8 Steps to Safe(r) Online Shopping

Sure, e-commerce sites are convenient, but more and more frequently they are teeming with cyber threats that could compromise your financial information, identity, or even your business. Here’s what you can do to protect yourself.

Online sales in the U.S. are projected to reach $523 billion by 2020, according to a report by Forrester Research. In fact, many Americans are buying more online than in-store, and retailers aren’t the only ones taking notice. Criminals see the e-commerce boom as an opportunity for payment fraud, identity theft, and other cybercrimes.

Of every $100 spent online, $4.79 is at risk of a fraud attack, according to The Global Fraud Index, a PYMNTS and Forter collaboration. It’s important to remember cybercriminals don’t just acquire data by targeting you personally. They hack businesses in hopes of infiltrating their databases to steal customer information. If you’ve created an account with a website that is compromised, your information is at risk, even if you haven’t shopped there in months!

Most retailers take precautions to provide their customers with safer online shopping experiences, but the onus is also on the individual. These tips will help you identify secure e-commerce sites, protect your personal information, and at least mitigate the damage should you fall victim to a cyber criminal’s attack.

  1. Only Shop at Sites with “HTTPS” URLs at Checkout

HTTPS stands for Hypertext Transfer Protocol Secure and indicates that the business has an SSL (Secure Sockets Layer) certificate. This certificate requires the vendor go through a validation process. Once installed SSL and TLS (Transport Layer Security) are used to secure sensitive online transactions—such as credit card purchases, financial data transfers, account logins, and other browsing activities requiring a heightened level of security. The data you share with a site’s web servers is encrypted in transit, and thus much harder for hackers to exploit.

  1. Assess the Site’s Legitimacy

Before sharing any personal information, research the site’s return policy, social media presence, and online reviews. Check that it has a Privacy Policy, Terms of Use, and detailed contact information. If anything seems suspicious, leave the site immediately.

  1. Create a Separate Email for Online Shopping

Do not provide e-commerce sites with your personal or business email address. Instead, create an account you use solely for online shopping. You can set up your accounts so all emails forward into a single inbox, but limit how often you hand out your primary email addresses.

  1. Create Unique Logins and Passwords for Every Vendor

Password management is an important component of safer online shopping yet it is often overlooked. Should a cybercriminal gain access to one of your accounts, you want the damage to end there. Do not use the same login and password for everything. Create complicated passwords that cannot be easily guessed. Password management applications, such as LastPass, are invaluable tools to help automate this.

  1. Use a Dedicated Credit Card for Online Shopping

Most credit card companies offer some fraud guarantees and will work with you if your information is stolen. Additionally, consider using PayPal, which goes to great lengths to keep its customers secure.

  1. Do Not Save Your Payment Information

Sure, you’ll add a few seconds to future checkouts, but it is worth it? Should a criminal infiltrate an e-commerce platform at least you won’t be giving them your credit card number on a silver platter. Also, refrain from saving passwords on your browser and clear your history routinely.

  1. Delete Accounts You No Longer Use

Remember, even if you haven’t visited the e-retailer in months, your information could still be obtained by a criminal who hacks the site. By removing accounts from sites you no longer frequent, you’ll help keep your personal information safe.

  1. Be Wary of Promotional Emails

Cybercriminals use email as a means of spreading malware and launching spear phishing scams. If you receive an email from a retailer that looks too good to be true, visit the site directly to confirm the information is valid. Always verify the email address of the sender. If everything seems above-board, hover over the link before clicking it, which will allow you to review the URL. Be sure to do so carefully, as crooks often use domain names that look similar to reputable sites.

E-commerce is a part of life, but we can’t take our cybersecurity for granted. No business owner wants to encourage personal purchases on the job, but it is worth sharing best practices for safer online shopping to help keep your employees, and your business, secure.

Anderson Technologies is a St. Louis IT consulting company that helps small businesses educate their employees about effective cybersecurity practices. For more information on our cybersecurity training services, email info@andersontech.com or call 314.394.3001 and check out our free eBook, An Employee’s Guide to Preventing Business Cybercrime.

Public Wi-Fi Puts Your Business at Risk: 9 Tips for Mitigating the Threat

Every time you or an employee logs on to a public Wi-Fi network, the safety of your business is potentially compromised. These tips will help protect your data from rampant cybersecurity threats on public wireless networks.

