will have at least made it much more challenging for them to do so. (Cybercriminals can take steps to decrypt data, but it requires tools, expertise, and time, so you’re very likely deterring all but the most persistent ones.)

The Role of Encryption in Healthcare Cybersecurity

Cybercriminals target the healthcare industry more frequently than any other sector. IBM’s 2016 Cyber Security Intelligence Index, a survey of IBM’s Security Services clients, found that companies storing patient data experience 36 percent more security threats than organizations in other verticals. These companies are targeted frequently because of the high-value customer data they possess. People’s personal health and financial information are prime targets for thieves who use it for identity theft or ransomware attacks. While many businesses use some form of encryption to protect data in transit, too few use the strategy to protect data at rest. Healthcare data encryption is especially critical. Considering the increased role portable technology devices like laptops, mobile phones, and flash drives play in business operations, and the rise in data security threats, this is particularly important.

A security breach isn’t just bad news for your clients whose information has been compromised, it is also bad news for your organization. According to the HIPAA Breach Notification Rule, organizations must “provide notification following a breach of unsecured protected health information.” If the breach affects more than 500 individuals, the organization also has to inform the media. That is certainly not the kind of press anyone is looking for.

Here is where encryption comes in. The incident is not considered a breach if the individual’s information is protected and the business can prove that the data has a low probability of being compromised. This is assessed using a variety of risk factors. Encryption is cited as one of the technologies and methodologies for “rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” In short, encryption can protect your customers and your company in the event of a security breach. (More information about this rule is available here. Businesses should read and understand HIPAA rules in their entirety and work with their legal counsel to understand their ramifications.)

According to the latest healthcare cybersecurity report by Redspin, Breach Report 2016: Protected Health Information (PHI), there was a 320 percent increase in the number of providers victimized by hackers in 2016 compared to the previous year. Most of these attacks targeted smaller offices. This annual report routinely includes recommendations for reducing vulnerabilities, and year after year, encryption makes the list. The latest iteration acknowledges the growing role laptops, smartphones, and flash drives play in companies’ day-to-day operations and, in light of this, describes encrypting data “at rest and in motion” as a “sure-fire, but still often neglected, way to avoid the breach report.1

Encryption is a valuable protective measure for all small businesses regardless of industry segment. It is a proven way to help protect your valuable data and should be part of your small business’s approach to data security.

Do you need assistance with small business data encryption? Anderson Technologies, a team of cybersecurity specialists in St. Louis, has extensive experience working with small businesses to keep their organizations secure. To learn more, call 314.394.3001 or email info@andersontech.com today.


1Breach Report 2016: Protected Health Information (PHI), February 2017, by Cynergistek and Redspin, pg. 18

What Your Small Business Custom Software Vendor Isn’t Telling You

It’s time we address the common misconception that using a cloud-based software solution is enough to keep a small business safe from rampant cyber threats.

Custom software is big business. Software vendors develop digital solutions specifically for niche verticals, from dental practices to dog kennels to accounting services. Small businesses use these products to manage their practice; handle scheduling, billing, and communication; support sales and marketing; and store critical data. A growing number of these solutions are cloud-based. There is undeniable data security in the cloud. Since data is stored remotely, not at the business’ physical location, users can rest assured that should something happen to their office or equipment, their data is secure.

However, custom software, cloud-based or otherwise, is not a substitute for network security best practices. Small business cybercrime is on the rise. In fact, almost 50 percent of small businesses have experienced a cyberattack. Companies that must meet HIPAA compliance need to be especially vigilant. Cybercriminals target care services more frequently than any other industry, in part because these organizations have such valuable data to steal—private, personal information.

Small business owners are sometimes lured into a false sense of security by their custom software providers. Although custom software and cloud computing afford a host of benefits on their own they aren’t enough to protect your business from threats. In addition to misconceptions about network security, small business owners are often left wanting more from their software vendors in terms of support. Service varies depending on the provider, but small businesses usually require more personalized attention than a software company can offer. Here’s what your small business custom software vendor isn’t telling you.

  1. Small Business Custom Software Doesn’t Protect You from All Threats

Busy small business owners are relieved to learn that by purchasing quality software, they can check a lot of boxes, including data security in the cloud. They breathe a sigh of relief and believe the solution will address all their network security needs. Unfortunately, that simply isn’t true.

