Don’t Hold the Door Open for Cyber Criminals

Here in St. Louis, you’re likely to hear people saying they’re heading to Bread Co. for lunch, even if Panera is the sign above the restaurant. That’s because to St. Louisans, Panera will always be Saint Louis Bread Company. But recently, residents were relieved the St. Louis name wasn’t attached to Panera’s recent cyber security blunder.

On April 2, Brian Krebs of security news website KrebsOnSecurity broke the story that customer data from Panera’s loyalty program—including names, email and physical addresses, birthdays, and the last four digits of credit card numbers—was available through an insecure API on their website. Worse yet, Panera had been notified about the defect eight months prior in August 2017 and did nothing to resolve the problem.

Cyber security researcher Dylan Houlihan found the flaw in Panera’s API and, after confirming the extent of the problem, contacted Panera’s cyber security team. He notes that reaching out to Panera was difficult as there was no information available for who to contact if security holes were found. Panera’s response was less than stellar. In Houlihan’s detailed account of their communication, Panera’s director of information security, Mike Gustavison, was suspicious of him, and after receiving proof of the problem, took several days to reply that they would work to resolve it.

Except they didn’t.

Every month, Houlihan checked to see if the flaw was fixed, only to see that customer data was still unprotected. Finally, in April 2018, he contacted Krebs to make the matter public and force Panera to respond. They did. Within two hours Panera claimed they patched the problem.

Except they hadn’t.

Krebs continued to monitor the website and found that, while the information was no longer accessible to the public, if a member logged into their free Panera account, they could still exploit the flaw. He also discovered that it extended to other parts of Panera’s business, such as the catering website.

After the negative media coverage, Panera took down its website and patched the problem properly. In a tweet following the incident, Krebs estimates that up to 37 million accounts could have been made public because of this flaw. While there is no evidence yet that malicious agents accessed the data, this was still a terrible security breach.

How Often Does This Really Happen?

It’s easy to lose the details in light of Panera’s poor response and subsequent inaction, but accidental data breaches from misconfigured hardware or software happen far more often than you might imagine.

  • March 6, 2017: River City Media left more than a billion email accounts exposed to the public, some with personal information. Also exposed were detailed records of their own illegal spamming activities. The problem—no password protection on the backups.
  • June 19, 2017: Deep Root Analytics left millions of Americans’ addresses, birthdays, phone numbers, and political views on a variety of topics open to the public. The problem—misconfigured user permission settings.
  • October 3, 2017: A National Credit Federation cloud storage bucket was found to be open to public access, revealing personal, credit, and financial information of tens of thousands of its customers. The problem—misconfigured user permission settings.
  • October 6, 2017: An Alteryx cloud storage bucket was found to be accessible to anyone with a free Amazon Web Services account. It exposed personal data, Experian marketing data, and US Census data for more than 123 million American households. The problem—misconfigured user permission settings.
  • April 9, 2018: A flaw similar to Panera’s was discovered in P. F. Chang’s rewards website. The problem—an insecure API.
  • April 23, 2018: After rebuilding their website following a ransomware attack, MEDantex’s new customer portal contained abilities intended only for employees, including accessing confidential patient records without authentication. The problem—a bug on the website.
  • May 17, 2018: LocationSmart’s demo feature is found to be able to track the location of almost any cell phone without the user’s consent. The problem—an insecure API.

What Does This Mean for a Small Business Owner?

These examples of private, financial, and personal information leaked unintentionally serve as a warning to all business owners. While there’s a sense of poetic justice that River City Media revealed their own criminal activities by forgetting to add a password, the truth is, not all data you could reveal belongs to other people. You can be a cyber threat to your own business.

Few businesses can run day to day without some amount of personal, customer, or vendor data stored either on their network or in cloud storage. The technicalities of properly configuring security for these electronic databases can be daunting, but even when things appear to be simplified for you, all it takes is one open port, one missing password, or one unsecured application for the door to your data to be left wide open.

This is why it’s vital for businesses to have their systems set up by IT professionals and to perform network security audits routinely to ensure both the hardware and the software are configured correctly. It’s not enough to simply hire an IT consultant once and assume your system is secure. Files get moved, employees are hired, and new hardware is installed—all leaving room for new settings to supersede old ones, or worse, be forgotten all together. A network security audit performed at least annually gives you peace of mind that your cyber doors are tightly closed and locked.

What Should You Do to Protect Your Business?

While it’s crucial to know how to avoid opening the door to criminals, knowing how to respond to a breach is just as important. Here are a few simple steps you can take to avoid or address an accidental data breach.