The explosion of free public Wi-Fi helps people stay personally and professionally connected. However, many of these networks are not secure and make tempting targets for cybercriminals looking to steal your personal information.

Alarmingly, 60 percent of Americans believe their data and identity are secure on public Wi-Fi, according to research from Symantec. This is unequivocally false! Data shared on public Wi-Fi is usually unencrypted, which makes it simpler for cybercriminals to access.

Americans are three times more likely to connect to public Wi-Fi if it is free, according to a survey by the Identity Theft Resource Center, but free isn’t the same as safe. Let’s take a look at some of the cybersecurity threats found on public Wi-Fi networks as well as what can be done to protect yourself and your business.

Sniffing: Hackers use packet sniffers to intercept the information sent from your browser to the server. “Packet” refers to the bundles of data that hackers capture from the network. Data could include information that enables them to compromise you or your business’s security, such as passwords or user IDs.

Man-in-the-Middle Attack: In this type of hack, criminals intercept your communication while you are completely unware. Examples include eavesdropping on, or even altering, communication between two parties and using malicious tools to come between you and a digital resource, such as a website or email account, in an effort to gain access to your private information.

Evil Twin: This is a Wi-Fi network that appears to be legitimate but is actually created by a criminal to pave the way for cybercrimes, such as man-in-the-middle attacks. These rogue networks often have similar names to legitimate hotspots in the area.

Sidejacking: With this nefarious tactic, hackers use sniffing software to steal session cookies (information on your browsing activity) and then hijack your session. For example, if you’re logged in to your favorite shopping site and hackers sidejack your session, they could make purchases using your credit card information; or if you are sidejacked while active on Facebook, the perpetrators could send messages to your connections or post dangerous links to your feed. The good news is that the thieves are stealing specific cookies and not your username and password, assuming those are encrypted. The bad news is it may not be immediately obvious that you were targeted, and the criminals could use the cookie to access your account at a later date.

In addition to these schemes, cybercriminals use public Wi-Fi to infect devices with malware. Some forms of malware can spread across a network to infect other computers, so you risk compromising other devices when you log back on at the office or at home. If you need to get online in a public place, consider the following tips:

  1. Use a VPN

If possible, use a virtual private network (VPN), which encrypts all of your network traffic data. The majority of business-grade networking hardware have the capabilities to support multiple VPN connections. A managed IT services provider can help you assess the right solution for your business.

  1. Limit Your Activity

Reduce your digital profile by only performing “must-do” activities. For example, use public Wi-Fi if you have to get an important email out, but don’t pass the time with leisurely online shopping. Try to limit your browsing to sites that are verified secure with the “HTTPS” designation, and avoid online banking over public Wi-Fi connections.

  1. Stay Alert

In addition to being aware in the virtual world, keep an eye out for suspicious behavior around you. Criminals can also try to steal your password or credit card information by physically observing you, a technique known as “shoulder surfing.”

  1. Turn Off Automatic Connectivity Features

Ensure your devise doesn’t “accidentally” connect to an at-risk network by turning off automatic connectivity features, which are common on many mobile devices.

  1. Block File Sharing

Perhaps your laptop is configured to share files with others in the office. Disable any file sharing and temporarily turn off all cloud-based file services (such as Dropbox, OneDrive, Google Drive, etc.) before logging on to a public network. Otherwise you may make it easier for hackers to access your information.

  1. Consider Encryption Tools

There are tools, both free and paid, that can encrypt your data when you access a public network. You can encrypt passwords, files, or even your hard drive. An IT specialist can help you determine the right tools for you and your business.

  1. Protect Your Device with the Latest Anti-Malware and Anti-Virus Software

Software can’t protect you from shoulder surfers or zero-day threats, but it will detect many forms of cybersecurity threats should your device become compromised. Be sure to not only install anti-malware and anti-virus software but to also update it regularly so you stay protected as threats evolve.

  1. Use a Firewall

Firewalls protect your technology from attacks and block unauthorized access to your network. When logging on to public Wi-Fi be sure your device’s software firewall is turned on.

  1. Avoid Public Workstations

If you have to use a public computer, say at a hotel, conference center, or library, abide by the tips above. Additionally, clear your history and temporary internet files after your session.

It isn’t realistic to expect yourself or your employees to avoid pubic internet entirely, but it is imperative that everyone understand the risks and take necessary precautions to protect themselves.  Check out this in-depth guide to public Wi-Fi on the technology site Secure Thoughts.