Here’s an example. There is a common form of malware called keylogging in which cybercriminals infect your system with software that tracks your every keystroke. With the aid of technology, they sift through your behavior and sniff out useful data, such as login IDs, passwords, and financial information. Cloud computing doesn’t protect you from these attacks, or the myriad other ways determined hackers can infiltrate your network.

  1. Small Businesses Need to Protect “the Edges”

Companies of all sizes should take measures to protect critical data and thwart, or at least slow down, cybercriminals. This includes installing and regularly updating a firewall, installing and updating anti-virus and anti-malware software on all of your computers, protecting your public and business Wi-Fi networks, creating strong passwords, and educating your employees.

Many small businesses do not realize how rampant security threats are or how to fully protect against them. Government agencies and the military employ a multi-layer, defense-in-depth security strategy plan to preserve their critical data. They understand that determined hackers may find a way in no matter what they do, so they set up as many roadblocks as possible to slow them down and give hackers an opportunity to slip up and make their presence known.

Small businesses can emulate this strategy and devise their own multi-layer approach to network security. Cloud computing can be a vital part of the plan, but it also needs to involve other elements, like a firewall, intrusion protection system, VPNs for secure remote connectivity, and internet content filtering. Custom software providers simply do not provide this protection. It’s not their job to. But it is a small business owner’s job to understand the truth about his or her company’s digital safety.

  1. You Probably Need an Additional Data Backup Service

Your data is your business. Think about all the different components of your operation. Then think about how challenging it would be to recreate that information should something unexpected happen to it. You are storing billing data, payroll and tax records, customer and business credit card information, internal systems, website data such as source code, text and images, as well as social media assets. Is your custom software backing up all of these elements? Probably not!

Businesses need to analyze the data backup services their custom software partner is providing. If it isn’t handling every piece of business-critical data, an additional solution is required. (These tips for choosing a cloud backup provider can get you started.) Test the restore procedures regularly to make sure that if the time comes, they will be able to retrieve their information quickly.

Cloud-based custom software can be a sizeable investment. Certainly, it serves multiple purposes, and software providers are wise to promote those benefits as they sell their products; but they are not a substitute for IT services! Too many small businesses are lulled into a false sense of cyber security by their cloud-based custom software vendor.

How would your business withstand a cyberattack? Do you know where you stand with your cloud software security? Anderson Technologies, a St. Louis IT consulting company, can evaluate your cybersecurity and help you form a plan for preserving your data. To learn more, call 314.394.3001 or email info@andersontech.com today.

8 Steps to Safe(r) Online Shopping

Sure, e-commerce sites are convenient, but more and more frequently they are teeming with cyber threats that could compromise your financial information, identity, or even your business. Here’s what you can do to protect yourself.

Online sales in the U.S. are projected to reach $523 billion by 2020, according to a report by Forrester Research. In fact, many Americans are buying more online than in-store, and retailers aren’t the only ones taking notice. Criminals see the e-commerce boom as an opportunity for payment fraud, identity theft, and other cybercrimes.

Of every $100 spent online, $4.79 is at risk of a fraud attack, according to The Global Fraud Index, a PYMNTS and Forter collaboration. It’s important to remember cybercriminals don’t just acquire data by targeting you personally. They hack businesses in hopes of infiltrating their databases to steal customer information. If you’ve created an account with a website that is compromised, your information is at risk, even if you haven’t shopped there in months!

Most retailers take precautions to provide their customers with safer online shopping experiences, but the onus is also on the individual. These tips will help you identify secure e-commerce sites, protect your personal information, and at least mitigate the damage should you fall victim to a cyber criminal’s attack.

  1. Only Shop at Sites with “HTTPS” URLs at Checkout

HTTPS stands for Hypertext Transfer Protocol Secure and indicates that the business has an SSL (Secure Sockets Layer) certificate. This certificate requires the vendor go through a validation process. Once installed SSL and TLS (Transport Layer Security) are used to secure sensitive online transactions—such as credit card purchases, financial data transfers, account logins, and other browsing activities requiring a heightened level of security. The data you share with a site’s web servers is encrypted in transit, and thus much harder for hackers to exploit.

