Contact Us Today!   314.394.3001   |   info@andersontech.com

Anderson Technologies Recognized as a Best Cyber Security Firm for 2020

/in , /by

Anderson Technologies has been featured by Small Business Monthly as one of St. Louis’s Best IT Firms for the past three years, and this year we are pleased to announce that we made the list for Best Cyber Security Firm in 2020!

A core tenant of Anderson Technologies’ 25 years serving the St. Louis area is our education and employee training approach to cyber security. Beyond the purely technical aspects like security monitoring, system audits, and essential hardware—all key parts of managed IT services through Anderson Technologies—we’ve found that continued education on cyber security risks and solutions is often what makes an impact and keeps an organization safe.

Do you need an expert eye on your organization’s cyber security? Download our FREE Cyber Security Essentials Checklist to see where your organization stands in 2020. For more help, please call us at 314.394.3001 or send us an email at info@andersontech.com for more information.

 

 

Celebrating 25 Years of Anderson Technologies

/in , , /by

This February marks Anderson Technologies’ 25th anniversary providing exceptional IT services for clients in the St. Louis area and beyond. The milestone provides an opportunity to reflect on the company’s journey since its inception and provides a thoughtful lens on how the organization plans to forge a path for the future.

Founding Principals Mark and Amy Anderson met in college as Computer Science majors and started their professional careers in the late ‘80s as software engineers for McDonnell Douglas’ Avionics Laboratories. After several years, their entrepreneurial spirit kicked in and the company was incorporated in February 1995 as an IT consulting firm. “I’ve always enjoyed helping people and being entrepreneurial,” Mark recalls. Like many successful business owners, he has fostered that entrepreneurial spirit from an early age. Growing up in a military family as a seventh grader pushing a lawnmower around the yards of trusting homeowners, he’ll never forget the advice his father brought home from his commanding officer while stationed in Germany: “If in life you always strive to do your very best, work will seek you out.” This became a foundational idea in Mark’s outlook. By demanding honesty, integrity, and excellence in himself, everything else took care of itself. Amy’s strength has always been to implement Mark’s big ideas in a practical and risk-averse way, which fueled the birth of Anderson Technologies.

If in life you always strive to do your very best, work will seek you out.”

Initially the Andersons provided technology consulting to Fortune 500 corporations until the market shifted offshore in the early 2000s. This fueled the company’s move from software engineering to system administration and IT consulting. After the start of the new millennium, Anderson Technologies experienced what Mark and Amy describe as a “quiet decade” while their two children were still young. They gravitated towards custom projects that would serve as the foundation for a new division of the company, Anderson Archival. “We were approached by a client who asked us to do technical project management and archival work for them,” Amy says. “While that was going on, we were also performing system and network administration for a handful of companies and helping with their technology.”

Not only has Anderson Technologies evolved over the course of twenty-five years, but so has the IT industry. “At first there was no such thing as managed services on an ongoing basis, where clients would pay a monthly fee for proactive IT support,” Mark says. Once the IT industry’s standard break/fix model was transformed by the need for vigilant, comprehensive managed services, Anderson Technologies fully embraced and invested in this new way of providing outstanding services to its clients.

“Let’s pivot,” Mark remembers thinking, “to focusing on small and mid-sized businesses who will appreciate a relationship with an IT vendor they can look in the eye and wholeheartedly trust.” Developing this strong client-vendor relationship was the foundation upon which Anderson Technologies built itself.

In order to share this new, proactive managed services approach, the company started by asking small business owners what technical challenges they were trying to overcome—and if it didn’t have a solution for them, the team would find another vendor who could help. “We are known for being an organization who cares and who treats people fairly,” Amy says.

In 2020, Anderson Technologies is focused on growing into a new office space, which is about three times the size of the previous location. “It’s a huge milestone for us,” Amy says. “You can feel the momentum.”

Indeed, the firm blossomed over the last few years alone, nearly doubling in size and welcoming Farica Chang as a partner. For over a decade Farica has been integral to Anderson Technologies. “Farica is extremely talented,” Amy says. “When we make a promise to a client, she along with our wonderful employees, consistently find a way to deliver an exceptional result. Farica is key to the company’s current and future success, and we are so grateful she is now a partner.” Mark agrees. “Farica exemplifies the company’s values so well,” he says. “She’s fearless—there’s nothing she can’t do. Her character, work ethic, and talents have blessed all of us. We wouldn’t be the same company without her.”

