Contact Us Today!   314.394.3001   |   info@andersontech.com

Best IT Firm 2019

/in /by

Anderson Technologies has been listed once again as one of St. Louis’s Best IT Firms in Small Business Monthly’s “Best of the Best in Business” feature! The Best in Business – Annual Business Owners’ Guide provides an essential resource for St. Louis business owners, and we are proud and grateful to be honored for the third year in a row and for the chance to serve you!

So far in 2019, our growing team has brought professionalism, honesty, and responsiveness to other small businesses with the goal of implementing robust and secure IT solutions designed to meet your needs.

The Anderson Technologies approach to managed IT services includes dedication to our clients through monitoring and audits, updating essential hardware, and providing continued education on cyber security risks and solutions.

Our team of managed IT service providers delivers long-term, enlightened IT solutions for local small businesses and organizations, as well as many out of town clients.

Being awarded as one of the best IT firms in St. Louis in 2019 is a great honor. We look forward to continuing to serve the St. Louis area as we continue to grow. Thank you for your appreciation and support!

If you would like a free IT consultation or if you are in need of a full network audit, please call us at 314.394.3001 or email us at info@andersontech.com.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

Announcing Our New Partner

/in /by

Anderson Technologies and its division Anderson Archival is pleased to announce that our Director Farica Chang is now a partner in the company, becoming partial owner and Principal along with Founding Principals Mark and Amy Anderson.

This exciting news signifies her long-term dedication to the firm. “This is the fitting next step in my commitment to Anderson Technologies and its future,” Farica says. “Working with Mark and Amy for over ten years, we’ve built a company that puts our principles first—focused on providing clients with quality service and dedication to their needs. I have faith in our organization and my team members. I know we all care deeply about each other and the work we do.”

After graduating with honors from the University of California, Los Angeles, in 2008, Farica returned to her hometown to work for the Andersons in St. Louis, Missouri. After only three months as a contract worker, she was promoted to full-time project manager. “Farica is filled with initiative,” Amy Anderson states. “Farica has always had an ownership mentality and is willing to do whatever it takes to deliver excellent results.” An avid learner, she was part of the inaugural class of Harvard’s first computer science certification offered on edX, followed by MIT entrepreneurship classes as well as professional cybersecurity certification from the esteemed technical institution.

“The bar Farica sets for herself and the team is exceptional,” Mark Anderson says. “We are blessed to have Farica’s talents, commitment, gifts, expertise, care, work ethic, dedication, customer focus, and highest standards of quality. She is principled, honest, and fully expresses the values we have set for the company.”

By investing in Anderson Technologies, Farica attests to the longevity and commitment Anderson Technologies has to its employees and clients. “My work continues to be one of the critical pillars in my life after family,” Farica says. “I love what we do—supporting our clients and helping them solve challenging technical issues every day. To have the privilege of working with such talented team members and organizations is a blessing I do not take for granted.”

Congratulations, Farica!

To learn more about Farica’s background, credentials, certifications, and contributions to our company, she invites you to connect with her on LinkedIn: https://www.linkedin.com/in/farica.

windows 7 reaching end of life

The Time Is Now! Only Six Months Remain for Windows 7 Support

/in , , , , /by

Have you seen Microsoft’s courtesy reminders popping up on your Windows 7 machines?

Today may feel far from January 14, 2020, the date when Windows 7 reaches end-of-life, but business upgrades of work spaces and systems take time. It is important to start the process now, or as soon as possible, to ensure that your network remains secure come the New Year’s deadline.

Experts already consider machines running Windows 7 to be a security risk, and starting on January 14, Microsoft will no longer develop free countermeasures or fixes to address new breaches, exploits, viruses, and attacks. Windows 7 computers and the networks they are connected to will be completely vulnerable. For organizations unable to perform wide-spread updates, Microsoft’s Extended Security Update program will continue to provide support for Windows 7 machines, but for a steep fee.

If a single Windows 7 machine is attached to your network after January 14, 2020, it becomes the weakest link and an open door for cyber criminals to compromise the rest of your machines.

The compromised security of each machine, your network, and the data it contains is the most powerful reason to upgrade. Criminals become more skilled every day at finding vulnerabilities and ways inside your network, and the value of business-essential or confidential data continues to rise. Your business has probably already encountered some form of cyber security risk – and will again. In fact 61% of small and medium businesses were attacked in 2018.

For businesses that are Covered Entities or Business Associates under HIPAA, this cannot be ignored. Starting January 14, 2020, no Windows 7 computer will be considered HIPAA compliant. The ability to patch known security issues is required by the Security Rule to avoid reasonably anticipated threats to ePHI. Failure to do so could lead to serious liability if a breach occurs.

The fact is, on January 14, 2020, Windows 7 machines will not be equipped to provide the resilient safety your network needs.

 

Want to begin the process of upgrading to Windows 10? Contact Anderson Technologies at 314-394-3001 to speak to one of our IT experts about the best plan forward.

Office Depot Pays for False Malware Reports

/in , , , /by

Do you trust your computer’s security to anonymous department store employees?

For many, the low price, high convenience, and ease of taking a home computer or laptop to a store like Office Depot or OfficeMax for maintenance or repair far outweighs any risk that would normally be associated with a stranger sifting through your files. A solid reputation for service makes a free scan from stores like Office Depot seem like the perfect solution to minor computer issues.