  1. Hire IT professionals to set up all hardware and software. Your customers trust you to be the expert in your field, so trust the IT professionals to be the experts in theirs. Make sure all your hardware and software have been properly configured from the start.
  2. Perform annual network security audits. Just because you configured everything correctly, doesn’t mean it will stay that way. Your business changes all the time, so it’s best to check the doors and windows before someone else notices they’re open.
  3. Know your hardware. Many business owners don’t realize what’s in their hardware closet. Can you point to your hardware firewall with confidence? Are you certain it’s the correct type for your business? Ask an IT professional to review your hardware with you so you understand what you need and how it works. Doing so will improve your ability to spot potential problems.
  4. Have a way people can contact you about problems they find. One lesson learned from the Panera breach is how important it is that people can contact you with problems they’ve noticed. Many security researchers who find flaws due to misconfiguration just want you to know about the issue so it can be resolved. Make sure they can get in touch. Larger companies should have separate contact information specifically for security issues to keep them from being lost with other routine technical issues customers might have.
  5. Respond quickly to any problems found. Don’t wait eight months or for public embarrassment to sound the alarm before responding to an accidental data breach. If you act swiftly, your data may still be kept safe. In many accidental breaches, the problem was found not by criminals but cyber researchers.

No company wants to find themselves in a situation like Panera’s, so make sure your network security is done right. If you’d like to learn more about configuring your systems or to schedule a network security audit, contact Anderson Technologies by phone at 314.394.3001 or by email at info@andersontech.com.

Cyber vulnerabilities Meltdown and Spectre

Don’t Have a Meltdown: Shedding Light on the Spectre/Meltdown Vulnerabilities

Researchers are beginning 2018 with a bombshell as they publicize information about Meltdown and Spectre, two hardware vulnerabilities that affect millions of machines around the world.

This tech news story is breaking, but until it evolves and more comprehensive solutions become available, we’ll give you the information you need to understand how you could be affected by these vulnerabilities.

What Are Meltdown and Spectre?

An exhaustive explanation of the vulnerabilities and how they work can be found here, but both threats work similarly by abusing an exposure in CPU cache timing. Meltdown allows an unauthorized application to access information from other programs via side channels in the operating system. Spectre fools more secure programs into giving up information from their own caches and overriding authorization to the caches of other programs.

Meltdown is the lesser of two evils; this hardware vulnerability only affects certain Intel processors, and Windows, Linux, and macOS have already released initial patches that prevent the unauthorized access of your sensitive information. Spectre, however, is proving to be a much trickier adversary. It removes the barriers between concurrently running applications, allowing information like passwords, messages, and other sensitive data to be accessed by a third party without permission.

Who Is Affected by These Vulnerabilities?

These particular vulnerabilities leave no trace in a system’s code, which makes the exposures easier to exploit for cyber crime. Meltdown has only been verified on Intel processors (all models produced since 1995, excluding Itanium and Atom), while Spectre affects almost every modern processor. Research has confirmed the vulnerability on Intel, AMD, and ARM processors, but devices like your smartphone could also be at risk.

Cloud servers are especially vulnerable because of the amount of data living on a single server.

Amazon and Google reported that their respective cloud services are no longer vulnerable against Meltdown, as both companies patched their server infrastructures  against this vulnerability.

US-CERT has not found any active exploitations of these vulnerabilities, even though researchers have been able to successfully replicate these bugs in lab settings. However, with the public release of this data, expect hackers to begin taking advantage of this hardware weakness. It is important to take the necessary steps to protect your devices and your data.

What Can I Do to Protect Myself?

Unlike most technical vulnerabilities, Meltdown and Spectre can’t be fully resolved with a simple software or firmware patch. These threats are caused by a fault in the physical hardware of most modern processors, making replacing your hardware the only 100% fix. Meltdown patches are available for affected machines, but the catch is they may do more harm than good for some users. Older processors (or ones that run more complex CPU processes) are reportedly experiencing performance issues, anti-virus flaws, and stop errors. Consult your managed IT services provider to determine whether the most current security patch will help or hinder your particular machine.

Mozilla recently issued a browser security patch and a Safari patch was just released today, but if you’re a Chrome user, Google recommends utilizing site isolation to stay safe for the time being until the release of Chrome 64 due on January 23, 2018. It’s best practice to update your devices and programs as soon as they become available. Keep an eye out for new updates in the coming weeks and stay in contact with your cyber security expert.

While Meltdown and Spectre seem alarming—and their potential for harm is quite vast—these vulnerabilities existed undetected for years. Google reported their discovery of the threats to Intel and AMD months ago, and since then the companies have been collaborating to develop and test fixes. New hardware should no longer contain these vulnerabilities.

The cyber security experts at Anderson Technologies do everything possible to keep you apprised of the latest digital threats. (Read our articles on the Equifax hack and the Wi-Fi vulnerability KRACK.)

We’ll let you know more about Meltdown and Spectre and how they could affect you as information becomes available. In the meantime, to learn more about our managed IT services action plan and how to mitigate against vulnerabilities like this in the future, contact us at 314.394.3001 or info@andersontech.com.

