Cyber Security in St. Louis: Ransomware Nearly Destroyed This Small Business

Ransomware attacks have been making international headlines, and St. Louis cyber security threats are all too real. See how one local business survived a ransomware attack with the help of proper IT support.

In late June, malware struck companies in the U.S., Europe, and the Middle East. This massive attack, a variant of the Petya family of ransomware, infected thousands of systems. This was on the heels of the largest global ransomware attack in history, WannaCry, the consequences of which are still being tallied months later.

In a ransomware attack, cybercriminals infect a computer or network with malware that encrypts data, rendering it unusable. They claim they will decrypt the data in exchange for a ransom, which is usually requested in the form of bitcoin. However, there is no guarantee that the data will be returned.

In light of these recent crimes and a spike in cyberattacks worldwide, ransomware protection is a hot topic. The International Police Organization (INTERPOL) recently held its annual security conference, INTERPOL World, which brings together law enforcement, security professionals, and technology providers. On the agenda was the mounting volume of cyber threats and the heightened importance of cyber security. St. Louis businesses need to tune in, too. Ransomware defenses, and other cyber security concerns, are as much local issues as they are international ones.

Just One Example of Ransomware in St. Louis

Earlier this year, a small business in the greater St. Louis area* experienced the severity of cyber security threats firsthand when ransomware infected its communications server. Luckily, when it was detected, the ransomware was confined to that device. The business’s IT support vendor detached the machine from the network, scanned it to remove the threat and returned it to the infrastructure after believing all instances of the threat had been identified and eradicated.

It had not! This time the ransomware spread throughout the network and locked up business-critical data on the primary fileserver. Because the company did not have a backup system in place, the IT vendor said it was unable to retrieve any data and suggested the only option was to pay the ransom.

The business owner was in a total panic at that point because every piece of client data for the entire business had been rendered unusable. The ransom was expensive. He knew that even if he paid it, he still risked receiving partial data, damaged data, or nothing at all. From an ethical standpoint, it felt like the wrong thing to do. Law enforcement recommends people not to pay the ransom as it encourages subsequent attacks.

The Road to Ransomware Recovery

The business owner wanted a second opinion. With a quick Google search, he found Anderson Technologies, a local St. Louis cyber security firm. He called and shared his story. Mark Anderson and his team agreed to do their best to help. Luke Bragg, senior system administrator at Anderson Technologies, went onsite, assessed the situation, and conducted a deep inspection. He discovered the ransomware had infected most of the drive but upon further investigation identified previously hidden copies of company data that were untouched. After successfully removing the ransomware Luke recovered every single file.

The ransomware recovery process took two days, but in the end the Anderson Technologies team retrieved all the company’s data, onboarded it to its managed IT services program, put new cyber security preventative measures in place, and implemented a reliable approach to backing up all the company’s files.

This is an extraordinary story and certainly not the norm. Unfortunately, plenty of businesses are attacked by ransomware from which they cannot recover. However, this example illustrates two important points:

  • Businesses must take ransomware protection seriously with cyber security. In St. Louis cybercriminals attack companies big and small.
  • The skill and experience of your IT partner affects the outcome of your ransomware recovery process.

This story could have had a different ending if the company chose a less experienced IT firm. Should your company be in a bind, choose a partner with a proven track record.

Anderson Technologies is a St. Louis cyber security company that specializes in ransomware protection and recovery. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

*To protect this business’s privacy, we have omitted its name and any identifying details.

Change Your Passwords for the Last Time

Everything you know about creating passwords is about to change.

The National Institute of Standards and Technology (NIST) recently released their new Digital Identity Guidelines, which explains how many of the security measures in place for passwords simply don’t work. According to the NIST, “Humans … have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.”

In other words, it’s hard to remember “1S6u5^Q%,” so most users go with something simple like “cakeboss.” Previous guidelines indicated complexity would make passwords more secure, but when restrictions require a capital letter, number, and special character, users are more likely to adapt an easy password to match, turning “cakeboss” into “Cakeb0ss!” Furthermore, when required to change passwords every 90 days, users often make small changes (i.e., “Cakeb0ss!1”) rather than creating entirely new passwords. These minimal alterations are predictable and increase the risk of a security breach significantly.

The New Guidelines

Thanks to the NIST, the new guidelines focus on usability as a factor of password security. If someone can’t remember a password or must write it down because it is constantly changing, then it’s not secure. Because using numbers and special characters is so predictable, complexity is not as important as length and memorability.