Working for Mark and Amy after graduation from UCLA and her professional experience at Fortune 500 companies, Farica notes that the opportunities available as part of a smaller team are immeasurable. “Mark and Amy shared responsibilities with me that I could never have imagined had I been a small cog in the gears of a giant corporation,” she says. “Together we conquered thorny technical challenges and complex project management. They fostered an environment of mutual trust and support—nurtured my development as a leader—and showed me how to care for a client’s needs as we care for our own.”

Together we conquered thorny technical challenges and complex project management.”

Anderson Technologies wouldn’t be where it is today without its people. Each member of the team is a valued piece of the puzzle—offering key unique strengths and devotion to a job well done. “Honestly, I love my work because I love our team,” says Farica. “Even on the busiest days, I know I can turn to anyone for help. Many of my colleagues have been with us for five years or more. I’m so proud of their growth and can-do spirit.”

Mark, Amy, and Farica appreciate this moment to pause and reflect on how vibrant their IT company has become. The last twenty-five years have been busy ones, and they don’t foresee slowing down any time soon. “Our hearts are filled with gratitude,” Mark says. “Gratitude for our wonderful employees, clients, and business partners who have enabled us to realize a dream and together build something truly special.”

Here’s to 25 more years of Anderson Technologies!

For more information about the Anderson firms or to find out how Anderson Technologies or Anderson Archival can provide solutions for your organization, contact us today!

windows 7 end of life windows 10 upgrade

End of an Era: Saying Sayonara to Windows 7

/in , , /by

January 14, 2020. Today marks the end of an era. As of today, Microsoft no longer offers support for its Windows 7 operating system.

If you’re still hanging on to outdated hardware running Windows 7, you’ll no longer receive updates, attack countermeasures, and security patches.

Your Windows 7 machines—and entire network—will be vulnerable to new breaches, exploits, malware and viruses.

It also means that, starting today, no Windows 7 computer is HIPAA compliant. Using hardware that cannot be protected with patches and updates means the Security Rule is not being followed, and if a breach does occur, you’ll probably be liable.

Anderson Technologies recommends upgrading all Windows 7 machines and other Microsoft offerings that also reach End of Life today, including Hyper-V Server 2008/Hyper-V Server 2008 R2 and Windows Server 2008/Windows Server 2008 R2.

What’s the Big Deal?

Businesses and organizations in every field should take end of support for an operating system seriously. Cyber crime is on the rise, and while many criminals continue to target anyone who will click their bait, many more see the value in targeting vulnerable access points to a network, knowing that the data and additional connections they unlock can really pay off. Recently, hundreds of nursing homes and veterinarians lost access to patient data, and multiple municipalities in Texas were effectively shut down due to their software and cloud providers being compromised by ransomware.

It’s not a question of if you’ll be targeted, but when.

For any business, staying up to date on all security and software patches is an essential part of the electronic era. After today, anyone running Windows 7 is holding the door open for cyber criminals once the newest zero-day threat is identified and exploited. Don’t count on your cyber insurance to cover any ransom or damages you incur in the event of an attack. Many cyber insurance policies require businesses to have certain security measures in order to pay out, and an updated and patched OS is one of the most basic protections you can have.

If you operate in the healthcare vertical, staying up to date is not just important, it’s the law. Under HIPAA, any Covered Entity or Business Associate must comply with the same standards. Having patched and routinely updated hardware is part of HIPAA’s Security Rule, and failure to comply won’t just mean trouble from cyber criminals. The Office of Civil Rights can levy significant fines for businesses that knowingly ignore cyber security guidelines.

In the accounting vertical, operating from an unsecured OS could leave you in breach of the FTC Safeguards Rule, and your client data will be vulnerable.

Staying up to date on all security and software patches is essential when fighting cyber crime. After January 14, 2020, anyone still running Windows 7 is inviting cyber criminals in through an unguarded, open door.

What Options Do I Have?

  • Extended Support for Windows 7. Microsoft’s extended support plan is only available to users running Windows 7 Pro or Enterprise through volume licensing. Contact your IT provider or Microsoft representative to determine if you are eligible. If you are, you can purchase up to three years of extended Windows 7 support, starting at $50-$100 per computer for the first year and doubling in price each year following. This is not a long-term fix, but it could allow you to spread out your upgrades over several years instead of upgrading your equipment all at once.
  • Windows Virtual Desktop. Microsoft is also offering three years of support for free with Windows Virtual Desktop. If you’ve been considering moving to the cloud, this might be a good time to look into Azure and reduce hardware costs.
  • Update OS to Windows 10. If hardware costs are holding you back from getting a fully-supported machine, updating your existing computers to Windows 10 might be the most cost-effective option to remain secure. Unfortunately, many computers running Windows 7 are not capable of efficiently running Windows 10.
  • Upgrade Hardware for Maximum Security. The most secure option moving forward is a secure OS (Windows 10) paired with up-to-date hardware built to run modern software and protect data.

