KRACKed: The Fissure in Wireless Security

Internet surfing on mobile devices has seemed relatively safe since the 2001 Wi-Fi security protocol update and the advent of wireless data encryption. The WPA2 encryption standard mostly shielded us from being hacked on our private networks. However, new research from Belgian cybersecurity expert Mathy Vanhoef exposes a threat that proves our false sense of security is coming to an end thanks to the Key Reinstallation Attack (KRACK) vulnerability.

What Is the KRACK WPA2 Hack and How Does It Work?

WPA2 (or Wi-Fi Protected Access 2) is one of the current wireless security standards. Unlike its predecessors, it securely encrypts web traffic by way of a “four-way handshake” process that randomly generates an encryption key every time a device with matching credentials accesses a wireless network. This handshake protects your private home and business networks different with four authentication exchanges, ensuring information you send back and forth over the network is safely encrypted.

The KRACK vulnerability interferes with the four-way handshake by way of the encryption key; KRACK records the key and reinstalls it to be used multiple times. This allows the attacker access to communications between your device and wireless access point, as well as any information that isn’t otherwise encrypted. Hackers could potentially view and steal your credit card information, passwords, shared files, and any other private information sent across the web.

One caveat of the KRACK vulnerability is that hackers need to be within the range of your Wi-Fi network. This means that your personal information is safe from hackers on the other side of the world, but anyone in close proximity could gain access to your network traffic if they have technical skills. And even though a hacker must be in range to exploit this vulnerability, it’s possible KRACK could be used for packet injection (explained here) or inserting malware or ransomware into websites.

How Can I Protect My Network Privacy?

 Though KRACK is disrupting our WPA2 sanctuary, there are many ways to ensure you’re safe—or as safe as you can be—until the WPA2 protocol is updated to prevent these attacks.

  1. Update Your Router

Most people don’t think about updating their router in the same way you update your phone or laptop software, but this is a vital step to protecting your wireless network from KRACK. You can find instructions to update some of the more common manufacturers’ router firmware here. If your router doesn’t belong to one of the companies that has released a firmware patch, you should contact your internet service provider.

  1. Update All Devices with Wi-Fi Connectivity

Thanks to Apple and Microsoft’s specific implementation of WPA2, they aren’t as vulnerable as other devices. However, that doesn’t mean your iPhone is safe. Mathy Vanhoef’s blog publicizing the vulnerability includes a demonstration of an attack on an Android device and links to examples of bypassing encryption in Apple operating systems, as well as other common encrypted applications. Any device with Wi-Fi capabilities needs to be updated as soon as patches are released. In the meantime, use Ethernet or cellular data on your mobile device if possible.

  1. Utilize Other Methods of Encryption

Even when this WPA2 vulnerability no longer exists, you should make sure you’re communicating with websites securely. Many websites use HTTPS, which you may have noticed during browsing sessions. Thankfully, most websites that handle sensitive personal information (banking and financial sites, etc.) already default to secure browsing, which encrypts private data. Browser extensions like HTTPS Everywhere will force sites to browse securely when the option is available. Communicating over a virtual private network (VPN) also encrypts all traffic, rendering it safe from KRACK. However, be aware that VPN providers may store your data in other ways, so make sure to research and select a trusted company.

  1. Take Stock of Your IoT Devices

The Internet of Things, while still new technology, is notorious for its inherent security weaknesses. Any IoT devices you have connected to your wireless network may need to be disconnected until patches are available. Information from most IoT devices is probably harmless even if hackers were able to gain access to it, but unless each device encrypts traffic, your privacy could still be compromised.

Thankfully, this vulnerability is getting much publicity. The US Computer Emergency Readiness Team continues to update its list of over 100 vendors and their software updates, and none of the indexed vulnerabilities are yet known to be used outside of research. It’s unlikely that an everyday WPA2 user has been affected by this breaking vulnerability, but it would be wise to exercise caution until more information and software updates are released. Be wary of any unfamiliar wireless networks, and keep an eye out for any notices from your hardware and internet service providers.

For more help keeping your network safe from KRACK and other threats, contact the experts at Anderson Technologies at 314.394.3001 or info@andersontech.com.

Equifax Hack 101: What You Need to Know to Keep Your Credit Safe

Credit plays a ubiquitous role in our lives. What can we do when the systems we trust fail us?