Anderson Technologies, a St. Louis IT consulting company, helps educate small businesses about safe online practices. We’ve even created this free eBook to get you started. Contact us today at 314.394.3001 or info@andersontech.com to discuss your business Wi-Fi safety or any of your IT concerns.

A Guide to Employee Cybersecurity Training

When it comes to small business cybersecurity, you could be doing everything right, but it just takes one wrong click from a well-meaning employee to undo all your hard work. Here’s what to cover during business cybersecurity training for your team.

One of the most overlooked steps to small business cybersecurity is employee education. Cyber criminals are stepping up their game and increasingly targeting small businesses. Every employer must find the time to educate its team members about digital safety. The global cost of cybercrime is projected to reach more than $2 trillion by 2019. It’s worth taking the time to provide thorough cybersecurity training to your employees.  While doing so, make sure to include the following topics.

  1. Spear Phishing Emails Are on the Rise

Spear phishing is a more sophisticated form of phishing in which criminals target a particular victim rather than a wide audience. These emails often appear to be sent by legitimate sources, such as a colleague or trusted vendor, and are designed to trick the recipient into providing personal information, like a credit card number or password.

Spear phishing emails targeting employees increased by 55 percent in 2015, according to research from Symantec. Warn your team to:

  • Be skeptical every time they’re asked for personal information.
  • Hover over links and email addresses to ensure target URL credibility.
  • Refrain from downloading attachments unless they’ve verified the sender.
  • Ask you or your outsourced IT services provider for help when in doubt.
  1. The Art of Password Management

Cybercriminals use software that helps them guess people’s passwords. Do not make their job easier. Teach your employees the importance of creating effective passwords. You can also consider implementing a password management tool for employees to use as an added security measure. Your cybersecurity training should include the following tips:

  • Do not use the same password for everything.
  • Do not use real words that can be found in the dictionary or obvious things like the name of your business.
  • Use a combination of numbers, uppercase and lowercase letters, and symbols.
  • Change passwords on a regular schedule.
  1. The Web Can Be a Dangerous Place—Get Out of Autopilot

It’s easy to be lured into a false sense of security as you browse the web. It’s so familiar, and you may have been using it without incident for work and personal purposes for some time.

Business owners must teach their employees that the internet can be a dangerous place. In fact, nearly 75 percent of legitimate websites have security vulnerabilities that could put users at risk. Business owners need to:

  • Create guidelines for appropriate digital behavior. Seedy content breeds seedy behavior, so keep your employees off inappropriate sites at work.
  • Teach employees that legitimate sites can have vulnerabilities.
  • Install and maintain an enterprise-level firewall coupled with safeguards such as a subscription for content filtering and intrusion protection.
  • Use anti-virus and anti-malware programs that include “safe search” features that help flag sites that have been compromised.
  • Consider partnering with a managed IT services provider who can make sure your business implements these steps correctly.

These tips are just the beginning. Cybersecurity training for every employee, even administration and management, proves itself to be invaluable in the event of a potential threat. For more information on what your employees need to know about small business cybersecurity, including what to do when they click a link they shouldn’t have, check out An Employee’s Guide to Preventing Business Cybercrime.

Anderson Technologies is a St. Louis IT consulting company that can help your small business educate its employees about effective cybersecurity practices. For more information on our cybersecurity training services, call 314.394.3001 today.

The Small Business IT Checklist for New Hires

Make sure your new employees are productive from day one by checking all the boxes on this IT to-do list.

Finding and recruiting the right talent is one of the most challenging and crucial components of running a small business. Once you’ve welcomed new members to your team, it’s important that they can hit the ground running, not only because it’s good for productivity, but also because their onboarding experience is a reflection of your company.

Show new employees you are organized and committed to providing an environment that breeds great work by taking the following actions—and do it before they walk through the office door, not while they wait awkwardly for their workstations to be ready. These tips will also help you preserve your small business network security and ensure your recruits adhere to cybersecurity best practices.

Checkbox   Determine how every new hire’s job function affects IT needs

Hopefully, you have clear ideas of your new hires’ responsibilities before you made offers. Now consider how these duties affect IT requirements. The nature of their roles will help you assess the following:

  • Should they use a PC or a Mac?
  • What size monitor do they need?
  • How much memory do they need?
  • What software programs do they require?
  • How mobile are they? Will they be traveling frequently and/or need the ability to work from home?