  1. Assess the Site’s Legitimacy

Before sharing any personal information, research the site’s return policy, social media presence, and online reviews. Check that it has a Privacy Policy, Terms of Use, and detailed contact information. If anything seems suspicious, leave the site immediately.

  1. Create a Separate Email for Online Shopping

Do not provide e-commerce sites with your personal or business email address. Instead, create an account you use solely for online shopping. You can set up your accounts so all emails forward into a single inbox, but limit how often you hand out your primary email addresses.

  1. Create Unique Logins and Passwords for Every Vendor

Password management is an important component of safer online shopping yet it is often overlooked. Should a cybercriminal gain access to one of your accounts, you want the damage to end there. Do not use the same login and password for everything. Create complicated passwords that cannot be easily guessed. Password management applications, such as LastPass, are invaluable tools to help automate this.

  1. Use a Dedicated Credit Card for Online Shopping

Most credit card companies offer some fraud guarantees and will work with you if your information is stolen. Additionally, consider using PayPal, which goes to great lengths to keep its customers secure.

  1. Do Not Save Your Payment Information

Sure, you’ll add a few seconds to future checkouts, but it is worth it? Should a criminal infiltrate an e-commerce platform at least you won’t be giving them your credit card number on a silver platter. Also, refrain from saving passwords on your browser and clear your history routinely.

  1. Delete Accounts You No Longer Use

Remember, even if you haven’t visited the e-retailer in months, your information could still be obtained by a criminal who hacks the site. By removing accounts from sites you no longer frequent, you’ll help keep your personal information safe.

  1. Be Wary of Promotional Emails

Cybercriminals use email as a means of spreading malware and launching spear phishing scams. If you receive an email from a retailer that looks too good to be true, visit the site directly to confirm the information is valid. Always verify the email address of the sender. If everything seems above-board, hover over the link before clicking it, which will allow you to review the URL. Be sure to do so carefully, as crooks often use domain names that look similar to reputable sites.

E-commerce is a part of life, but we can’t take our cybersecurity for granted. No business owner wants to encourage personal purchases on the job, but it is worth sharing best practices for safer online shopping to help keep your employees, and your business, secure.

Anderson Technologies is a St. Louis IT consulting company that helps small businesses educate their employees about effective cybersecurity practices. For more information on our cybersecurity training services, email info@andersontech.com or call 314.394.3001 and check out our free eBook, An Employee’s Guide to Preventing Business Cybercrime.

Public Wi-Fi Puts Your Business at Risk: 9 Tips for Mitigating the Threat

Every time you or an employee logs on to a public Wi-Fi network, the safety of your business is potentially compromised. These tips will help protect your data from rampant cybersecurity threats on public wireless networks.

The explosion of free public Wi-Fi helps people stay personally and professionally connected. However, many of these networks are not secure and make tempting targets for cybercriminals looking to steal your personal information.

Alarmingly, 60 percent of Americans believe their data and identity are secure on public Wi-Fi, according to research from Symantec. This is unequivocally false! Data shared on public Wi-Fi is usually unencrypted, which makes it simpler for cybercriminals to access.

Americans are three times more likely to connect to public Wi-Fi if it is free, according to a survey by the Identity Theft Resource Center, but free isn’t the same as safe. Let’s take a look at some of the cybersecurity threats found on public Wi-Fi networks as well as what can be done to protect yourself and your business.

Sniffing: Hackers use packet sniffers to intercept the information sent from your browser to the server. “Packet” refers to the bundles of data that hackers capture from the network. Data could include information that enables them to compromise you or your business’s security, such as passwords or user IDs.

Man-in-the-Middle Attack: In this type of hack, criminals intercept your communication while you are completely unware. Examples include eavesdropping on, or even altering, communication between two parties and using malicious tools to come between you and a digital resource, such as a website or email account, in an effort to gain access to your private information.

Evil Twin: This is a Wi-Fi network that appears to be legitimate but is actually created by a criminal to pave the way for cybercrimes, such as man-in-the-middle attacks. These rogue networks often have similar names to legitimate hotspots in the area.