Corporate cybersecurity breaches are more common than many people realize. The recent headline-making Equifax data hack affects upwards of 143 million Americans, making it one of the largest risks to personal information to date. This breach is leading consumers to question their safety from identity theft and whether credit bureaus and ancillary companies have their best interests at heart.

 What happened?

Equifax is one of the three biggest credit reporting agencies that collect consumer credit information. You don’t have to submit any of your personal information to Equifax for them to have it—if you’ve applied for a car loan, mortgage, or credit card, Equifax likely has your data in their system.

A vulnerability in an Equifax web application framework, Apache Struts, was discovered and disclosed in March of 2017. At that time, patches were implemented, though these efforts did not completely solve the problem and in late July suspicious traffic was noted. According to their press release about the breach, Equifax’s security team then “investigated and blocked the suspicious traffic that was identified.” Three days later (August 2, 2017), Equifax hired Mandiant, an independent cybersecurity consulting firm, to evaluate the damage.

After analyzing the scope of the breach, Mandiant discovered that personal information of 143 million Americans had been exposed, along with credit card numbers of 209,000 Americans, dispute documents for 182,000 Americans, and various information of certain United Kingdom and Canadian residents. In direct response to this analysis, Equifax provided a site for consumers to check whether their information may have been compromised and subsequently sign up for a free year of credit monitoring.

How is Equifax handling the situation?

Some of Equifax’s actions haven’t been viewed optimistically. A public relations nightmare ensued after the discovery of an arbitration clause in Equifax’s Terms of Use.  The language apparently waived the rights of consumers who signed up for credit monitoring to sue Equifax in relation to the security breach. It took Equifax until September 13 to release a statement that they had removed the offending clause from their Terms of Use.

Executive personnel changes also followed in the days after the hack disclosure. However, allegations of insider trading that purportedly took place after the breach was discovered have not yet been publicly addressed.

On September 20, several sources reported that Equifax incorrectly linked customers to a fake website designed to look like the signup site for credit monitoring.  Fortunately, the person who set up the fake site did not have malicious intent, but the situation revealed how easily criminals could take advantage of Equifax’s oversights and gather even more personal information.

What’s the damage?

Unfortunately, unlike many previous cybersecurity incidents, the type of data gathered in this breach will have a serious impact for years to come.  Criminals now have their hands on Social Security numbers, records of open credit accounts, and other personal data from Equifax’s stockpile of consumer profiles.  Attackers can now build targeted spear phishing attacks that, if executed well, will seem extremely legitimate to many users.

Will credit monitoring prevent my information from being compromised?

In short, no. Credit monitoring does nothing to prevent thieves from accessing your personal information.  It only keeps an eye out for suspicious activity regarding your credit file. Many credit bureaus and agencies advertise the service for a fee. The free year of TrustedID Premier offered by Equifax in light of this most recent breach also provides identity theft insurance, which covers up to $1 million of certain expenses, such as legal fees, related to recovering your credit information in the event of theft.

There likely won’t be any negative effects from submitting your information to Equifax and enrolling in the free year of TrustedID Premier, but until a few days ago the site was infamously broken. Some users reported receiving different messages depending on the device used to submit their inquiry. Equifax claims it fixed the site on September 13.

If you are already fastidious about monitoring your lines of credit, there’s not much to be gained by sharing additional personal information and enrolling in free credit monitoring. The olive branch from Equifax is welcome but may not make a significant impact depending on the consumer.

What other steps can I take?

There are two big moves anyone can make at any time to protect their personal information—submitting a fraud alert or requesting a credit freeze. Both actions are effective in ensuring criminals don’t have easy access to your credit, though they work in different ways.

You can request a fraud alert by contacting the credit bureaus (Equifax, Experian, TransUnion, and a smaller but still significant bureau, Innovis), but you must provide varying amounts of paperwork and personal information before your application is complete. This must be done independently for each company.  Once your fraud alert is in place, lenders can still access your credit information but they can’t grant credit in your name without contacting you first.

If you don’t want your credit files to be viewed by anyone other than yourself, applying for a credit freeze is the way to go. Even though new lines of credit can still be applied for in your name, none can be opened unless you “unfreeze” your credit files to give access. Again, this process must be completed at each credit bureau.  Consumer Union offers a thorough how-to guide on placing a security freeze on your credit files and what fees you should expect depending on which state you live in. Unfortunately, many states require fees to lift a credit freeze as well; this means you might have to pay every time you want to move or apply for a car loan. However, the costs associated with this protection are much smaller compared to the time and trouble involved with being a victim of identity theft.