The answers to these questions will help you choose the right computer and hardware for the position. If you work with an outsourced IT services company, the experts there can do this for you. They can also make sure you do not overspend or throw money away on a low-quality machine.

Checkbox   Set up the computer

An outsourced IT services partner will set up the new computer with the particulars of the job function in mind. Whether you’re hiring a vendor or doing it yourself, consider how your office is wired, and be sure to get the computer on the network before the employee arrives. If he or she will primarily work from an office desk, use a hardline connection to the server room (rather than relying only on Wi-Fi) to minimize connectivity complications and reduce network security issues.

If your new hire will use an existing computer, make sure your IT partner migrates data from the previous user to the appropriate parties before creating a new user ID.

Checkbox   Connect to the printer

Set up and test the connection to the printer. If new employees will be handling confidential information, such as HR documents or company financial information, consider if they need a dedicated printer, rather than printing to a shared device.

Checkbox   Create an email address

Before creating new email accounts, make sure you or your outsourced IT services partner thinks about whether employees need to access email remotely; if so, be sure their configurations can securely accommodate this. Remember to tell new hires to change their passwords, and share password security best practices.

If appropriate, you or your IT partner can help your employees set up email on their mobile phones and walk them through remote access guidelines once they have started.

Checkbox   Determine permissions level

If you have a file server, determine which directories the employees need access to. Anderson Technologies recommends providing access to folders and files on a need-to-know basis and limiting administrator privileges to curb the ramifications of a potential cyberattack.

Checkbox   Set up relevant software applications

Install and create accounts for all necessary software programs. Be sure to track all software license keys in a central place so you’re prepared for a potential software audit. An outsourced IT services partner can do this for you and keep track of when software was purchased and when subscriptions need to be renewed.

Checkbox   Prepare for any necessary IT training

Create a user training plan so your employees feel comfortable with your technology, software, and approach to IT security. Provide education from the onset so they know exactly what to expect. If you’re working with an outsourced IT services provider, ask the provider what level of training it can provide to your staff.

Checkbox   Ask the new hire to review and sign your policies on confidentiality, email and web use, and business network security

Make it clear from the beginning that all employees are expected to abide by strict cybersecurity rules and best practices. This especially includes password security. Are social media sites or personal email prohibited during the work day? Now is the time to share any restrictions. Present them in writing, ideally as part of your new employee handbook.

Don’t have an existing employee guide to cybersecurity best practices? Our Anderson Technologies’ eBook, An Employee’s Guide to Preventing Cybercrime, a comprehensive educational resource for small businesses, is coming soon. Check back in January!

Anderson Technologies is a St. Louis IT consulting company that provides outsourced IT services, including employee onboarding, IT security, cloud services, hardware and software acquisition, and more. Call Anderson Technologies at 314.394.3001 today for your IT needs.

How to Hire an IT Company, Even If You Know Nothing About IT

Choosing outsourced IT services for your small business can be challenging, especially if you’re not an expert on the topic. It’s easy to feel intimidated by the complexity of technology, and some vendors may even hide behind buzzwords and jargon. To ensure you’re choosing the right company for your needs, do your research and ask questions. A well-trained expert should be able to answer them in plain English.

There’s a lot at stake. Cybercrime is a growing threat. IBM estimates that a business is attacked an average of more than 16,850 times a year. That means every business faces more than 46 attacks a day! Your IT partner will help keep your network and data secure. It will also drive efficiencies as well as cost-savings and ensure your business technology runs smoothly.

Here are several important questions to ask when evaluating outsourced IT companies.

  1. How long has the firm been in business? How many employees does it have? How many clients are those employees helping?

These introductory questions help you get a picture of your prospective IT vendor and give a feel for the personality and communication style of the person you’re speaking to. You can also ask about the company’s client retention rate and its approach to customer acquisition.

  1. What is the typical size of the companies it likes to help?

Does it focus on businesses with one to 10 employees or enterprises with 1000+? Different-sized businesses have different needs, and those needs require different skills and expertise. An IT company could certainly excel at helping businesses of various sizes, but the expert needs to be able to articulate that to you.

  1. Does the IT consulting company specialize in a particular industry?

Depending on the nature of your needs, a generalist might be fine, but if you are looking for sophisticated services or work in a niche with unique regulations, there could be benefits to partnering with a firm with domain knowledge.