St. Louis IT Company Data Security

Equifax Hack Updates: What You Can Do NOW to Keep Your Credit Safe

It has been over six months since the massive hack of credit monitoring company Equifax, and over three since the attack was disclosed. We now know that 145 million Americans (and 15.2 million Europeans) have been affected.

Due to the data stolen—names, social security numbers, addresses—the victims  of the Equifax hack must be wary of their credit for the rest of their lives. Attackers can use leaked data to create profiles for spear phishing attacks or round out existing profiles, making identity theft even easier to perpetrate.

We covered the data breach in a previous blog post, “Equifax Hack 101: What You Need to Know to Keep Your Credit Safe,” but the news hasn’t stopped rolling in. In this post we address new developments, and additional actions you, as an individual or as a small business owner, can take to mitigate the hack.

Protecting Your Personal Data

Our initial post details credit monitoring and credit freezes. Some agencies recently introduced a “credit lock,” which they claim is easier and less expensive for the user while also more effective. The difference between a lock and a freeze is that a freeze is state-monitored, and a lock is controlled by the company only. “I take strong exception to the credit bureaus’ increasing use of the term ‘credit lock’ to steer people away from securing a freeze on their file,” says Brian Krebs of Krebs On Security. Don’t be fooled by credit lock offers.

You can also talk to lenders (mortgages, banks, etc.) about what steps they are taking to prevent someone from misusing leaked information. Challenge these organizations to take additional steps like providing internal credit monitoring alerts to keep customers safe.

Tax return filing fraud is one thing that credit freezes or monitoring cannot protect. File as early as possible to prevent your refund from going to a scammer. This is not a new problem. The IRS recently issued reminders and new alerts regarding tax fraud.

While most of the information obtained from the Equifax hack was actually already in the hands of tax fraudsters, remain vigilant because criminals are continuing to adjust their tactics. The IRS even reports instances of fraud targeting hurricane victims and tax professionals in addition to the average citizen.

The Troubling Behavior within Equifax

The hack itself isn’t the only problem with Equifax.

After a data breach, many companies are able to save face by being upfront with customers, providing adequate solutions, and cracking down on security. Unfortunately, Equifax missed these cues.

Even after fixing the questionable language in the Terms of Use initially included, in their TrustedID program Equifax continues to come under fire. Initially, the PIN numbers granted to customers seeking a security freeze consisted of the date and time the freeze was granted. This has since been corrected, but what an oversight! Many users have also had difficulty contacting the company to change their PIN.

The site Equifax set up for customers to check if they were affected by the hack continues to cause problems. Because Equifax failed to secure similar domains it was susceptible to phishing scams. Thankfully, the third-party sites (one actually directed to by Equifax itself) were benevolent—pointing out how easily scammers could use a similar domain to obtain your information. Then, in early October, Equifax temporarily took down a page about the hack because it, too, had been hacked. Criminals injected malicious code to trick users into downloading adware from fraudulent links.

As of November 3rd, Equifax’s internal investigation into allegations of suspicious trades made by top Equifax executives concluded that none of their employees were guilty of insider trading. These allegations are still under investigation by the House Financial Services Committee.

Moreover, Equifax was allegedly warned about the vulnerabilities to its systems one year ago in December by a security researcher. “These allegations, if accurate, reinforce indications that Equifax—which has a significant business selling data protection tools—was shockingly negligent and incompetent when it came to security,” says Jeff John Roberts of Fortune Magazine.

These problems have been a cause of concern for many consumers, however it is important to note that Equifax is continuing to offer credit freeze at no charge through January 31, 2018, and, through TrustedID, offers free credit monitoring and up to $1 million in identity theft insurance.

Can We Expect Any Changes to the Industry?

Beyond being proactive with your personal protection, customers must look to Congress and other government agencies to implement changes. Speak to your representatives about your concerns for the future. Many are already investigating reasons why the Equifax hack was possible and ways to prevent hacks like it in the future.

Laws also need to change regarding reporting compliance. Lawmakers and industry leaders agree that consumers should have been alerted to the Equifax hack far earlier.

In our initial article, we noted that several class-action lawsuits were being filed against Equifax; however, after an October 24 vote by Congress to disallow class-action suits against banks and credit companies, the future of these cases is unclear.

After initially trusting Equifax with a “bridge” contract for work on the IRS’s Secure Access program, the Government Accountability Office rescinded the contract, at least temporarily. They may work with another credit monitoring agency on the project, but some members of Congress are questioning the rationale behind trusting any credit bureau with so much data.

It’s possible we may be looking at the end of the social security number—or at least moving away from the strict reliance we now place on SSNs for identity. The best identity theft protection may be to stop using easily hacked information.

Tips for Small Businesses

Small businesses should look at the response from Equifax and at the controversy surrounding it and wonder what they can do differently when dealing with private information.