Those affected can also seek legal recourse. A firm in Oregon has already filed a class-action lawsuit against Equifax, claiming that the company failed “to maintain adequate electronic security safeguards as part of a corporate effort to save money.” At least 23 other lawsuits are in the works, filed in 14 states and the District of Columbia. A federal panel will review and likely combine these cases into a single lawsuit. If class-action status is granted, affected customers will be able to join.

Even if Equifax deems you unlikely to have been impacted by the hack, it would be wise to use this opportunity to evaluate the security of your credit information and keep a closer eye on your credit scores.

Anderson Technologies is a St. Louis cybersecurity company that specializes in protecting client data. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

What Is a Network Security Audit?

You can’t improve your IT processes and keep your data secure without a complete picture of your IT infrastructure. By conducting a network security audit, you’ll understand what is working and what needs to be improved so you can proactively get ahead of issues and improve your systems.

Cybersecurity threats are on the rise. Small businesses need to take cybersecurity seriously.

A network security audit, sometimes referred to as an information security audit, is a technical assessment of your IT systems. It’s conducted by a professional IT firm that uses physical processes and digital solutions to assess the quality and security of your business network environment, including your operating systems and all your applications.

When you work with a managed IT services or IT consulting company, a network security audit is an important fact-finding step, akin to a look under your car’s hood by your mechanic. It’s a way for the managed IT firm to get a complete picture of your business and spot potential holes in your security that could leave you vulnerable to hackers.

As part of a network security audit, your IT partner may conduct an IT infrastructure audit—an assessment of your IT architecture that covers areas beyond cybersecurity, such as performance and cost-savings opportunities. Both processes are complicated and technical, but the results don’t have to be. Your managed IT partner should be able to present its findings in plain English and recommend easy-to-understand actions based on the report.

A network security audit should include review of the following:

  1. Firewall

The IT partner should review your firewall configuration, check for security vulnerabilities, and make sure it is being patched regularly with the necessary firmware updates.

  1. Anti-Virus and Anti-Malware Software

The audit will determine if all systems, including your servers, are protected by updated anti-virus and anti-malware software.

  1. Active Directory

Microsoft’s Active Directory is a centralized way of managing all the users, computers, and security policies on Windows domains. Your business should be managing its Active Directory on an regular basis, which means removing inactive computers and user accounts from the system as needed. This helps reduce security threats posed by stale accounts with network access and passwords that never get updated.

  1. Password Approach

The audit will determine the effectiveness of your company password policy. For example, are you prompting your employees to use strong passwords and routinely change them? Are you deactivating previous employees’ accounts promptly? These are crucial components of cybersecurity.

  1. Backups

Every company needs a process for backing up business-critical data and testing it regularly to ensure effectiveness. The audit will review your approach and pinpoint any shortcomings in your strategy.

These are just some of the aspects of a comprehensive network security audit. To identify all security vulnerabilities, your IT partner will also review your approach to data sharing, remote connectivity (how your employees access company assets when they are home or traveling), and internet content filtration (whether you block sites that violate your company’s internet policy).

Why a Network Security Audit Should Include an In-Person Assessment

The network security assessment should pave the way for a blueprint of your IT security plan. At Anderson Technologies, our experts use the audit to identify critical risks and help our clients prioritize their resources.

When conducting a network security audit, Anderson Technologies installs a sophisticated software tool on the client’s server to probe the network, gather information, and compile findings. Additionally, its experts go onsite to review the client’s setup in person. That is the only way you can truly assess the health and performance of IT equipment and ensure systems are wired correctly. For example, a software probe can’t tell you if too many systems are running from the same power source or if someone has plugged a space heater into the same surge protector as the computers, a common mistake in the winter months.

Next, the firm analyzes all the digital and on-the-ground findings and boils them down to key takeaways and prioritized action items for business owners. That is when the network security audit really proves its value—when it helps a business and its managed IT services partner find ways to stay safer and improve the business’s IT infrastructure.

Anderson Technologies is a St. Louis managed IT services and IT consulting company that performs network security audits and IT infrastructure audits for clients. It specializes in making meaningful recommendations based on findings and working with clients to improve their approach to cyber security. For more information on the company’s services, email info@andersontech.com or call 314.394.3001 today.