There are also advantages to working with a firm that has a diverse client roster. Ask how the company’s experience in other fields benefits your business.

If you have a specific project in mind, such as moving from a standard server model to the cloud, ask about this, too. The vendor’s representative should be able to describe similar completed projects. Ask if any part of the project surprised their team and if they learned anything that could inform your endeavors.

  1. What is the last threat the IT company helped a client protect itself against? How was the threat detected? How did the event unfold?

The vendor’s response will shed light on its experience and approach as well as its communication style. Look for honesty, transparency, and self-reflection. Did the firm and its clients change anything as a result of the attack?

  1. How will this IT company support and protect your business?

The outsourced IT company’s understanding of cybersecurity is important but so is its logistics. How hands-on is it? What level of support will you receive? Whom should you call if something goes wrong on the weekend? Which team members will you be interfacing with regularly? Details matter, and to avoid surprises, it’s best to have them on the table before you move forward.

  1. How much do their services cost, and how long do they take?

These questions may seem obvious, but don’t overlook their interconnectedness. If an IT company’s price is much lower than other proposals you’ve received, it could be because it is planning to invest less effort in supporting your business.

Look for vendors with a big-picture approach willing to take ownership and work as an integral part of your team. Because business infrastructure issues are so interconnected, an IT company isn’t doing you any favors by swooping in to fix ad hoc problems. If it doesn’t express a desire to assess and understand your business’s architecture in its totality, be wary.

  1. What is the #1 job of a system administrator?

The answer is simple: to protect and preserve the integrity of client data. If a potential IT vendor doesn’t answer with something similar—something that demonstrates its commitment to maintaining its customers’ data, security, privacy, and effective work flow—proceed with caution.

Choosing the right IT partner is a big decision. Asking intelligent questions will help you better understand if a vendor is right for your needs. Remember, even if you’re not an expert in cybersecurity, the person you’re speaking with should be able to provide thoughtful and clear responses to your questions.

The team at Anderson Technologies, a St. Louis IT consulting company, is happy to discuss any of the questions above, or anything else you might like to ask. Feel free to give us a call at 314.394.3001.

Buying Pre-Owned Computers with Used Software: Know Before You Buy

Buying a used computer can seem extremely cost effective. However, it’s helpful to know what problems may arise. Used computers often come with preloaded software, a tempting way to save money and time. Some programs have non-transferrable licensing agreements that place you in breach of contract situations when they run secondhand. Before buying a used computer, be sure to ask the following questions to avoid potential software licensing infringements.

What type of software license does the preloaded software fall under?

There are many software license types and understanding the agreement associated with each application is important. Is the software licensed as Original Equipment Manufacturer (OEM), Individual, Volume, Client Access License (CAL), Node Locked, Subscription, Trial, or Free (to name a few)? Can the preloaded software legally transfer to you as the new owner?

OEM software can be especially tricky if you are buying secondhand. OEM software is sold with the original hardware it was installed on. It is important to ask the seller about the software provided with the computer and if all the hardware, such as the motherboard, is from the original computer. In some cases, such as with Microsoft, replacement of the motherboard in any way other than through the manufacturer counts as non-original hardware, and a new license needs to be purchased.

The experts at the St. Louis IT company Anderson Technologies recommend getting answers to these questions before you buy. Many computers are preloaded with automated End User Licensing Agreements (EULA) requiring acceptance of terms and conditions before using the computer and the software on it. If the EULA is signed by a different person (possibly from a different state or country), you could be flagged for a software audit.

What installation media is provided in case it needs to be reinstalled?

This is a precautionary measure in case the computer crashes. If the hard drive failed on a pre-owned computer, how would you restore it? Depending on the type of backup you have, fixing a crashed computer involves replacing the faulty hardware, re-installing the operating system, downloading all drivers, and re-installing the used software. You might have to go back to the computer manufacturer and prove you are the legitimate owner of the computer in order to reload and activate the operating system. “Even when you are the original owner this can be a time consuming process,” says Mark Anderson. “It can be even more daunting when you are missing crucial original purchase information.” Make sure the computer comes with all software license keys and system documentation and keep it handy.

Are software license keys provided and validated?

Some license keys included with the purchase of the computer may only be valid for the original purchaser. While the legality of this type of transaction is under review, it is still prudent to be aware and make sure the used software and any licensing agreements are transferrable to the new owner.