Sidejacking: With this nefarious tactic, hackers use sniffing software to steal session cookies (information on your browsing activity) and then hijack your session. For example, if you’re logged in to your favorite shopping site and hackers sidejack your session, they could make purchases using your credit card information; or if you are sidejacked while active on Facebook, the perpetrators could send messages to your connections or post dangerous links to your feed. The good news is that the thieves are stealing specific cookies and not your username and password, assuming those are encrypted. The bad news is it may not be immediately obvious that you were targeted, and the criminals could use the cookie to access your account at a later date.

In addition to these schemes, cybercriminals use public Wi-Fi to infect devices with malware. Some forms of malware can spread across a network to infect other computers, so you risk compromising other devices when you log back on at the office or at home. If you need to get online in a public place, consider the following tips:

  1. Use a VPN

If possible, use a virtual private network (VPN), which encrypts all of your network traffic data. The majority of business-grade networking hardware have the capabilities to support multiple VPN connections. A managed IT services provider can help you assess the right solution for your business.

  1. Limit Your Activity

Reduce your digital profile by only performing “must-do” activities. For example, use public Wi-Fi if you have to get an important email out, but don’t pass the time with leisurely online shopping. Try to limit your browsing to sites that are verified secure with the “HTTPS” designation, and avoid online banking over public Wi-Fi connections.

  1. Stay Alert

In addition to being aware in the virtual world, keep an eye out for suspicious behavior around you. Criminals can also try to steal your password or credit card information by physically observing you, a technique known as “shoulder surfing.”

  1. Turn Off Automatic Connectivity Features

Ensure your devise doesn’t “accidentally” connect to an at-risk network by turning off automatic connectivity features, which are common on many mobile devices.

  1. Block File Sharing

Perhaps your laptop is configured to share files with others in the office. Disable any file sharing and temporarily turn off all cloud-based file services (such as Dropbox, OneDrive, Google Drive, etc.) before logging on to a public network. Otherwise you may make it easier for hackers to access your information.

  1. Consider Encryption Tools

There are tools, both free and paid, that can encrypt your data when you access a public network. You can encrypt passwords, files, or even your hard drive. An IT specialist can help you determine the right tools for you and your business.

  1. Protect Your Device with the Latest Anti-Malware and Anti-Virus Software

Software can’t protect you from shoulder surfers or zero-day threats, but it will detect many forms of cybersecurity threats should your device become compromised. Be sure to not only install anti-malware and anti-virus software but to also update it regularly so you stay protected as threats evolve.

  1. Use a Firewall

Firewalls protect your technology from attacks and block unauthorized access to your network. When logging on to public Wi-Fi be sure your device’s software firewall is turned on.

  1. Avoid Public Workstations

If you have to use a public computer, say at a hotel, conference center, or library, abide by the tips above. Additionally, clear your history and temporary internet files after your session.

It isn’t realistic to expect yourself or your employees to avoid pubic internet entirely, but it is imperative that everyone understand the risks and take necessary precautions to protect themselves.

Anderson Technologies, a St. Louis IT consulting company, helps educate small businesses about safe online practices. We’ve even created this free eBook to get you started. Contact us today at 314.394.3001 or info@andersontech.com to discuss your business Wi-Fi safety or any of your IT concerns.

If the Presidential Election Could Be Hacked, So Could Your Small Business

It sounds like a scene from a Hollywood thriller. A nefarious foreign entity hacks the 2016 United States presidential election, tampering the results to ensure their favored candidate takes the highest office of the free world.

But truth is stranger than fiction. Just as no corporation is immune from cybercrime, neither is the government. Let’s take a closer look at why a presidential election hack is plausible and what that means for your business as well as society at large.

IT Security Is About More Than Budget

The government certainly has the budget to take every step necessary to create and preserve a secure network, but it’s easier than one might think to overlook a vulnerability. In some ways, large organizations are more susceptible to these lapses than their smaller counterparts because there are so many people involved, vast networks to protect, and ample opportunity for miscommunication and missteps.

Look at the 2015 security breach at Target, the largest of its kind to affect the retail industry with more than 40 million credit card numbers compromised. In the wake of the crime, we learned the culprit was basic malware, and Target’s security specialists flagged it, but the retailer failed to properly respond to the warnings.