Quotables: Security on the Go: Protecting the Data on Your Mobile Devices

We recently published a guest article about protecting data on mobile devices.

Read our full guest contribution on TechSpective’s website:

https://techspective.net/2017/05/18/security-go-protecting-data-mobile-devices/ 

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

Cyber Security in St. Louis: Ransomware Nearly Destroyed This Small Business

Ransomware attacks have been making international headlines, and St. Louis cyber security threats are all too real. See how one local business survived a ransomware attack with the help of proper IT support.

In late June, malware struck companies in the U.S., Europe, and the Middle East. This massive attack, a variant of the Petya family of ransomware, infected thousands of systems. This was on the heels of the largest global ransomware attack in history, WannaCry, the consequences of which are still being tallied months later.

In a ransomware attack, cybercriminals infect a computer or network with malware that encrypts data, rendering it unusable. They claim they will decrypt the data in exchange for a ransom, which is usually requested in the form of bitcoin. However, there is no guarantee that the data will be returned.

In light of these recent crimes and a spike in cyberattacks worldwide, ransomware protection is a hot topic. The International Police Organization (INTERPOL) recently held its annual security conference, INTERPOL World, which brings together law enforcement, security professionals, and technology providers. On the agenda was the mounting volume of cyber threats and the heightened importance of cyber security. St. Louis businesses need to tune in, too. Ransomware defenses, and other cyber security concerns, are as much local issues as they are international ones.

Just One Example of Ransomware in St. Louis

Earlier this year, a small business in the greater St. Louis area* experienced the severity of cyber security threats firsthand when ransomware infected its communications server. Luckily, when it was detected, the ransomware was confined to that device. The business’s IT support vendor detached the machine from the network, scanned it to remove the threat and returned it to the infrastructure after believing all instances of the threat had been identified and eradicated.

It had not! This time the ransomware spread throughout the network and locked up business-critical data on the primary fileserver. Because the company did not have a backup system in place, the IT vendor said it was unable to retrieve any data and suggested the only option was to pay the ransom.

The business owner was in a total panic at that point because every piece of client data for the entire business had been rendered unusable. The ransom was expensive. He knew that even if he paid it, he still risked receiving partial data, damaged data, or nothing at all. From an ethical standpoint, it felt like the wrong thing to do. Law enforcement recommends people not to pay the ransom as it encourages subsequent attacks.

The Road to Ransomware Recovery

The business owner wanted a second opinion. With a quick Google search, he found Anderson Technologies, a local St. Louis cyber security firm. He called and shared his story. Mark Anderson and his team agreed to do their best to help. Luke Bragg, senior system administrator at Anderson Technologies, went onsite, assessed the situation, and conducted a deep inspection. He discovered the ransomware had infected most of the drive but upon further investigation identified previously hidden copies of company data that were untouched. After successfully removing the ransomware Luke recovered every single file.

The ransomware recovery process took two days, but in the end the Anderson Technologies team retrieved all the company’s data, onboarded it to its managed IT services program, put new cyber security preventative measures in place, and implemented a reliable approach to backing up all the company’s files.

This is an extraordinary story and certainly not the norm. Unfortunately, plenty of businesses are attacked by ransomware from which they cannot recover. However, this example illustrates two important points:

  • Businesses must take ransomware protection seriously with cyber security. In St. Louis cybercriminals attack companies big and small.
  • The skill and experience of your IT partner affects the outcome of your ransomware recovery process.

This story could have had a different ending if the company chose a less experienced IT firm. Should your company be in a bind, choose a partner with a proven track record.

Anderson Technologies is a St. Louis cyber security company that specializes in ransomware protection and recovery. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

*To protect this business’s privacy, we have omitted its name and any identifying details.

Change Your Passwords for the Last Time

Everything you know about creating passwords is about to change.

The National Institute of Standards and Technology (NIST) recently released their new Digital Identity Guidelines, which explains how many of the security measures in place for passwords simply don’t work. According to the NIST, “Humans … have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.”