For this reason, the NIST suggests that numbers and special characters not be required of users. Spaces should also be allowed so users can create strong password phrases. Simple phrases that the user can remember easily, even when lowercase and using normal words, are more secure than passwords like “1S6u5^Q%.”

The guidelines still indicate a minimum password length of 8 characters but propose allowing up to 64 so users can create strong password phrases. The NIST considers length a “primary factor in characterizing password strength.” A strong password is a combination of four or five words that the user can recall but cannot easily be guessed by a hacker or malicious software (i.e., “Milky Orange Clock Wolf”).  Note that many sites currently do not allow spaces between words so you may need to remove them, but this will change as people adopt these new standards.

The NIST also puts more of the onus on the service rather than the user. They suggest that passwords be compared to “blacklists” of known compromised passwords before acceptance.  Accounts should also limit the number of times a user can enter a wrong password before locking access for some length of time. This way users can create simpler passwords while service providers increase password security.

So, let go of notepads full of passwords too strange to be remembered. For sites that quickly adopt the NIST’s new guidelines, create strong password phrases only you’ll recall.  Otherwise, we’ll have to wait for the rest of internet to catch up. Until then, password managers such as LastPass or Dashlane can keep track of those complex passwords far more securely than writing them down.

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cybersecurity experts a call at 314.394.3001 or email info@andersontech.com.

Why St. Louis Businesses Are Embracing Cloud Computing Services

There’s a lot to like about cloud computing. St. Louis businesses can benefit from the cost-savings, security features, and ease of collaboration facilitated by cloud-based solutions. Here’s what you need to know.  

Worldwide spending on public cloud computing will increase from $67 billion in 2015 to $162 billion by 2020, according to IDC, a global market intelligence firm. This surge is fueled in part by a growing number of small and medium-sized businesses adapting cloud computing. St. Louis companies are investing more in IT across the board. According to a recent report, technology hiring in the St. Louis area is on the rise for the second half of 2017. More companies are expanding in or relocating to St. Louis, which is part of what’s driving the trend, but in general, St. Louis small businesses are investing more in digital marketing, mobile, and big data. Cloud services can play a crucial role in data security, and they also offer a host of other benefits.

What is Cloud Computing?

In the past, businesses stored all their data and ran their applications on company-owned and managed servers in their offices. Now, they can do these same functions online. When someone says they’re using cloud-based software, that software is delivered via the internet, as opposed to the “old days,” when we used CD-ROMs to physically install programs on our computers. If a business is using the cloud as part of its data storage approach, that means it is storing critical business information somewhere other than a server onsite. The information lives online.

Let’s take a closer look at why small businesses are using cloud-based services.

  1. Affordability

Cloud computing services allow smaller companies to leverage IT technology that was previously reserved for businesses with big budgets. For example, rather than having to invest in its own network of servers, a small business can pay a monthly fee to leverage cloud computing services. With cloud computing, it is also easy to scale services up or down as your business needs change.

  1. Security

Storing data in the cloud, ideally as part of a hybrid approach in which you back up data locally and online, offers businesses of all sizes important security benefits. For example, if your server crashed or your office was hit by a natural disaster, you’d have peace of mind knowing your data was also stored remotely.

The security benefits of the cloud extend beyond data storage. If you use cloud-based software, or software as a service (SaaS), your software is automatically updated with important security patches. These security updates help protect you from digital fraudsters, who are constantly looking for new ways to infiltrate your system.

The increase in cybercrime also contributes to the growing adoption of cloud services. St. Louis businesses identify cybersecurity as a key concern, according to the previously cited report. If an employee clicks a link and unwittingly downloads ransomware, the damage could extend beyond that machine. New strains of ransomware can encrypt your entire network, even your local backup servers. If you were backing up data to the cloud, you would be able to work with your IT provider to wipe your system clean and start anew from your last backup.

It is worth noting that not all cloud backup providers are created equal, and they are not immune from hackers. Cybercrime targeting the cloud is on the rise. A dual-destination backup approach is just one part of a comprehensive IT security plan.

  1. Increased Efficiency

Cloud-based services make collaboration easier. A simple case in point is when multiple team members are working on the same file. Rather than sending the document back and forth and tracking changes, a system where edits can be easily lost or mismanaged, businesses can opt to use a cloud-based program, such as Microsoft OneDrive or Dropbox for Business. Then, multiple users can work from the same master document easily.

When your data is in the cloud, you can also access it remotely, whether you are onsite with a client or working remotely.