The first step for small businesses should be a thought experiment. Think about potential risk as well as known and unknown vulnerabilities in your internal network. Do you trust your current cyber security company to protect your data from a data breach? What are the consequences of a data breach like the Equifax hack in your company? What would the cost to your company be?

For many small businesses, investing in stronger cyber security protection is a clear solution. Your IT department or an outside cyber security company can help analyze your systems. If personnel are constantly putting out fires, as seems to be the case with Equifax, they may not be able to keep everything else up to standard.

Invest in security that provides monitoring, analysis, and dedicated attention. At Anderson Technologies, a St. Louis IT company, we often start with a full network audit, helping clients identify areas of concern and providing the path to a more secure network.

Beyond your network, take time to train and retrain employees on the technology used and best practices for staying safe, both online and off. The best identity theft protection is education. Get a free eBook from Anderson Technologies to teach your employees the foundations of cyber security safety now!

Anderson Technologies is a St. Louis cyber security company that specializes in protecting client data. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

SBM Best in Business 2017

Small Business Monthly Recognizes Anderson Technologies as One of the Best IT Firms in St. Louis

In November, Small Business Monthly awarded Anderson Technologies as one of St. Louis’s Best IT Firms. Small Business Monthly is a St. Louis magazine that highlights local small businesses. We are proud of the recognition in the Best IT Firms category, and we are grateful to serve you!

Our team strives to bring professionalism, honesty, and responsiveness to other small businesses with the goal of achieving safe, secure, and economical IT solutions. The experts at Anderson Technologies know what it takes to keep your business running smoothly.

Local small businesses have varied needs in the areas of managed IT services, hardware and software consulting, cyber security, and more. Our technology experts provide long-term solutions for your IT needs.   Your business is our business. We approach technology from a business owner’s standpoint to find the best results for you and your needs. Our team delivers long-term, enlightened IT solutions, now and in the future.

Being awarded as one of the best IT firms in St. Louis in 2017 is a great honor. We look forward to expanding our business and continuing to serve the St. Louis area. Thank you for your appreciation and support!

If you would like free IT consultation or if you are in need of a cyber security or data recovery audit, please call us at 314.394.3001 or email us at info@andersontech.com.

KRACK wireless security

KRACKed: The Fissure in Wireless Security

Internet surfing on mobile devices has seemed relatively safe since the 2001 Wi-Fi security protocol update and the advent of wireless data encryption. The WPA2 encryption standard mostly shielded us from being hacked on our private networks. However, new research from Belgian cyber security expert Mathy Vanhoef exposes a threat that proves our false sense of security is coming to an end thanks to the Key Reinstallation Attack (KRACK) vulnerability.

What Is the KRACK WPA2 Hack and How Does It Work?

WPA2 (or Wi-Fi Protected Access 2) is one of the current wireless security standards. Unlike its predecessors, it securely encrypts web traffic by way of a “four-way handshake” process that randomly generates an encryption key every time a device with matching credentials accesses a wireless network. This handshake protects your private home and business networks different with four authentication exchanges, ensuring information you send back and forth over the network is safely encrypted.

The KRACK vulnerability interferes with the four-way handshake by way of the encryption key; KRACK records the key and reinstalls it to be used multiple times. This allows the attacker access to communications between your device and wireless access point, as well as any information that isn’t otherwise encrypted. Hackers could potentially view and steal your credit card information, passwords, shared files, and any other private information sent across the web.

One caveat of the KRACK vulnerability is that hackers need to be within the range of your Wi-Fi network. This means that your personal information is safe from hackers on the other side of the world, but anyone in close proximity could gain access to your network traffic if they have technical skills. And even though a hacker must be in range to exploit this vulnerability, it’s possible KRACK could be used for packet injection (explained here) or inserting malware or ransomware into websites.

How Can I Protect My Network Privacy?

 Though KRACK is disrupting our WPA2 sanctuary, there are many ways to ensure you’re safe—or as safe as you can be—until the WPA2 protocol is updated to prevent these attacks.

  1. Update Your Router

Most people don’t think about updating their router in the same way you update your phone or laptop software, but this is a vital step to protecting your wireless network from KRACK. You can find instructions to update some of the more common manufacturers’ router firmware here. If your router doesn’t belong to one of the companies that has released a firmware patch, you should contact your internet service provider.

  1. Update All Devices with Wi-Fi Connectivity

Thanks to Apple and Microsoft’s specific implementation of WPA2, they aren’t as vulnerable as other devices. However, that doesn’t mean your iPhone is safe. Mathy Vanhoef’s blog publicizing the vulnerability includes a demonstration of an attack on an Android device and links to examples of bypassing encryption in Apple operating systems, as well as other common encrypted applications. Any device with Wi-Fi capabilities needs to be updated as soon as patches are released. In the meantime, use Ethernet or cellular data on your mobile device if possible.