In other words, it’s hard to remember “1S6u5^Q%,” so most users go with something simple like “cakeboss.” Previous guidelines indicated complexity would make passwords more secure, but when restrictions require a capital letter, number, and special character, users are more likely to adapt an easy password to match, turning “cakeboss” into “Cakeb0ss!” Furthermore, when required to change passwords every 90 days, users often make small changes (i.e., “Cakeb0ss!1”) rather than creating entirely new passwords. These minimal alterations are predictable and increase the risk of a security breach significantly.

The New Guidelines

Thanks to the NIST, the new guidelines focus on usability as a factor of password security. If someone can’t remember a password or must write it down because it is constantly changing, then it’s not secure. Because using numbers and special characters is so predictable, complexity is not as important as length and memorability.

For this reason, the NIST suggests that numbers and special characters not be required of users. Spaces should also be allowed so users can create strong password phrases. Simple phrases that the user can remember easily, even when lowercase and using normal words, are more secure than passwords like “1S6u5^Q%.”

The guidelines still indicate a minimum password length of 8 characters but propose allowing up to 64 so users can create strong password phrases. The NIST considers length a “primary factor in characterizing password strength.” A strong password is a combination of four or five words that the user can recall but cannot easily be guessed by a hacker or malicious software (i.e., “Milky Orange Clock Wolf”).  Note that many sites currently do not allow spaces between words so you may need to remove them, but this will change as people adopt these new standards.

The NIST also puts more of the onus on the service rather than the user. They suggest that passwords be compared to “blacklists” of known compromised passwords before acceptance.  Accounts should also limit the number of times a user can enter a wrong password before locking access for some length of time. This way users can create simpler passwords while service providers increase password security.

So, let go of notepads full of passwords too strange to be remembered. For sites that quickly adopt the NIST’s new guidelines, create strong password phrases only you’ll recall.  Otherwise, we’ll have to wait for the rest of internet to catch up. Until then, password managers such as LastPass or Dashlane can keep track of those complex passwords far more securely than writing them down.

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cybersecurity experts a call at 314.394.3001 or email info@andersontech.com.

The Truth about Data Recovery Services

Have you ever accidentally deleted a file and wondered how to get it back? Now imagine your business lost all its data. This happens more commonly than you may think. Data loss is a real and growing threat to your business. Here is what you need to know about data recovery in St. Louis and beyond. 

The data recovery services industry specializes in retrieving and restoring data that has been lost or damaged. The culprit can be a natural disaster, like a flood or fire, or it can be a cyberattack, a power outage, a technical malfunction, or even human error.

Restoring lost or damaged assets becomes simpler when a business has a plan in place for backing up critical information. Data recovery experts can work from wherever the backup data is stored—an external hard drive or cloud-based solution, for example—to retrieve the missing data.

It’s easy to think, “It won’t happen to me,” but data loss happens all the time. In the U.S., 140,000 hard drives fail each week, yet 58 percent of small and mid-sized businesses are not prepared for data loss, according to this recent infographic by Clutch, created in honor of World Backup Day.

Cybercrime—in particular, ransomware—is on the rise in St. Louis and beyond. These attacks compromise company data, and they can be catastrophic; 60 percent of small companies victimized by a major cyberattack go out of business within six months, according to the National Cyber Security Alliance.

To improve their chances of successful data recovery, St. Louis businesses must take preventative measures that include a comprehensive approach to backing up data. Should your business have trouble retrieving an important file or data source, consider these three steps.

  1. Don’t Panic

Losing a file can be harrowing, but take a minute to catch your breath and think clearly. When you delete a folder on your computer, it hasn’t necessarily been wiped from your operating system. Unless the system has written new data to the same area on the disk, your information is likely still on the machine. Often, data can be retrieved if you connect with the right experts quickly. Of course, accidentally deleting a file or two is quite a different scenario than losing an entire hard drive or being victimized by a cybercriminal, but regardless of the breadth of your data loss, try not to let emotion override good decision-making.

  1. Choose the Right Data Recovery Expert

If you have in-house IT experts or an outsourced managed IT services provider, give them a call. If not, you can do some troubleshooting yourself. But depending on the scope of the data loss, you may need to find a reliable data recovery services company.

Some data recovery firms request that you mail in your failed hardware and then charge you based on how much data they recover. You could be left footing a hefty bill if they are even able to retrieve the data. There are no guarantees.

An expert who can visit your office is probably a better bet. Although it’s important to act quickly when it comes to critical data recovery, make sure to research your options carefully.  (This is one of the many reasons why it is better to have a data recovery plan in place before you lose something.) Try reaching out to colleagues for vendor recommendations. Data recovery takes skill, and who you partner with could determine the outcome of your predicament.