In this increasingly global environment, it is also important to know the differences in laws between countries. Vernor v. Autodesk, Inc., which involved the resale of pre-owned licenses of AutoCAD software on eBay, potentially set a precedent in the United States that software licenses are not resalable. However, this is not the case in other countries. According to Jennifer Baker at PCWorld, the European Court of Justices ruled that, “The exclusive right of distribution of a copy of a computer program covered by such a licence [sic] is exhausted on its first sale.” Meaning once bought, anyone can sell a license in the same way one would sell a movie or video game they purchased.

Is the installed software updated?

Most software companies provide regular updates to their programs and expect owners to update them on a regular basis. If a used computer has preloaded software that hasn’t been updated in a long time, the software may have reached its end-of-life (EOL) and updates are no longer available. In this case, be prepared to spend more money purchasing new software and be sure to factor this into the overall cost of the used machine.

Knowing the answers to these questions eliminates some of the more common mistakes associated with buying pre-owned computers. Discuss your needs with a professional IT support team.

Based in St. Louis, Anderson Technologies has over 25 years of experience providing IT support to businesses across the country. You can reach an IT support professional at 314-394-3001 or by email at info@andersontech.com.

Anderson Technologies is a St. Louis IT company. The information in this article provides general information about computer licensing agreements and is not to be considered specific legal advice.

Successful Business Owners Take Password Security Seriously

UPDATE: New guidelines from the NIST released August 2017 changed the way we all should look at passwords.  Read our blog post regarding updated password recommendations by clicking here

Password security is a fundamental element of cybersecurity. Defending your business from cyberattacks is one of the most important safeguards needed to ensure your company’s ongoing success. In addition to protecting sensitive company information, private client data must also be secured. A recent article published in InfoWorld reported that the underground market for compromised servers may be much larger and more active than anticipated. The publication cites websites selling login information for over 170,000 hacked servers.

One way to safeguard your business is by adopting a clear password policy to increase security and provide a roadmap for avoiding common password mistakes. Here are six guidelines Anderson Technologies provides its clients to better guard against hackers and strengthen cybersecurity.

Six Guidelines for Increasing Password Security

  1. Include a mix of upper and lower case letters, numbers, and symbols

A good suggestion for creating an easy-to-remember yet secure password is to start with a favorite phrase or quote such as “Keep calm and carry on.” Take the first letter of each word in the phrase, a numerical sequence such as 5-9, and two random symbols to create a very complex password. A password resulting from our example above would be K5c6a7c8o9&%.

  1. Use a minimum of eight characters

The longer the password, the more secure it is. There are 12 characters in the example above. When using this formula, find phrases containing at least four words. This results in passwords of at least ten characters.

  1. Avoid using the same password for multiple websites or logins

It’s worth investing the extra effort to generate unique passwords for your important accounts. Doing so greatly reduces your exposure if a particular account is compromised.

  1. Change your passwords on a regular basis

This is another task commonly neglected. However, it is critical to keeping accounts secure.

  1. Do not allow web browsers (such as Chrome, Firefox, or Internet Explorer) to remember passwords

While many browsers offer this convenience for their users, it’s also an open door to the hacker who gains access to your computer.

  1. Implement a robust password management system

Having a good password management system will safeguard and organize your passwords. Many also help you generate strong passwords. For redundancy, ensure at least two people know the login credentials to the management system in case the principal user is unavailable.

Password Management Systems Provide Security and Peace of Mind

While all of the guidelines in this article help avoid common mistakes, consistent implementation is an ever-increasing challenge as the number of passwords we manage grows. This is where password management systems provide the most benefit.

Anderson Technologies offers guidance to clients for advanced password management systems that provide built-in security and peace of mind. Here are several major cybersecurity benefits of a password management system:

  • Passwords are secured through encryption and two-factor authentication
  • Passwords are safely stored and organized — no more forgotten passwords (or passwords written on scraps of paper) and the time lost to reset them
  • Employees can focus on their work instead of password security
  • Master passwords are designated to principals or other individuals who can access them in case of emergency

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cybersecurity experts a call at 314.394.3001.

A St. Louis Disaster Recovery Story: Saving a Client’s Computer Systems during a Potential Flood

“They tell me our building is going to flood! We need to get all the computers up off the floor!”