It is also incredibly difficult to protect a business from a hacker who has an intimate familiarity with an entity’s infrastructure and security configurations. The FBI reports the electoral system is secure at a national level, but it is vulnerable to individual incidences. For example, cyber criminals could replace a booth at a polling station with one equipped with a chip that fraudulently alters data. Or they could hack into any number of local polling stations that allow the transfer of election results via a network to falsify vote tallies. A big budget doesn’t guarantee an organization makes all the right moves nor does it make it invincible to determined and informed cyber criminals.

Are Cyber Attacks a New Threat to Data Security?

For as long as we’ve had software and for as long as valuable data has been stored digitally, cybercrime has posed a danger. Technology has made tremendous advancements, but as our lives become increasingly digital, we become more vulnerable. We have more to lose, and criminals continue to hone their craft.

The frequency and size of security breaches continues to grow. It is estimated by one former Yahoo executive that as many as many as 500 million people were affected by a security breach at Yahoo, in which personal information like phone numbers, birth dates, passwords, and security questions were stolen. Never before have we seen an attack of this magnitude on a single site.

Cybersecurity issues have always existed, but with more high-value data available—like the results of a presidential election—the stakes are elevated.

What Does Government Security Have to Do with the IT Security of Your Small Business?

Technology plays a big part in our lives, powering everything from communication to driverless cars to a new generation of “smart-home” appliances. Naturally, we face a new crop of security risks and challenges. It doesn’t matter if it’s software powering the electoral system or your local business, there could always be a vulnerability. Threat-free software simply doesn’t exist, and we can’t always predict the problems and vulnerabilities that come with new developments.

You must take steps to protect your business and adopt best practices. Make sure you have a correctly configured firewall in place, change your passwords regularly, use routinely updated security software on all your devices, and back up critical data.

Just because the elections could be hacked doesn’t mean they will be, but the government would be foolish not to take precautions. Your business needs to do the same. Anderson Technologies, a St. Louis IT consulting company, can help. Give us a call at 314.394.3001 to discuss your business’s approach to IT security.

The Single Biggest Threat to Small Business Security: Zero-Day Threats

If you don’t know something exists, it’s hard to protect against it. Therein lies the challenge of zero-day threats, the technical term for cyber threats that capitalize on previously unidentified software vulnerabilities.

Developers in all industries are skilled at creating “patches” of code to correct vulnerabilities in their software once they’ve been identified, but cyber criminals are relentless in searching out new vulnerabilities and quick to pounce when they find one. The time between a hacker spotting a weakness and the software developer releasing a fix is when businesses are most susceptible to zero-day threats. During this period, cyber criminals seek to capitalize on the vulnerability by writing malware and distributing it via websites and emails that include fraudulent links or attachments. Even after cybersecurity firms identify an exploit and create a patch, a business could still fall victim before the software is updated.

Cyber Crime Targeting Small Businesses Is Increasing Rapidly

Zero-day threats are on the rise. In 2015, the number of identified zero-day vulnerabilities more than doubled to 54, a 125 percent increase from 2014, according to the 2016 Internet Security Threat Report by Symantec. That’s an average of more than one new threat per week.

Large enterprises are at the greatest risk, but small businesses are increasingly targeted. In 2015, 43 percent of cybercrimes targeted small businesses. The consequences of an attack can vary, but they typically include disruption in business operations, identity theft (when attackers gain access to confidential information), financial loss, and compromised or destroyed data.

Although it’s impossible to completely eliminate the threat posed by hackers, there are steps every small business should take to increase overall digital health and protect against zero-day threats.

  1. Install, maintain, and monitor an industrial-grade firewall.
  2. Use professional-grade anti-malware software on all devices attached to your network.
  3. Keep all computer systems updated with the latest security patches.
  4. Create strong passwords and change them regularly.
  5. Limit administrative rights on computers to necessary users.
  6. Educate your team about opening unknown or suspicious emails.

That last point is important. Often cyber attacks are waged by sending phishing emails to employees. Phishing tricks a recipient into downloading an attachment, clicking a fraudulent link, or sharing confidential information, such as a bank password. Phishing has evolved into spear-phishing, a more targeted and often convincing approach in which the sender pretends to be someone in the recipient’s life, such as a trusted colleague, vendor, or client. Last year, spear-phishing emails targeting employees increased by 55 percent, according to the Internet Security Threat Report.

A Key To Small Business Cybersecurity: The Thorough Backup

Backing up business-critical files regularly is a vital step in keeping your business secure, especially since ransomware attacks are on the rise. In this type of attack, perpetrators hold a business’s computer system hostage until a monetary sum is paid.