  1. Be Prepared

Data loss costs companies $1.7 trillion a year. Mitigate losses by taking precautions. Use a dual-destination backup approach in which you back up data onsite (to an external hard drive, for example) as well as remotely via a cloud backup provider. Regularly test your backup recovery strategies to ensure you can quickly and effectively restore data.

Using cloud-based software can help you mitigate data loss in the first place. For example, solutions like Dropbox, Google Drive, and Microsoft OneDrive offer file version control so you can easily retrieve earlier iterations of files if you mistakenly overwrite something.

Most business owners don’t realize the importance of data recovery services until they need them. Anderson Technologies specializes in data recovery for St. Louis businesses. It uses sophisticated backup and data recovery tools to support its managed services clients as well as to help new customers in need. Its data recovery experts have been able to successfully retrieve data that other vendors could not. For more information, email info@andersontech.com or call 314.394.3001 today.

Why Is Ransomware on the Rise in St. Louis?

Ransomware is on the rise everywhere, not just in St. Louis. Ransomware can cost a small business tens of thousands of dollars—or even more! Let’s take a look at the proliferation of ransomware, and how your business can protect itself.

A small business’s data is one of its most valuable assets. When criminals launch a ransomware attack, they use malicious software to hold your data hostage. They claim they will give you access to your data in return for a “ransom” payment (although criminals aren’t exactly known for being true to their word).

One of the most common ways in which cyber criminals launch ransomware attacks is by sending phishing or spear-phishing emails. Employees download attachments or click links that look innocuous enough, but they end up inadvertently installing ransomware on their computers as a result. The ransomware then searches for user data to encrypt on the computer or on the network or cloud-based storage system. Once data is encrypted, you won’t be able to use it, and the bad guys send a message with instructions on how to render your files usable again—by paying a “ransom,” often in the form of bitcoins. Often sending money to the criminals provides no guarantee they will release your data.

According to the United States Department of Justice, more than 4,000 reported ransomware attacks occurred daily since January 2016. That is a 300 percent increase in just one year.1  At Anderson Technologies, we frequently hear about St. Louis ransomware attacks—both from local small businesses and reports in the media. Earlier this year, ransomware impacted all 17 branches of the public library in St. Louis. Ransomware rendered their computers unusable. Library management refused to pay the $35,000 ransom and worked with its IT staff to remove the virus and restore service.

Ransomware Makes the Bad Guys Big Money

The reason ransomware is on the rise comes down to economics. In 2015, the FBI reported  approximately 327,000 robberies in the U.S., which accounted for an estimated $390 million in losses.

That same year, there were approximately 127,000 cyberattacks reported in the U.S., accounting for over $1 billion in losses. It’s no wonder criminals are turning to cybercrime. That’s a whole lot fewer attacks for a whole lot more money. Plus, currency like bitcoin makes it easier for criminals to carry out crimes since they can anonymously collect the ransom.

If you factor in downtime and the cost of recovering files, cybercrime actually costs companies approximately $75 billion each year.

Is Your Business Protected from Ransomware?

Ransomware is also on the rise because the bad guys are getting better at designing believable phishing and spear-phishing emails. Gone are the days of scams that are easily identifiable, ridden with typos and strange verbiage. Today, cybercriminals have gotten better at mimicking the language and graphical design of reputable companies, which improves their chances of someone clicking a harmful link or attachment.

For small businesses in St. Louis, cybersecurity protection is an intricate process. You need a multi-tiered approach that includes a firewall, intrusion protection system, internet content filtering, anti-virus and anti-malware software that runs in real-time and is updated regularly, and a thorough and tested approach to backing up your system files. You also need to educate your employees. Even if you are working together with a managed IT services provider to do “everything right,” it takes just one click from an unsuspecting employee to introduce an issue your prevention efforts will have to deal with.

Although your managed IT services partner can reduce the likelihood of an email containing ransomware hitting your employees’ inbox in the first place, malicious messages can still get through. Email providers like Google and Microsoft scan your messages and try to filter out ones that look suspicious, but criminals are working just as hard to update their tactics. The final layer of protection between a St. Louis business (or any business for that matter) and ransomware is employee education.