Those are just a few of the reasons to consider cloud services. St. Louis businesses should work with an IT specialist to determine what is right for them. Anderson Technologies has a team of St. Louis cloud services specialists who can assess your IT needs and determine, execute, and manage the most cost-effective, efficient, and secure plan for you.

For more information on our cloud computing services, email info@andersontech.com or call 314.394.3001 today.

St. Louis IT Company Anderson Technologies Launches Free Onsite Cybersecurity Training for Its Clients

St. Louis IT company Anderson Technologies is committed to educating its clients, as well as St. Louis at large, about cybersecurity and IT best practices. As part of that mission, it is offering free cybersecurity training workshops in which participants learn how to protect their computer systems from cyberattacks.

Small business owners have a lot on their plate. While it’s understandable that cybersecurity and other IT issues could fall through the cracks, there’s simply too much at stake to let that happen. Cybercrime targeting small businesses is on the rise everywhere, and St. Louis is no exception. By adhering to IT best practices, employees can mitigate their risk of being victimized by a cyberattack, including ransomware. In fact, it’s one of the smartest things they can do to help protect their business.

The team at Anderson Technologies strives to deliver clients the best managed IT services possible. It also wants to educate them. That’s why it recently unveiled a free Onsite Cybersecurity Training program to provide educational workshops about IT best practices. The IT company offers the sessions free of charge and holds them at clients’ offices for their convenience.

Mark Anderson, principal of Anderson Technologies, understands audience members have varying degrees of tech proficiency, so he designs his talks to resonate with non-technical staff members as well as those with deeper domain knowledge. Topics covered include:

  • Cybercrime and how it can impact you and your business
  • The importance of a multi-layered security approach
  • Creating reliable data backups and a strong disaster recovery plan
  • Why you need a hardware firewall and business-grade anti-virus/anti-malware software
  • Digital best practices all your employees should follow

Anderson also teaches participants how to recognize phishing emails and how to safely make company purchases online. After his presentation, questions from the audience are encouraged. He says the Q&A is one of the most valuable portions of the session.

The St. Louis cybersecurity and IT company ran its first free cybersecurity training seminar this April at Smile Station Dental, where Anderson fielded questions about password management and what to do if you think your computer has been infected with malware.

Even if a business has taken the proper precautions to protect its data from cyberattacks, an employee can unwittingly infect the network with malware by clicking a nefarious link or downloading a dangerous attachment. These scams have become tougher to spot as criminals get better at spoofing legitimacy. The increasing difficulty is what makes education even more crucial. By teaching its clients best practices and how to recognize red flags, Anderson Technologies believes it can help keep them safer online.

“Education is power,” says Anderson. “We want everyone to be as knowledgeable as possible, which is why we offer these workshops as a value-add for our clients, as well as to others in the St. Louis community. We believe educating users about cybersecurity best practices can save everyone trouble in the future and help limit the number of cyberattacks.”

As part of its mission to educate the St. Louis community about cybersecurity, the IT company has also produced an eBook, An Employee’s Guide to Preventing Business Cybercrime. Educating every employee, at every level of the organization, is an often-overlooked step of cybersecurity. This guide is specifically designed for small businesses and emphasizes that every employee has a role to play when it comes to keeping a business safe from mounting cyber threats. The eBook is available to download for free.

Anderson Technologies is a St. Louis cybersecurity company committed to providing quality IT services to St. Louis and beyond. If you’re interested in setting up a free cybersecurity training session at your office, contact Anderson Technologies by sending an email to info@andersontech.com or calling 314.394.3001.

Why Is Ransomware on the Rise in St. Louis?

Ransomware is on the rise everywhere, not just in St. Louis. Ransomware can cost a small business tens of thousands of dollars—or even more! Let’s take a look at the proliferation of ransomware, and how your business can protect itself.

A small business’s data is one of its most valuable assets. When criminals launch a ransomware attack, they use malicious software to hold your data hostage. They claim they will give you access to your data in return for a “ransom” payment (although criminals aren’t exactly known for being true to their word).

One of the most common ways in which cyber criminals launch ransomware attacks is by sending phishing or spear-phishing emails. Employees download attachments or click links that look innocuous enough, but they end up inadvertently installing ransomware on their computers as a result. The ransomware then searches for user data to encrypt on the computer or on the network or cloud-based storage system. Once data is encrypted, you won’t be able to use it, and the bad guys send a message with instructions on how to render your files usable again—by paying a “ransom,” often in the form of bitcoins. Often sending money to the criminals provides no guarantee they will release your data.