If upgrades just aren’t feasible—maybe essential software isn’t compatible with Windows 10 or you’re operating on Virtual Desktop—security should be at the forefront of your mind. Move forward with updates and upgrades when you can, and until then:

  • Do not connect Windows 7 computers to the internet.
  • Don’t store client data on unsecure systems.
  • Back up your business data daily and make sure these backups are configured to adequately protect them against cyber attacks.

The time to act is now. Don’t be caught with your IT systems wide open to the next cyber attack. Upgrade to Windows 10 before it’s too late. Anderson Technologies can help. Contact us at 314.394.3001 or info@andersontech.com.

Best IT Firm 2019

/in /by

Anderson Technologies has been listed once again as one of St. Louis’s Best IT Firms in Small Business Monthly’s “Best of the Best in Business” feature! The Best in Business – Annual Business Owners’ Guide provides an essential resource for St. Louis business owners, and we are proud and grateful to be honored for the third year in a row and for the chance to serve you!

So far in 2019, our growing team has brought professionalism, honesty, and responsiveness to other small businesses with the goal of implementing robust and secure IT solutions designed to meet your needs.

The Anderson Technologies approach to managed IT services includes dedication to our clients through monitoring and audits, updating essential hardware, and providing continued education on cyber security risks and solutions.

Our team of managed IT service providers delivers long-term, enlightened IT solutions for local small businesses and organizations, as well as many out of town clients.

Being awarded as one of the best IT firms in St. Louis in 2019 is a great honor. We look forward to continuing to serve the St. Louis area as we continue to grow. Thank you for your appreciation and support!

If you would like a free IT consultation or if you are in need of a full network audit, please call us at 314.394.3001 or email us at info@andersontech.com.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

Announcing Our New Partner

/in /by

Anderson Technologies and its division Anderson Archival is pleased to announce that our Director Farica Chang is now a partner in the company, becoming partial owner and Principal along with Founding Principals Mark and Amy Anderson.

This exciting news signifies her long-term dedication to the firm. “This is the fitting next step in my commitment to Anderson Technologies and its future,” Farica says. “Working with Mark and Amy for over ten years, we’ve built a company that puts our principles first—focused on providing clients with quality service and dedication to their needs. I have faith in our organization and my team members. I know we all care deeply about each other and the work we do.”

After graduating with honors from the University of California, Los Angeles, in 2008, Farica returned to her hometown to work for the Andersons in St. Louis, Missouri. After only three months as a contract worker, she was promoted to full-time project manager. “Farica is filled with initiative,” Amy Anderson states. “Farica has always had an ownership mentality and is willing to do whatever it takes to deliver excellent results.” An avid learner, she was part of the inaugural class of Harvard’s first computer science certification offered on edX, followed by MIT entrepreneurship classes as well as professional cybersecurity certification from the esteemed technical institution.

“The bar Farica sets for herself and the team is exceptional,” Mark Anderson says. “We are blessed to have Farica’s talents, commitment, gifts, expertise, care, work ethic, dedication, customer focus, and highest standards of quality. She is principled, honest, and fully expresses the values we have set for the company.”

By investing in Anderson Technologies, Farica attests to the longevity and commitment Anderson Technologies has to its employees and clients. “My work continues to be one of the critical pillars in my life after family,” Farica says. “I love what we do—supporting our clients and helping them solve challenging technical issues every day. To have the privilege of working with such talented team members and organizations is a blessing I do not take for granted.”

Congratulations, Farica!

To learn more about Farica’s background, credentials, certifications, and contributions to our company, she invites you to connect with her on LinkedIn: https://www.linkedin.com/in/farica.

Office Depot Pays for False Malware Reports

/in , , , /by

Do you trust your computer’s security to anonymous department store employees?

For many, the low price, high convenience, and ease of taking a home computer or laptop to a store like Office Depot or OfficeMax for maintenance or repair far outweighs any risk that would normally be associated with a stranger sifting through your files. A solid reputation for service makes a free scan from stores like Office Depot seem like the perfect solution to minor computer issues.