That’s what we heard at the end of December when one of our clients called in a panic. A St. Louis County Building Inspector cancelled the inspection of a neighboring property because “that area will soon be under two feet of water.” Smile Station Dental needed help immediately! Municipal officials and news agencies warned of historic flood levels for the Mississippi and Meramec rivers.

Long before this incident, the Army Corps of Engineers advised Smile Station that their offices weren’t in a flood plain, but in late December 2015, Mother Nature decided differently. Fortunately, they had ignored the advice and purchased flood insurance anyway.

Though safeguarded with insurance, every wise business person knows time is money, and downtime without properly functioning computer systems leads to lost revenue.

Smile Station is a Citadel-level Managed Tech Services client who found Anderson Technologies a calm and helpful presence in the midst of a holiday emergency. With the warning of possible flood waters, the client madly scrambled to elevate equipment off the floor – every server, workstation, uninterruptable power supply, network cable, etc. They called and Anderson Technologies answered immediately. “I’ll be there right away,” Principal Mark Anderson said and dropped what he was doing to arrive onsite as quickly as possible.

All of Anderson Technologies’ St. Louis-based Systems Administrators are calm under pressure, and while the situation was chaotic, Mark remained unruffled and methodical. “He quickly and competently jumped right in and helped us get all the computer equipment up as high as we could. We weren’t worried about functionality; we just wanted to save everything,” explained Jo Ann Emery, one of the principals at Smile Station. Mark made sure everything was shut down, disconnected properly, moved to “higher ground,” and could be easily re-installed after the danger passed.

Once the client’s equipment was secured, Mark assisted a Smile Station neighbor in the same predicament. He found Dougherty Orthodontics doing all they could to protect against the threat of rising waters. They didn’t have flood insurance, and their IT support firm wasn’t local so they had no one to call for onsite assistance. Owner Stefanie Dougherty explained, “I’m completely paperless so everything in my business is on computers. That is how I survive. I never thought in a million years that this would be an issue; Mark was absolutely my knight in shining armor.”

Our team went right to work. Office Manager Lynn Hager said, “You’re like a tech angel!” As this was the first time visiting the office, Mark took photos of all critical components and corresponding wiring before disconnecting them, documenting how everything was connected, and noting any customized wiring. “A little bit of foresight up front can save hours of frustration down the line,” Mark advised. Armed with these photos everything could be confidently and reliably re-installed without confusion.

As it turned out, the building was fortunately spared any flooding. Stefanie talked about the process of putting everything back in place after the danger had passed and what it was like to work with Anderson Technologies throughout the whole ordeal. “Just by working with Mark on this one issue, it was clear to see that we have the same high standard of business ethics. We are so grateful to have found them!”

As a St. Louis-based computer expert, Anderson Technologies knows a thing or two about flooding. Computers and water don’t mix well together, and when flooding is predicted, business owners need to be aware of potential damage to their critical computer systems. If there is any chance you may find your business in this situation, here are a few tips to consider:

  1. Establish a well-thought-out and documented Disaster Recovery Plan
  2. In addition to local backups, backup your data to a remote, offsite location and thoroughly test restoring from it at least once per year
  3. Document your network and computer infrastructure configuration as completely as possible, including the names and emergency contact information for all critical vendors and business partners
  4. After safeguarding your equipment but prior to the flood, shut off power to the office to minimize damage due to power shorts
  5. Re-evaluate your needs and your plan once the danger has passed

If you have disaster recovery planning needs, please call us at 314.394.3001 to discuss this topic.

Avoid Being Held Hostage! Ransomware: What Is It and How Can I Protect Myself?

As technology constantly evolves, we find ourselves facing ever more disruptive threats. That’s why it is absolutely critical we remain diligent in protecting ourselves from new dangers and stay proactive in our security posture.

An increasingly prevalent computer threat is ransomware.

Ransomware is designed not to corrupt or even steal your data but to hold it hostage and require payment of a “ransom” to get it back. Two widespread examples are CryptoLocker and CryptoWall. Based on FBI estimates between April through June 2015, the latter generated over $18 million for its perpetrators.

Commonly, ransomware comes as a harmless-looking email attachment from what appears to be a trusted source. When the unsuspecting user clicks the attachment, it installs a small program that immediately searches for your data on local drives, network shares, and even cloud-based storage. Once found, the data is encrypted, rendering it inaccessible. Attempts to access your files result in a prompt to pay a ransom to “unlock” the data and reverse the encryption.