According to the United States Department of Justice, more than 4,000 reported ransomware attacks occurred daily since January 2016. That is a 300 percent increase in just one year.1  At Anderson Technologies, we frequently hear about St. Louis ransomware attacks—both from local small businesses and reports in the media. Earlier this year, ransomware impacted all 17 branches of the public library in St. Louis. Ransomware rendered their computers unusable. Library management refused to pay the $35,000 ransom and worked with its IT staff to remove the virus and restore service.

Ransomware Makes the Bad Guys Big Money

The reason ransomware is on the rise comes down to economics. In 2015, the FBI reported  approximately 327,000 robberies in the U.S., which accounted for an estimated $390 million in losses.

That same year, there were approximately 127,000 cyberattacks reported in the U.S., accounting for over $1 billion in losses. It’s no wonder criminals are turning to cybercrime. That’s a whole lot fewer attacks for a whole lot more money. Plus, currency like bitcoin makes it easier for criminals to carry out crimes since they can anonymously collect the ransom.

If you factor in downtime and the cost of recovering files, cybercrime actually costs companies approximately $75 billion each year.

Is Your Business Protected from Ransomware?

Ransomware is also on the rise because the bad guys are getting better at designing believable phishing and spear-phishing emails. Gone are the days of scams that are easily identifiable, ridden with typos and strange verbiage. Today, cybercriminals have gotten better at mimicking the language and graphical design of reputable companies, which improves their chances of someone clicking a harmful link or attachment.

For small businesses in St. Louis, cybersecurity protection is an intricate process. You need a multi-tiered approach that includes a firewall, intrusion protection system, internet content filtering, anti-virus and anti-malware software that runs in real-time and is updated regularly, and a thorough and tested approach to backing up your system files. You also need to educate your employees. Even if you are working together with a managed IT services provider to do “everything right,” it takes just one click from an unsuspecting employee to introduce an issue your prevention efforts will have to deal with.

Although your managed IT services partner can reduce the likelihood of an email containing ransomware hitting your employees’ inbox in the first place, malicious messages can still get through. Email providers like Google and Microsoft scan your messages and try to filter out ones that look suspicious, but criminals are working just as hard to update their tactics. The final layer of protection between a St. Louis business (or any business for that matter) and ransomware is employee education.

Just last month, a St. Louis small business called Anderson Technologies in distress. It had just fallen victim to a ransomware attack. Its previous IT services provider wasn’t able to restore its files, but Anderson Technologies experts managed to eradicate the malware and recover the compromised data!

Ransomware stories don’t always have such a happy ending. Indisputably, your best bet is to reduce your chances of coming into contact with ransomware in the first place. Anderson Technologies has a team of St. Louis cybersecurity and ransomware experts who can help protect your business. For more information on our St. Louis cybersecurity services, email info@andersontech.com or call 314.394.3001.


1 “How to Protect Your Networks from Ransomware” U.S. Justice Department. Retrieved on April 20, 2017 from https://www.justice.gov/criminal-ccips/file/872771/download

Our IT Company Rings the Bell for Small Business

Last week we filmed our video submission for the Morning Bell for Small Business campaign to honor our IT company and the many businesses we help to achieve IT goals. Sponsored by Chase for Business, the Morning Bell celebrates small businesses across America, and each day a different business is featured.

Each business has their own bell and their own unique way of ringing it, but only we will be ringing a 108-year-old bell hand-cast in London at the same foundry as Big Ben and the Liberty Bell. Originally a present from Mark to Amy on their 25th anniversary, this bell is the perfect symbol not only for this campaign but for the IT company they’ve built together.

View our video submission above and be sure to check out our blooper reel at the end of this post!

Casting the Anderson Bell

To begin the story behind this amazing anniversary present, we have to take you back to when it was first cast in 1908 at the Whitechapel Bell Foundry, the oldest manufacturing company in Britain, established in 1570. Originally commissioned for a parish church in Norfolk, England, the bell is tuned to an F note and bears the inscription “We praise Thee, O God.”

It’s in the making of the bell that we find its meaningful significance. As Mark explained at their wedding anniversary, “A bell that’s made out of proper bell metal, not just brass, consists of two complementary metals forged together. One is copper and one is tin. When these two metals are combined in the furnace and turned into a bell, the properties of the new alloy allow it to be a little bit soft, have a very mellow wonderful tone, and makes it last forever. Literally if you kept a bell outside for eternity, it would stay the shape of a bell while developing a beautiful patina. If you just had a pure copper bell, it would sound horrible and would be too soft. If you had a pure tin bell, it would sound horrible and would be too brittle, and if you struck the bell, it would shatter. But the two metals combined—some softness, some brittleness—together they make this wonderful object.”