  1. Utilize Other Methods of Encryption

Even when this WPA2 vulnerability no longer exists, you should make sure you’re communicating with websites securely. Many websites use HTTPS, which you may have noticed during browsing sessions. Thankfully, most websites that handle sensitive personal information (banking and financial sites, etc.) already default to secure browsing, which encrypts private data. Browser extensions like HTTPS Everywhere will force sites to browse securely when the option is available. Communicating over a virtual private network (VPN) also encrypts all traffic, rendering it safe from KRACK. However, be aware that VPN providers may store your data in other ways, so make sure to research and select a trusted company.

  1. Take Stock of Your IoT Devices

The Internet of Things, while still new technology, is notorious for its inherent security weaknesses. Any IoT devices you have connected to your wireless network may need to be disconnected until patches are available. Information from most IoT devices is probably harmless even if hackers were able to gain access to it, but unless each device encrypts traffic, your privacy could still be compromised.

Thankfully, this vulnerability is getting much publicity. The US Computer Emergency Readiness Team continues to update its list of over 100 vendors and their software updates, and none of the indexed vulnerabilities are yet known to be used outside of research. It’s unlikely that an everyday WPA2 user has been affected by this breaking vulnerability, but it would be wise to exercise caution until more information and software updates are released. Be wary of any unfamiliar wireless networks, and keep an eye out for any notices from your hardware and internet service providers.

For more help keeping your network safe from KRACK and other threats, contact the experts at Anderson Technologies at 314.394.3001 or info@andersontech.com.

Credit card safety after Equifax hack

Equifax Hack 101: What You Need to Know to Keep Your Credit Safe

Credit plays a ubiquitous role in our lives. What can we do when the systems we trust fail us?

Corporate cyber security breaches are more common than many people realize. The recent headline-making Equifax data hack affects upwards of 143 million Americans, making it one of the largest risks to personal information to date. This breach is leading consumers to question their safety from identity theft and whether credit bureaus and ancillary companies have their best interests at heart.

 What happened?

Equifax is one of the three biggest credit reporting agencies that collect consumer credit information. You don’t have to submit any of your personal information to Equifax for them to have it—if you’ve applied for a car loan, mortgage, or credit card, Equifax likely has your data in their system.

A vulnerability in an Equifax web application framework, Apache Struts, was discovered and disclosed in March of 2017. At that time, patches were implemented, though these efforts did not completely solve the problem and in late July suspicious traffic was noted. According to their press release about the breach, Equifax’s security team then “investigated and blocked the suspicious traffic that was identified.” Three days later (August 2, 2017), Equifax hired Mandiant, an independent cyber security consulting firm, to evaluate the damage.

After analyzing the scope of the breach, Mandiant discovered that personal information of 143 million Americans had been exposed, along with credit card numbers of 209,000 Americans, dispute documents for 182,000 Americans, and various information of certain United Kingdom and Canadian residents. In direct response to this analysis, Equifax provided a site for consumers to check whether their information may have been compromised and subsequently sign up for a free year of credit monitoring.

How is Equifax handling the situation?

Some of Equifax’s actions haven’t been viewed optimistically. A public relations nightmare ensued after the discovery of an arbitration clause in Equifax’s Terms of Use.  The language apparently waived the rights of consumers who signed up for credit monitoring to sue Equifax in relation to the security breach. It took Equifax until September 13 to release a statement that they had removed the offending clause from their Terms of Use.

Executive personnel changes also followed in the days after the hack disclosure. However, allegations of insider trading that purportedly took place after the breach was discovered have not yet been publicly addressed.

On September 20, several sources reported that Equifax incorrectly linked customers to a fake website designed to look like the signup site for credit monitoring.  Fortunately, the person who set up the fake site did not have malicious intent, but the situation revealed how easily criminals could take advantage of Equifax’s oversights and gather even more personal information.

What’s the damage?

Unfortunately, unlike many previous cyber security incidents, the type of data gathered in this breach will have a serious impact for years to come.  Criminals now have their hands on Social Security numbers, records of open credit accounts, and other personal data from Equifax’s stockpile of consumer profiles.  Attackers can now build targeted spear phishing attacks that, if executed well, will seem extremely legitimate to many users.

Will credit monitoring prevent my information from being compromised?

In short, no. Credit monitoring does nothing to prevent thieves from accessing your personal information.  It only keeps an eye out for suspicious activity regarding your credit file. Many credit bureaus and agencies advertise the service for a fee. The free year of TrustedID Premier offered by Equifax in light of this most recent breach also provides identity theft insurance, which covers up to $1 million of certain expenses, such as legal fees, related to recovering your credit information in the event of theft.

There likely won’t be any negative effects from submitting your information to Equifax and enrolling in the free year of TrustedID Premier, but until a few days ago the site was infamously broken. Some users reported receiving different messages depending on the device used to submit their inquiry. Equifax claims it fixed the site on September 13.