Unfortunately, between 2009 and 2016, one corporation violated the trust that comes with that reputation.

PC Health Check

During this time, Office Depot/OfficeMax utilized an application called PC Health Check and ran the program as part of its in-store computer services. The program’s free scan was marketed to check the “health” of PCs by scanning for malware. However, instead of actually checking the computer, if any one of four signs of probable malware were selected by the user, PC Health Check automatically reported the presence of malware and suggested the user pay for PC cleaning and repair.

PC Health Check was licensed to Office Depot and OfficeMax by Support.com, who received a percentage of each purchase. In late March, the FTC reported on their ruling that the companies will now be prohibited from making deceptive claims, and will pay $35 million in fines to the FTC, which the government will then distribute as refunds for fraudulently-triggered purchases.

Exposed!

Ars Technica reported that in November of 2016, this scam was exposed by Jesse Jones of news station KIRO 7 in Seattle. The investigations team ran six brand new computers through PC Health Check, and four of the six were flagged with symptoms of malware, even though the computers had never been connected to the internet. These same computers were found to be malware-free by an independent IT services provider!

After this report, Office Depot/OfficeMax pledged to take appropriate action and pay the agreed-upon fine. According to the FTC, that had not yet happened, though the PC Health Check program’s use was discontinued.

Read about Anderson Technologies’ approach to managed IT services here!

The Takeaway

This FTC ruling should serve as a warning to anyone soliciting unneeded maintenance and repair, but it’s also a warning for consumers. The security of your business machines and network shouldn’t be trusted to just anyone.

Ask questions. What evidence does the IT services expert have for the action they propose? Does the software they utilize for diagnostic purposes have a solid reputation? Have other individuals and businesses experienced positive results after working with the expert or team?

At Anderson Technologies, we recommend cultivating a relationship with your IT services provider over time. The best results come from managed services providers who interact with all levels of your network and computer systems. Of course, emergencies happen, often when we least expect it. In those cases, resist the temptation of a quick fix even from a brand name.

Could you be eligible for a refund from the FTC in this case? Click the Get Email Updates button on their announcement. Seeking an alternative to cookie-cutter IT support? Contact Anderson Technologies and see how we’ve earned our reputation over twenty-plus years.

Chrome Zero-Day Threat Exploit Found

/in , , /by

At Anderson Technologies, we take reports of zero-day threats very seriously. So when Google disclosed one in their popular Chrome browser, our IT experts moved swiftly to patch our managed IT services clients’ devices immediately.

We also want to spread the word on how to mitigate this threat.

The Exploit

Dubbed CVE-2019-5786, this zero-day Chrome exploit can bypass security measures and run a Remote Code Execution. This allows malware or other code to be loaded onto your computer without detection from the browser’s built-in security.

Read more about this threat exploit at Forbes.

The Solution

Update Chrome. It’s as easy as that. Google’s already fixed the problem and issued a patch.

Your Chrome browser may already be updated. To check, go into Chrome “Help” in the options button (the three vertical dots in top-right corner) and click “About Google Chrome.” The current version should be 72.0.3626.121. If you don’t have this version, you’ll need to update Chrome immediately.

password breach category 1

Collection #1 Security Breach

/in , /by

Here at Anderson Technologies we like to keep our clients updated on the latest cyber security news. We’ve covered such breaches as KRACK and the Equifax hack in the past, and now we’re reporting on a breaking data breach called Collection #1, which affects nearly 2.7 billion emails and password combinations.

What Exactly Is the Collection #1 Breach?

The Collection #1 Breach was first reported January 17, 2019, by Troy Hunt, a cyber security researcher and operator of Have I Been Pwned (HIBP). Hunt named the breach after the root folder—containing over 87GB of data—that was uploaded to a hacking forum. Comprised of around 773 million unique email addresses and 21 million unique passwords, this information seems to have been gathered from databases of personal information from over 2000 breaches as far back as 2008.

“This number makes it the single largest breach ever to be loaded into HIBP,” Hunt states in his blog post explaining the breach.

While this personal information may not be much use to one-off hacking attempts, the real danger comes with a technique known as “credential stuffing.” Gizmodo explains:

Basically, credential stuffing is when breached username or email/password combos are used to hack into other user accounts. This could impact anyone who has used the same username and password combo across multiple sites. This is concerning as the Collection #1 breach contains almost 2.7 billion combos.