Making Anderson Technologies

Like this everlasting bell, our company remains steadfast in large part to its many complementary strengths. Each trait and each team member helps make our IT company successful. When Mark has a well-researched idea for the future, Amy finds the practical course to accomplish it. When Amy is driven to deliver in a timely manner, Mark makes sure the company’s work not only meets the client’s expectations but is done to the very highest standards.

Differing backgrounds, Mark in system and network administration and Amy in software development and project management, create effective collaboration. It’s what turned Anderson Technologies from an idea started in a spare bedroom into the company it is today. Together Mark and Amy, along with a talented team, are dedicated to providing effective solutions to clients through honesty, integrity, and the technical knowledge needed to solve your IT challenges.

We love the opportunity to ring our bell, and we invite other small businesses to do the same. If you submit a video, let us know so we can celebrate your small business, too.

AndersonBell-1


Video Bloopers

Enjoy these funny outtakes of our filming efforts late on a Friday!

St. Louis Computer Company IT TechWatch Newsletter

First IT TechWatch of 2016

We hope your year is off to a wonderful start! St. Louis finally received its first snowfall, and everything looks beautiful outside.

On January 21st, we sent out this month’s IT TechWatch, which featured several articles on critical technology issues important to every business ranging from data security to the IT infrastructure necessary for success. Our client feature article explains how implementing a proactive Managed Services program improved the reliability of a long-time client’s pet care business. Finally, we’re thrilled to introduce you to the newest member of our expert computer team, Luke Bragg.

If you’d like to receive our newsletter on an ongoing basis, there’s a sign-up section on our home page.

St. Louis Computer Expert Luke Bragg

Meet Luke Bragg: A St. Louis Computer Expert Joins Our Team

Anderson Technologies is proud to announce that Luke Bragg has joined the company as a Senior Systems Administrator to serve our clients’ growing needs. “Luke is a perfect addition to our team!” Company principal Mark Anderson shares, “He comes to us with almost nine years of systems administration experience managing computer infrastructure in a wide variety of corporate end-user environments. Our clients will be able to immediately benefit from his experience and broad knowledge base. Luke’s government security clearance speaks to his commitment to maintain the highest-level security standards. We also appreciate his CompTIA Security+ industry certification.”

Luke has worked for a wide variety of companies like Empire District Electric Company, Baptist Hospitals of Southeast Texas, and most recently Tapestry Solutions (a subsidiary of Boeing) in areas that required a focus on computer system architecture as well as very high-level technological expertise. Luke also understands the intricacies of system-wide solutions to protect against a host of security threats, including viruses, malware, spyware, and ransomware. He’s right at home managing large computer networks, installing and administering over 100 servers and deploying over 1,000 virtual desktops in one environment.

Company principal Amy Anderson says, “We’re very selective about the people we work with, and Luke’s background makes him a perfect addition to our top-notch team. He’s technically outstanding, has a very personable manner and a high sense of integrity, all of which align with our company. Luke is the kind of expert I would trust with my own computer, and that’s what we were looking to add for our clients.”

Luke is enthusiastic about working with clients one-on-one and values that interaction. He explains, “I love the vision of Anderson Technologies’ personalized service and ‘take-the-time-to-do-it-right’ mentality. As a systems administrator, you wear many hats, and I’m excited to know I will be making a real difference in the lives and businesses of our clients.” Luke is immediately available to work with all clients, getting them properly set up with our proprietary Managed Tech Services, installing system upgrades, and increasing security protection to keep client data from being compromised.

Luke lives in Swansea, Illinois with his children and wife, Amy, who teaches first and second grade. They have three children, James (11), Lucas and Logan (7 year old twins!) who keep them very active. Luke also enjoys singing in his church.

Congratulations Luke, and welcome to the team!

 

St. Louis IT Company Celebrates 2016

Anderson Technologies, a St. Louis IT Company, will be closed on January 1 in celebration of the new year.  We are confident that this coming year will be a year of prosperity and growth for all of our clients, and we are determined to assist with all St. Louis IT company needs!

We will be back in our offices on Monday, January 4th, ready to help with all your computer system needs.

Happy New Year!

St. Louis Computer Company Takes A Christmas Holiday

Anderson Technologies offices will be closed Christmas Eve and Christmas Day.

This St. Louis Computer company hopes everyone has a great holiday.  We’ll be back next week to take care of all your IT needs!