Just last month, a St. Louis small business called Anderson Technologies in distress. It had just fallen victim to a ransomware attack. Its previous IT services provider wasn’t able to restore its files, but Anderson Technologies experts managed to eradicate the malware and recover the compromised data!

Ransomware stories don’t always have such a happy ending. Indisputably, your best bet is to reduce your chances of coming into contact with ransomware in the first place. Anderson Technologies has a team of St. Louis cybersecurity and ransomware experts who can help protect your business. For more information on our St. Louis cybersecurity services, email info@andersontech.com or call 314.394.3001.


1 “How to Protect Your Networks from Ransomware” U.S. Justice Department. Retrieved on April 20, 2017 from https://www.justice.gov/criminal-ccips/file/872771/download

Encryption: The Small Business Owner’s Secret Weapon

With small business cybercrime on the rise, business owners need to do everything they can to protect themselves and their data. Here’s how encryption can help.  

Encryption is a way to secure your data, either while it is stored on a system or device, such as a hard drive or smartphone, or while it is in transit, such as being transmitted across networks.

Encryption comes from the Greek word “kryptos,” meaning hidden or secret. When data is encrypted, it is transformed so only the intended parties can read it by utilizing a secret key. This is done automatically with the help of encryption technology, which uses an algorithm called a cipher to “disguise” your data and allows people with the right key to decrypt, or unscramble, the information and view the plain text. (For a more in-depth description of how encryption works, review this article from MakeUseOf.)  Encryption is used routinely in the digital realm to keep businesses and customers secure. For example, encryption protects your financial information at the ATM, or when you are making an online purchase if you are patronizing a site using SSL.

For small businesses, encryption is an underutilized form of protection. When your information is not encrypted, you make a hacker’s job easier. Should they infiltrate your network, they will be able to easily use the plain-text information they steal. However, if your data is encrypted, they won’t be able to interpret it, or you will have at least made it much more challenging for them to do so. (Cybercriminals can take steps to decrypt data, but it requires tools, expertise, and time, so you’re very likely deterring all but the most persistent ones.)

The Role of Encryption in Healthcare Cybersecurity

Cybercriminals target the healthcare industry more frequently than any other sector. IBM’s 2016 Cyber Security Intelligence Index, a survey of IBM’s Security Services clients, found that companies storing patient data experience 36 percent more security threats than organizations in other verticals. These companies are targeted frequently because of the high-value customer data they possess. People’s personal health and financial information are prime targets for thieves who use it for identity theft or ransomware attacks. While many businesses use some form of encryption to protect data in transit, too few use the strategy to protect data at rest. Healthcare data encryption is especially critical. Considering the increased role portable technology devices like laptops, mobile phones, and flash drives play in business operations, and the rise in data security threats, this is particularly important.

A security breach isn’t just bad news for your clients whose information has been compromised, it is also bad news for your organization. According to the HIPAA Breach Notification Rule, organizations must “provide notification following a breach of unsecured protected health information.” If the breach affects more than 500 individuals, the organization also has to inform the media. That is certainly not the kind of press anyone is looking for.

Here is where encryption comes in. The incident is not considered a breach if the individual’s information is protected and the business can prove that the data has a low probability of being compromised. This is assessed using a variety of risk factors. Encryption is cited as one of the technologies and methodologies for “rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” In short, encryption can protect your customers and your company in the event of a security breach. (More information about this rule is available here. Businesses should read and understand HIPAA rules in their entirety and work with their legal counsel to understand their ramifications.)

According to the latest healthcare cybersecurity report by Redspin, Breach Report 2016: Protected Health Information (PHI), there was a 320 percent increase in the number of providers victimized by hackers in 2016 compared to the previous year. Most of these attacks targeted smaller offices. This annual report routinely includes recommendations for reducing vulnerabilities, and year after year, encryption makes the list. The latest iteration acknowledges the growing role laptops, smartphones, and flash drives play in companies’ day-to-day operations and, in light of this, describes encrypting data “at rest and in motion” as a “sure-fire, but still often neglected, way to avoid the breach report.1

Encryption is a valuable protective measure for all small businesses regardless of industry segment. It is a proven way to help protect your valuable data and should be part of your small business’s approach to data security.

Do you need assistance with small business data encryption? Anderson Technologies, a team of cybersecurity specialists in St. Louis, has extensive experience working with small businesses to keep their organizations secure. To learn more, call 314.394.3001 or email info@andersontech.com today.