Sometimes ransomware threats can live undetected within a system for days, weeks, or even months. The longer they exist in the host environment, the more valuable they become to the perpetrator, who now has even more data to use as collateral.

However, it’s hard for cyber criminals to hold your business hostage if you have an ironclad backup system. Instead, you can work with your IT partner to wipe the system clean and start fresh from your last backup. Just be sure the backup files are severed from your network so they can’t be compromised, and routinely test your ability to effectively restore them.

Maintaining your small business’s cybersecurity is a full-time job, made all the more challenging by zero-day threats. By adopting cybersecurity best practices, you’ll decrease your business’s likelihood of falling victim to an attack. And if a determined hacker does make it into your network, you’ll have a much easier time recovering and mitigating damage costs if you have a properly configured backup system in place.

Do you have the right backup system for your business? Give Anderson Technologies a call today at 314.394.3001 to discuss backup processes and to work together to devise a plan for protecting against zero-day threats.

Wireless Security — How Vulnerable Is Your Network?

Complementary Wi-Fi is such a commonplace service in our modern-day landscape that most customers expect it as part of every business’s onsite offerings. Customers tap into public wireless access points (WAPs) everywhere they go. Before you open up your business’s network, carefully consider how to implement wireless security and shield your firm’s proprietary and private data from public view.

While traveling, how often have you tried to wirelessly connect your smartphone to the internet only to find several visible networks? You may notice most listings are paired with a lock symbol, indicating blocked public access. Without this protection, anyone with the right tools could gain access to private data. To protect yourself, never connect to a public Wi-Fi network that doesn’t provide a secure encryption.

A wireless network that segregates public and private traffic gives visitors guest network rules and a password that allows them to access only the areas you choose. IT support specialists at Anderson Technologies recommend this kind of network as an essential element to secure sensitive data. They also suggest configuring it for Wi-Fi Protected Access II (WPA2) utilizing strong passwords. WPA2 offers essential encryption and authentication to guard against unauthorized access to your network. This protocol, combined with a hardware firewall, allows employees to securely access the internet and shared files or folders within your company’s digital infrastructure.

In addition to protocols that enable wireless security, IT support experts at Anderson Technologies recommend regularly updating passwords on all company computers and devices (see our blog on Password Security). This includes changing access passwords on all wireless networks. It’s also important to continually update software. New versions contain patches that ensure existing vulnerabilities are taken care of.

“Once you’ve established wireless security in the office environment, don’t forget to set up guidelines for employees traveling with laptops, including common sense computer-use protocols,” said Mark Anderson, a principal partner of Anderson Technologies. “For instance, always be aware of your surroundings when entering passwords. Never attach to an unsecured/unencrypted network, and know what steps to take if a company device is misplaced.” Employees should always use caution and verify networks are legitimate before connecting to Wi-Fi in public spaces like airports and hotels.

Follow these wireless security guidelines to help keep your company data secure and guard against hacker attacks.

Providing companies in St. Louis wireless security as a part of a larger IT support program involves many areas of attention. For more information about establishing a segregated wireless network at your business, contact the St. Louis IT experts of Anderson Technologies at 314.394.3001.

Successful Business Owners Take Password Security Seriously

Password security is a fundamental element of cybersecurity. Defending your business from cyberattacks is one of the most important safeguards needed to ensure your company’s ongoing success. In addition to protecting sensitive company information, private client data must also be secured. A recent article published in InfoWorld reported that the underground market for compromised servers may be much larger and more active than anticipated. The publication cites websites selling login information for over 170,000 hacked servers.

One way to safeguard your business is by adopting a clear password policy to increase security and provide a roadmap for avoiding common password mistakes. Here are six guidelines Anderson Technologies provides its clients to better guard against hackers and strengthen cybersecurity.

Six Guidelines for Increasing Password Security

  1. Include a mix of upper and lower case letters, numbers, and symbols

A good suggestion for creating an easy-to-remember yet secure password is to start with a favorite phrase or quote such as “Keep calm and carry on.” Take the first letter of each word in the phrase, a numerical sequence such as 5-9, and two random symbols to create a very complex password. A password resulting from our example above would be K5c6a7c8o9&%.