If you are already fastidious about monitoring your lines of credit, there’s not much to be gained by sharing additional personal information and enrolling in free credit monitoring. The olive branch from Equifax is welcome but may not make a significant impact depending on the consumer.

What other steps can I take?

There are two big moves anyone can make at any time to protect their personal information—submitting a fraud alert or requesting a credit freeze. Both actions are effective in ensuring criminals don’t have easy access to your credit, though they work in different ways.

You can request a fraud alert by contacting the credit bureaus (Equifax, Experian, TransUnion, and a smaller but still significant bureau, Innovis), but you must provide varying amounts of paperwork and personal information before your application is complete. This must be done independently for each company.  Once your fraud alert is in place, lenders can still access your credit information but they can’t grant credit in your name without contacting you first.

If you don’t want your credit files to be viewed by anyone other than yourself, applying for a credit freeze is the way to go. Even though new lines of credit can still be applied for in your name, none can be opened unless you “unfreeze” your credit files to give access. Again, this process must be completed at each credit bureau.  Consumer Union offers a thorough how-to guide on placing a security freeze on your credit files and what fees you should expect depending on which state you live in. Unfortunately, many states require fees to lift a credit freeze as well; this means you might have to pay every time you want to move or apply for a car loan. However, the costs associated with this protection are much smaller compared to the time and trouble involved with being a victim of identity theft.

Those affected can also seek legal recourse. A firm in Oregon has already filed a class-action lawsuit against Equifax, claiming that the company failed “to maintain adequate electronic security safeguards as part of a corporate effort to save money.” At least 23 other lawsuits are in the works, filed in 14 states and the District of Columbia. A federal panel will review and likely combine these cases into a single lawsuit. If class-action status is granted, affected customers will be able to join.

Even if Equifax deems you unlikely to have been impacted by the hack, it would be wise to use this opportunity to evaluate the security of your credit information and keep a closer eye on your credit scores.

Anderson Technologies is a St. Louis cyber security company that specializes in protecting client data. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

Cyber Security St. Louis Ransomware Small Business

Cyber Security in St. Louis: Ransomware Nearly Destroyed This Small Business

Ransomware attacks have been making international headlines, and St. Louis cyber security threats are all too real. See how one local business survived a ransomware attack with the help of proper IT support.

In late June, malware struck companies in the U.S., Europe, and the Middle East. This massive attack, a variant of the Petya family of ransomware, infected thousands of systems. This was on the heels of the largest global ransomware attack in history, WannaCry, the consequences of which are still being tallied months later.

In a ransomware attack, cyber criminals infect a computer or network with malware that encrypts data, rendering it unusable. They claim they will decrypt the data in exchange for a ransom, which is usually requested in the form of bitcoin. However, there is no guarantee that the data will be returned.

In light of these recent crimes and a spike in cyber attacks worldwide, ransomware protection is a hot topic. The International Police Organization (INTERPOL) recently held its annual security conference, INTERPOL World, which brings together law enforcement, security professionals, and technology providers. On the agenda was the mounting volume of cyber threats and the heightened importance of cyber security. St. Louis businesses need to tune in, too. Ransomware defenses, and other cyber security concerns, are as much local issues as they are international ones.

Just One Example of Ransomware in St. Louis

Earlier this year, a small business in the greater St. Louis area* experienced the severity of cyber security threats firsthand when ransomware infected its communications server. Luckily, when it was detected, the ransomware was confined to that device. The business’s IT support vendor detached the machine from the network, scanned it to remove the threat and returned it to the infrastructure after believing all instances of the threat had been identified and eradicated.

It had not! This time the ransomware spread throughout the network and locked up business-critical data on the primary fileserver. Because the company did not have a backup system in place, the IT vendor said it was unable to retrieve any data and suggested the only option was to pay the ransom.

The business owner was in a total panic at that point because every piece of client data for the entire business had been rendered unusable. The ransom was expensive. He knew that even if he paid it, he still risked receiving partial data, damaged data, or nothing at all. From an ethical standpoint, it felt like the wrong thing to do. Law enforcement recommends people not to pay the ransom as it encourages subsequent attacks.

The Road to Ransomware Recovery

The business owner wanted a second opinion. With a quick Google search, he found Anderson Technologies, a local St. Louis cyber security firm. He called and shared his story. Mark Anderson and his team agreed to do their best to help. Luke Bragg, senior system administrator at Anderson Technologies, went onsite, assessed the situation, and conducted a deep inspection. He discovered the ransomware had infected most of the drive but upon further investigation identified previously hidden copies of company data that were untouched. After successfully removing the ransomware Luke recovered every single file.

The ransomware recovery process took two days, but in the end the Anderson Technologies team retrieved all the company’s data, onboarded it to its managed IT services program, put new cyber security preventative measures in place, and implemented a reliable approach to backing up all the company’s files.