How Do I Know if I’ve Been Impacted?

Thankfully, the easiest way to see if any of your email addresses, usernames, or passwords have been affected by Collection #1 is to use Hunt’s HIBP. You may have even used this resource to know whether or not to change a password after past breaches like Equifax!

Hunt has painstakingly cleaned and entered all data from Collection #1 into HIBP’s (safe) search engine, allowing anyone to securely check if any individual user account information was compromised.

have i been pwnd

How Do I Keep My Accounts Safe from Future Breaches?

The nature of these data breaches indicate decoding of previously encrypted account information like email addresses and passwords. Anderson Technologies recommends protecting yourself with multi-factor authentication (MFA), as well as a password manager like LastPass or Dashlane.

“The only way to effectively deal with it is to use MFA,” says Joe Baker, Anderson Technologies Systems Administrator. “I like the MFA standard of something you know and something you have—you know your password, and you have your phone for authentication.

“Everyone should go to haveibeenpwned.com to check their email addresses. For me, after entering my email, I searched for and found my compromised email and old password in a matter of seconds. It’s shockingly easy to get this info once it’s out there in plain text. If it’s something that you care about, protect it with MFA. If you can’t protect the account with MFA, then don’t use that account.”

If you believe information vital to your business has been compromised (current administrator credentials, for example), immediate intervention can help mitigate further security threats. Senior Systems Administrator Eric Dischert suggests the following steps:

  • Update passwords for all affected accounts
  • Temporarily lock all systems until extent of the breach is known and appropriate steps have been taken
  • Ensure proper auditing and logging are running
  • Determine the root cause, impact, and necessary steps to fix
  • Deliver a public announcement (if industry regulations require it) and prepare for corresponding responses
  • Educate employees regarding breach details and lessons learned

As always, consult with your managed services provider to ensure all these steps are completed thoroughly enough to protect your business from further threat. For more information about Collection #1 and the consequences for your personal information, contact us here or at 314.394.3001.

windows 7 end of life windows 10 upgrade

Countdown to Windows 7 End of Life on January 14, 2020

/in , , /by

While the world celebrated the New Year, Microsoft enjoyed their own major milestone as Windows 10 was finally declared more popular than Windows 7.  Previous iterations of the Windows operating system couldn’t sway many Windows 7 corporate holdouts (Windows 8 and Windows Vista, for example), but for several years Windows 10 has demonstrated the stability and performance necessary to support business users.

More than half of enterprise machines run Windows 10 today. However, many others still use Windows 7. Experts consider these active machines a security risk—not to mention their poor performance due to aging hardware. Now Microsoft is forcing everyone’s hand.  Exactly one year from today, Windows 7 joins other aged operating systems in “end of life,” placing any machines still running it on a deadline.

If a single Windows 7 machine is attached to your network after January 14, 2020, it becomes the weakest link and an open door for cyber criminals to compromise the rest of your machines.

What Does This Mean for Your Computer and Your Business?

Windows 7 reaches end of life on January 14, 2020. After this date, Microsoft will no longer develop countermeasures or fixes to address new breaches, exploits, viruses, and attacks, leaving Windows 7 computers vulnerable. Some businesses may require a machine to stay on Windows 7 to run legacy software, but these machines should not be connected to the network as they will be a high-value target, giving hackers easy access to an otherwise secure network.

The compromised security of each machine, your network, and the data it contains is the most powerful reason to upgrade. Criminals become more skilled every day at finding vulnerabilities and ways inside your network, and the value of business-essential or confidential data continues to rise. Your business has probably already encountered some form of cyber security risk – and will again. In fact 61% of small and medium businesses were attacked in 2018.

For businesses that are Covered Entities or Business Associates under HIPAA, this cannot be ignored. Starting January 14, 2020, no Windows 7 computer will be considered HIPAA compliant. The ability to patch known security issues is required by the Security Rule to avoid reasonably anticipated threats to ePHI. Failure to do so could lead to serious liability if a breach occurs.

This deadline is an opportunity. Consider it a countdown to more efficient work spaces, more secure transactions, and features that integrate seamlessly with the Cloud and mobile devices. Speed, usability, and security all see major upgrades in Windows 10—upgrades that can make a huge difference for your business.

Want to begin the process of upgrading to Windows 10? Contact Anderson Technologies at 314.394.3001 to speak to one of our IT experts about the best plan forward.