1Breach Report 2016: Protected Health Information (PHI), February 2017, by Cynergistek and Redspin, pg. 18

What Your Small Business Custom Software Vendor Isn’t Telling You

It’s time we address the common misconception that using a cloud-based software solution is enough to keep a small business safe from rampant cyber threats.

Custom software is big business. Software vendors develop digital solutions specifically for niche verticals, from dental practices to dog kennels to accounting services. Small businesses use these products to manage their practice; handle scheduling, billing, and communication; support sales and marketing; and store critical data. A growing number of these solutions are cloud-based. There is undeniable data security in the cloud. Since data is stored remotely, not at the business’ physical location, users can rest assured that should something happen to their office or equipment, their data is secure.

However, custom software, cloud-based or otherwise, is not a substitute for network security best practices. Small business cybercrime is on the rise. In fact, almost 50 percent of small businesses have experienced a cyberattack. Companies that must meet HIPAA compliance need to be especially vigilant. Cybercriminals target care services more frequently than any other industry, in part because these organizations have such valuable data to steal—private, personal information.

Small business owners are sometimes lured into a false sense of security by their custom software providers. Although custom software and cloud computing afford a host of benefits on their own they aren’t enough to protect your business from threats. In addition to misconceptions about network security, small business owners are often left wanting more from their software vendors in terms of support. Service varies depending on the provider, but small businesses usually require more personalized attention than a software company can offer. Here’s what your small business custom software vendor isn’t telling you.

  1. Small Business Custom Software Doesn’t Protect You from All Threats

Busy small business owners are relieved to learn that by purchasing quality software, they can check a lot of boxes, including data security in the cloud. They breathe a sigh of relief and believe the solution will address all their network security needs. Unfortunately, that simply isn’t true.

Here’s an example. There is a common form of malware called keylogging in which cybercriminals infect your system with software that tracks your every keystroke. With the aid of technology, they sift through your behavior and sniff out useful data, such as login IDs, passwords, and financial information. Cloud computing doesn’t protect you from these attacks, or the myriad other ways determined hackers can infiltrate your network.

  1. Small Businesses Need to Protect “the Edges”

Companies of all sizes should take measures to protect critical data and thwart, or at least slow down, cybercriminals. This includes installing and regularly updating a firewall, installing and updating anti-virus and anti-malware software on all of your computers, protecting your public and business Wi-Fi networks, creating strong passwords, and educating your employees.

Many small businesses do not realize how rampant security threats are or how to fully protect against them. Government agencies and the military employ a multi-layer, defense-in-depth security strategy plan to preserve their critical data. They understand that determined hackers may find a way in no matter what they do, so they set up as many roadblocks as possible to slow them down and give hackers an opportunity to slip up and make their presence known.

Small businesses can emulate this strategy and devise their own multi-layer approach to network security. Cloud computing can be a vital part of the plan, but it also needs to involve other elements, like a firewall, intrusion protection system, VPNs for secure remote connectivity, and internet content filtering. Custom software providers simply do not provide this protection. It’s not their job to. But it is a small business owner’s job to understand the truth about his or her company’s digital safety.

  1. You Probably Need an Additional Data Backup Service

Your data is your business. Think about all the different components of your operation. Then think about how challenging it would be to recreate that information should something unexpected happen to it. You are storing billing data, payroll and tax records, customer and business credit card information, internal systems, website data such as source code, text and images, as well as social media assets. Is your custom software backing up all of these elements? Probably not!

Businesses need to analyze the data backup services their custom software partner is providing. If it isn’t handling every piece of business-critical data, an additional solution is required. (These tips for choosing a cloud backup provider can get you started.) Test the restore procedures regularly to make sure that if the time comes, they will be able to retrieve their information quickly.

Cloud-based custom software can be a sizeable investment. Certainly, it serves multiple purposes, and software providers are wise to promote those benefits as they sell their products; but they are not a substitute for IT services! Too many small businesses are lulled into a false sense of cyber security by their cloud-based custom software vendor.

How would your business withstand a cyberattack? Do you know where you stand with your cloud software security? Anderson Technologies, a St. Louis IT consulting company, can evaluate your cybersecurity and help you form a plan for preserving your data. To learn more, call 314.394.3001 or email info@andersontech.com today.