This is an extraordinary story and certainly not the norm. Unfortunately, plenty of businesses are attacked by ransomware from which they cannot recover. However, this example illustrates two important points:

  • Businesses must take ransomware protection seriously with cyber security. In St. Louis cyber criminals attack companies big and small.
  • The skill and experience of your IT partner affects the outcome of your ransomware recovery process.

This story could have had a different ending if the company chose a less experienced IT firm. Should your company be in a bind, choose a partner with a proven track record.

Anderson Technologies is a St. Louis cyber security company that specializes in ransomware protection and recovery. For more information on our services, email info@andersontech.com or call 314.394.3001 today.

*To protect this business’s privacy, we have omitted its name and any identifying details.

Password Safety Cyber Security

Change Your Passwords for the Last Time

Everything you know about creating passwords is about to change.

The National Institute of Standards and Technology (NIST) recently released their new Digital Identity Guidelines, which explains how many of the security measures in place for passwords simply don’t work. According to the NIST, “Humans … have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.”

In other words, it’s hard to remember “1S6u5^Q%,” so most users go with something simple like “cakeboss.” Previous guidelines indicated complexity would make passwords more secure, but when restrictions require a capital letter, number, and special character, users are more likely to adapt an easy password to match, turning “cakeboss” into “Cakeb0ss!” Furthermore, when required to change passwords every 90 days, users often make small changes (i.e., “Cakeb0ss!1”) rather than creating entirely new passwords. These minimal alterations are predictable and increase the risk of a security breach significantly.

The New Guidelines

Thanks to the NIST, the new guidelines focus on usability as a factor of password security. If someone can’t remember a password or must write it down because it is constantly changing, then it’s not secure. Because using numbers and special characters is so predictable, complexity is not as important as length and memorability.

For this reason, the NIST suggests that numbers and special characters not be required of users. Spaces should also be allowed so users can create strong password phrases. Simple phrases that the user can remember easily, even when lowercase and using normal words, are more secure than passwords like “1S6u5^Q%.”

The guidelines still indicate a minimum password length of 8 characters but propose allowing up to 64 so users can create strong password phrases. The NIST considers length a “primary factor in characterizing password strength.” A strong password is a combination of four or five words that the user can recall but cannot easily be guessed by a hacker or malicious software (i.e., “Milky Orange Clock Wolf”).  Note that many sites currently do not allow spaces between words so you may need to remove them, but this will change as people adopt these new standards.

The NIST also puts more of the onus on the service rather than the user. They suggest that passwords be compared to “blacklists” of known compromised passwords before acceptance.  Accounts should also limit the number of times a user can enter a wrong password before locking access for some length of time. This way users can create simpler passwords while service providers increase password security.

So, let go of notepads full of passwords too strange to be remembered. For sites that quickly adopt the NIST’s new guidelines, create strong password phrases only you’ll recall.  Otherwise, we’ll have to wait for the rest of internet to catch up. Until then, password managers such as LastPass or Dashlane can keep track of those complex passwords far more securely than writing them down.

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cyber security experts a call at 314.394.3001 or email info@andersontech.com.

Cloud Computing America St. Louis

Why St. Louis Businesses Are Embracing Cloud Computing Services

There’s a lot to like about cloud computing. St. Louis businesses can benefit from the cost-savings, security features, and ease of collaboration facilitated by cloud-based solutions. Here’s what you need to know.  

Worldwide spending on public cloud computing will increase from $67 billion in 2015 to $162 billion by 2020, according to IDC, a global market intelligence firm. This surge is fueled in part by a growing number of small and medium-sized businesses adapting cloud computing. St. Louis companies are investing more in IT across the board. According to a recent report, technology hiring in the St. Louis area is on the rise for the second half of 2017. More companies are expanding in or relocating to St. Louis, which is part of what’s driving the trend, but in general, St. Louis small businesses are investing more in digital marketing, mobile, and big data. Cloud services can play a crucial role in data security, and they also offer a host of other benefits.

What is Cloud Computing?

In the past, businesses stored all their data and ran their applications on company-owned and managed servers in their offices. Now, they can do these same functions online. When someone says they’re using cloud-based software, that software is delivered via the internet, as opposed to the “old days,” when we used CD-ROMs to physically install programs on our computers. If a business is using the cloud as part of its data storage approach, that means it is storing critical business information somewhere other than a server onsite. The information lives online.

Let’s take a closer look at why small businesses are using cloud-based services.

  1. Affordability

Cloud computing services allow smaller companies to leverage IT technology that was previously reserved for businesses with big budgets. For example, rather than having to invest in its own network of servers, a small business can pay a monthly fee to leverage cloud computing services. With cloud computing, it is also easy to scale services up or down as your business needs change.

  1. Security

Storing data in the cloud, ideally as part of a hybrid approach in which you back up data locally and online, offers businesses of all sizes important security benefits. For example, if your server crashed or your office was hit by a natural disaster, you’d have peace of mind knowing your data was also stored remotely.