This devastating program was depicted in an episode of CBS’s drama, The Good Wife. An employee unknowingly installs ransomware within the firm’s network, locking all the information at a law firm until a ransom of $50,000 is paid within 72 hours. In reality, typical ransom fees are lower but no less devastating for a company that can no longer access any of its critical data.

Imagine how disruptive this is for businesses in this predicament. In many cases, companies with no disaster recovery plan find themselves paying the ransom. As reported by this Wall Street Journal article, according to Tom Kellermann, chief cybersecurity officer for Trend Micro, Inc., “Around 30% of ransomware victims pay to regain their data.”

All of this underlines the importance of having high quality, up-to-date computer security implemented within your IT infrastructure.

What can you do to protect yourself? Here are seven tips:

  1. Educate everyone using devices attached to your business’s network of the issue (you can forward this article to them right now!).
  2. Use caution when interacting with email. Delete anything suspicious. When opening attachments, check the sender’s email address first. If it looks dubious, verify its legitimacy prior to opening. If it doesn’t feel right, it probably isn’t!
  3. Exercise extreme caution prior to clicking website popups even if they appear legitimate. If you’re unsure, ask for a second opinion. Better to be safe than sorry.
  4. Only download and install browser plugins and extensions from industry standard, verified sources.
  5. Install computer and network security software that includes regularly updated anti-malware, antivirus, email scanning, and web/content filtering capabilities. The combination of multiple security products designed to handle particular threats provides the best protection.
  6. Keep all computers’ operating systems and applications current with the most recent patches and security updates.
  7. Implement (and regularly audit) a backup strategy that offers a short recovery time and flexible file restore options. This is often the most neglected area by businesses though it’s one of the most important – especially in the case of a ransomware attack. A good backup strategy gives you the ability to quickly restore data to a known good state prior to the infection, avoiding the need to pay a ransom.

If you have a security question, please call us at 314.394.3001 to discuss this topic in-depth. Whether it’s for your network, computers, or mobile devices, we at Anderson Technologies are here to help you find not just any solution for your security needs but the best solution for your business.

Like this article?  If so, check out another article here: Data Security: Just How Secure Will Your Business Be in 2016?

St. Louis Company Software upgrade

Six Reasons Not to Perform a Software Upgrade

When should I upgrade my software? What do you do when the notice comes to update?

Some blindly click “OK.” Others ignore update messages for months on end. Some now-wary computer users have horror stories about how their digital lives came to a screeching halt for several days due to glitches associated with a software upgrade.

Whether it’s an update to your smartphone’s operating system or Microsoft’s enticement for a free copy of Windows 10, our world is full of opportunities to upgrade to the latest version of everything. Our instinct may be to immediately upgrade, following the logic: “Of course I want the latest and greatest! Think of all the ‘new and improved’ features I’ll be able to take advantage of!”

But wait just a moment. There are good reasons to exercise a little caution.

Here are six to make you think twice before hitting “OK”:

  1. You haven’t recently backed up your data, email, contacts, photos, videos, etc., to an external source – doing so enables recovery if the upgrade goes horribly wrong.
  2. Your hardware doesn’t have the capacity to effectively run the updated software. If you’re running older computers, upgrading to new software may consume more memory and disk space or overly tax the CPU, potentially bringing your machines to a screeching halt and resulting in unplanned hardware purchases.
  3. The user interface of the new software is so foreign compared to the existing version, productivity is negatively impacted while you learn its idiosyncrasies.
  4. All bugs aren’t fully ironed out of the new software. Unless your business absolutely requires a particular feature the new software offers, let other users “stub their toe” on corner-case problems. Wait a few months to upgrade.
  5. You‘ve misplaced the necessary information (software license keys, passwords, etc.), which may be needed during the upgrade process. Locate all required information for the update prior to proceeding.
  6. Updating existing software might result in being unable to access old files, which for business reasons must be left in their original format. Make sure the new software works with older file versions without needing to convert them.

Before hastily updating software to the latest version, consider the impact on other aspects of your business’s technology and work flow. After performing a complete backup, carefully review the software’s requirements before making the decision to move forward. Determine if you will truly benefit from the upgrade.

If you need a second opinion before undertaking a software update, please don’t hesitate to give us a call at 314.394.3001. We’d love to help!