  1. Use a minimum of eight characters

The longer the password, the more secure it is. There are 12 characters in the example above. When using this formula, find phrases containing at least four words. This results in passwords of at least ten characters.

  1. Avoid using the same password for multiple websites or logins

It’s worth investing the extra effort to generate unique passwords for your important accounts. Doing so greatly reduces your exposure if a particular account is compromised.

  1. Change your passwords on a regular basis

This is another task commonly neglected. However, it is critical to keeping accounts secure.

  1. Do not allow web browsers (such as Chrome, Firefox, or Internet Explorer) to remember passwords

While many browsers offer this convenience for their users, it’s also an open door to the hacker who gains access to your computer.

  1. Implement a robust password management system

Having a good password management system will safeguard and organize your passwords. Many also help you generate strong passwords. For redundancy, ensure at least two people know the login credentials to the management system in case the principal user is unavailable.

Password Management Systems Provide Security and Peace of Mind

While all of the guidelines in this article help avoid common mistakes, consistent implementation is an ever-increasing challenge as the number of passwords we manage grows. This is where password management systems provide the most benefit.

Anderson Technologies offers guidance to clients for advanced password management systems that provide built-in security and peace of mind. Here are several major cybersecurity benefits of a password management system:

  • Passwords are secured through encryption and two-factor authentication
  • Passwords are safely stored and organized — no more forgotten passwords (or passwords written on scraps of paper) and the time lost to reset them
  • Employees can focus on their work instead of password security
  • Master passwords are designated to principals or other individuals who can access them in case of emergency

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cybersecurity experts a call at 314.394.3001.

Hardware Firewalls Strengthen Cybersecurity Protection

With cybersecurity threats from hackers, viruses, and malware compromising computer systems worldwide, every small business needs a hardware firewall. Firewalls provide enhanced IT security to protect your technology from attack, blocking unauthorized access while still allowing legitimate users access to the systems and data necessary to perform their jobs. They are an essential part of any properly designed IT protection plan.

Six Questions about Your Firewall

 

  1. Is my firewall really protecting me?

Can you answer this with confidence? Anderson Technologies performs an infrastructure analysis at the start of every new client engagement, and we’re surprised by the number of businesses vulnerable to cybersecurity risks. This is often due to the lack of a firewall or insufficient configuration of an existing firewall, which results in inadequate protection of systems and data.

  1. Does it handle the latest security threats?

Because new cybersecurity threats are developed and launched every day, your firewall’s firmware needs to be continuously updated. It should be tested regularly to ensure that security flaws are patched by the manufacturer, and it can handle the latest threats.

  1. Is my firewall monitored?

Ongoing monitoring of a security appliance like a firewall is vital to understanding what kind of threats your business is exposed to and how often intrusion attempts are made. Knowing if and when your system is under attack allows you to marshal the proper response. Monitoring provides this valuable insight. Firewalls are not a “set it and forget it” device.

  1. Is it configured to allow my employees to do their work efficiently while still protecting my vital information and systems?

Firewalls are only secure if they are properly configured. Many firewalls are installed with minimal configuration and too often are set to the manufacturer’s defaults. This can lead to cybersecurity vulnerabilities, unnecessary exposure, and business risk. Firewalls must be configured for the particular business environment they are being installed within to provide maximum security with optimal functionality.

  1. Is my firewall performing well?

Blocking malicious attacks requires a firewall to perform many system-intensive background tasks. It needs enough processing power to not only handle the internet provider’s speeds but also efficiently run necessary protection processes while maintaining optimal performance. If your firewall is older, it could actually be causing a “bottleneck” on your network and slowing down your business’s productivity.

  1. Is my firewall equipment doing the job?

Not all hardware firewalls are created equally! Some manufacturers garner industry recognitions and awards for their security technology and constant innovations while others do the bare minimum. The latter companies lack enterprise-level support and fail to update their hardware to protect against the latest evolving threats. Make sure you have the right equipment to protect your business.

If you can answer these six questions positively, your firewall is likely performing well and protecting your systems and data from attack. If not, we’d love to help. If you suspect your business is vulnerable to attack and would like assistance analyzing options and developing a secure firewall solution, schedule a consultation by contacting us or calling 314.394.3001.