The security benefits of the cloud extend beyond data storage. If you use cloud-based software, or software as a service (SaaS), your software is automatically updated with important security patches. These security updates help protect you from digital fraudsters, who are constantly looking for new ways to infiltrate your system.

The increase in cyber crime also contributes to the growing adoption of cloud services. St. Louis businesses identify cyber security as a key concern, according to the previously cited report. If an employee clicks a link and unwittingly downloads ransomware, the damage could extend beyond that machine. New strains of ransomware can encrypt your entire network, even your local backup servers. If you were backing up data to the cloud, you would be able to work with your IT provider to wipe your system clean and start anew from your last backup.

It is worth noting that not all cloud backup providers are created equal, and they are not immune from hackers. Cyber crime targeting the cloud is on the rise. A dual-destination backup approach is just one part of a comprehensive IT security plan.

  1. Increased Efficiency

Cloud-based services make collaboration easier. A simple case in point is when multiple team members are working on the same file. Rather than sending the document back and forth and tracking changes, a system where edits can be easily lost or mismanaged, businesses can opt to use a cloud-based program, such as Microsoft OneDrive or Dropbox for Business. Then, multiple users can work from the same master document easily.

When your data is in the cloud, you can also access it remotely, whether you are onsite with a client or working remotely.

Those are just a few of the reasons to consider cloud services. St. Louis businesses should work with an IT specialist to determine what is right for them. Anderson Technologies has a team of St. Louis cloud services specialists who can assess your IT needs and determine, execute, and manage the most cost-effective, efficient, and secure plan for you.

For more information on our cloud computing services, email info@andersontech.com or call 314.394.3001 today.

St. Louis IT Company Cyber Security Training

St. Louis IT Company Anderson Technologies Launches Free Onsite Cybersecurity Training for Its Clients

St. Louis IT company Anderson Technologies is committed to educating its clients, as well as St. Louis at large, about cyber security and IT best practices. As part of that mission, it is offering free cyber security training workshops in which participants learn how to protect their computer systems from cyber attacks.

Small business owners have a lot on their plate. While it’s understandable that cyber security and other IT issues could fall through the cracks, there’s simply too much at stake to let that happen. Cyber crime targeting small businesses is on the rise everywhere, and St. Louis is no exception. By adhering to IT best practices, employees can mitigate their risk of being victimized by a cyber attack, including ransomware. In fact, it’s one of the smartest things they can do to help protect their business.

The team at Anderson Technologies strives to deliver clients the best managed IT services possible. It also wants to educate them. That’s why it recently unveiled a free Onsite Cyber Security Training program to provide educational workshops about IT best practices. The IT company offers the sessions free of charge and holds them at clients’ offices for their convenience.

Mark Anderson, principal of Anderson Technologies, understands audience members have varying degrees of tech proficiency, so he designs his talks to resonate with non-technical staff members as well as those with deeper domain knowledge. Topics covered include:

  • Cyber crime and how it can impact you and your business
  • The importance of a multi-layered security approach
  • Creating reliable data backups and a strong disaster recovery plan
  • Why you need a hardware firewall and business-grade anti-virus/anti-malware software
  • Digital best practices all your employees should follow

Anderson also teaches participants how to recognize phishing emails and how to safely make company purchases online. After his presentation, questions from the audience are encouraged. He says the Q&A is one of the most valuable portions of the session.

The St. Louis cyber security and IT company ran its first free cyber security training seminar this April at Smile Station Dental, where Anderson fielded questions about password management and what to do if you think your computer has been infected with malware.

Even if a business has taken the proper precautions to protect its data from cyber attacks, an employee can unwittingly infect the network with malware by clicking a nefarious link or downloading a dangerous attachment. These scams have become tougher to spot as criminals get better at spoofing legitimacy. The increasing difficulty is what makes education even more crucial. By teaching its clients best practices and how to recognize red flags, Anderson Technologies believes it can help keep them safer online.

“Education is power,” says Anderson. “We want everyone to be as knowledgeable as possible, which is why we offer these workshops as a value-add for our clients, as well as to others in the St. Louis community. We believe educating users about cyber security best practices can save everyone trouble in the future and help limit the number of cyber attacks.”

As part of its mission to educate the St. Louis community about cyber security, the IT company has also produced an eBook, An Employee’s Guide to Preventing Business Cyber Crime. Educating every employee, at every level of the organization, is an often-overlooked step of cyber security. This guide is specifically designed for small businesses and emphasizes that every employee has a role to play when it comes to keeping a business safe from mounting cyber threats. The eBook is available to download for free.

Anderson Technologies is a St. Louis cyber security company committed to providing quality IT services to St. Louis and beyond. If you’re interested in setting up a free cyber security training session at your office, contact Anderson Technologies by sending an email to info@andersontech.com or calling 314.394.3001.