Unfortunately, between 2009 and 2016, one corporation violated the trust that comes with that reputation.

PC Health Check

During this time, Office Depot/OfficeMax utilized an application called PC Health Check and ran the program as part of its in-store computer services. The program’s free scan was marketed to check the “health” of PCs by scanning for malware. However, instead of actually checking the computer, if any one of four signs of probable malware were selected by the user, PC Health Check automatically reported the presence of malware and suggested the user pay for PC cleaning and repair.

PC Health Check was licensed to Office Depot and OfficeMax by Support.com, who received a percentage of each purchase. In late March, the FTC reported on their ruling that the companies will now be prohibited from making deceptive claims, and will pay $35 million in fines to the FTC, which the government will then distribute as refunds for fraudulently-triggered purchases.

Exposed!

Ars Technica reported that in November of 2016, this scam was exposed by Jesse Jones of news station KIRO 7 in Seattle. The investigations team ran six brand new computers through PC Health Check, and four of the six were flagged with symptoms of malware, even though the computers had never been connected to the internet. These same computers were found to be malware-free by an independent IT services provider!

After this report, Office Depot/OfficeMax pledged to take appropriate action and pay the agreed-upon fine. According to the FTC, that had not yet happened, though the PC Health Check program’s use was discontinued.

Read about Anderson Technologies’ approach to managed IT services here!

The Takeaway

This FTC ruling should serve as a warning to anyone soliciting unneeded maintenance and repair, but it’s also a warning for consumers. The security of your business machines and network shouldn’t be trusted to just anyone.

Ask questions. What evidence does the IT services expert have for the action they propose? Does the software they utilize for diagnostic purposes have a solid reputation? Have other individuals and businesses experienced positive results after working with the expert or team?

At Anderson Technologies, we recommend cultivating a relationship with your IT services provider over time. The best results come from managed services providers who interact with all levels of your network and computer systems. Of course, emergencies happen, often when we least expect it. In those cases, resist the temptation of a quick fix even from a brand name.

Could you be eligible for a refund from the FTC in this case? Click the Get Email Updates button on their announcement. Seeking an alternative to cookie-cutter IT support? Contact Anderson Technologies and see how we’ve earned our reputation over twenty-plus years.

Chrome Zero-Day Threat Exploit Found

/in , , /by

At Anderson Technologies, we take reports of zero-day threats very seriously. So when Google disclosed one in their popular Chrome browser, our IT experts moved swiftly to patch our managed IT services clients’ devices immediately.

We also want to spread the word on how to mitigate this threat.

The Exploit

Dubbed CVE-2019-5786, this zero-day Chrome exploit can bypass security measures and run a Remote Code Execution. This allows malware or other code to be loaded onto your computer without detection from the browser’s built-in security.

Read more about this threat exploit at Forbes.

The Solution

Update Chrome. It’s as easy as that. Google’s already fixed the problem and issued a patch.

Your Chrome browser may already be updated. To check, go into Chrome “Help” in the options button (the three vertical dots in top-right corner) and click “About Google Chrome.” The current version should be 72.0.3626.121. If you don’t have this version, you’ll need to update Chrome immediately.

password breach category 1

Collection #1 Security Breach

/in , /by

Here at Anderson Technologies we like to keep our clients updated on the latest cyber security news. We’ve covered such breaches as KRACK and the Equifax hack in the past, and now we’re reporting on a breaking data breach called Collection #1, which affects nearly 2.7 billion emails and password combinations.

What Exactly Is the Collection #1 Breach?

The Collection #1 Breach was first reported January 17, 2019, by Troy Hunt, a cyber security researcher and operator of Have I Been Pwned (HIBP). Hunt named the breach after the root folder—containing over 87GB of data—that was uploaded to a hacking forum. Comprised of around 773 million unique email addresses and 21 million unique passwords, this information seems to have been gathered from databases of personal information from over 2000 breaches as far back as 2008.

“This number makes it the single largest breach ever to be loaded into HIBP,” Hunt states in his blog post explaining the breach.

While this personal information may not be much use to one-off hacking attempts, the real danger comes with a technique known as “credential stuffing.” Gizmodo explains:

Basically, credential stuffing is when breached username or email/password combos are used to hack into other user accounts. This could impact anyone who has used the same username and password combo across multiple sites. This is concerning as the Collection #1 breach contains almost 2.7 billion combos.

How Do I Know if I’ve Been Impacted?

Thankfully, the easiest way to see if any of your email addresses, usernames, or passwords have been affected by Collection #1 is to use Hunt’s HIBP. You may have even used this resource to know whether or not to change a password after past breaches like Equifax!

Hunt has painstakingly cleaned and entered all data from Collection #1 into HIBP’s (safe) search engine, allowing anyone to securely check if any individual user account information was compromised.

have i been pwnd

How Do I Keep My Accounts Safe from Future Breaches?

The nature of these data breaches indicate decoding of previously encrypted account information like email addresses and passwords. Anderson Technologies recommends protecting yourself with multi-factor authentication (MFA), as well as a password manager like LastPass or Dashlane.

“The only way to effectively deal with it is to use MFA,” says Joe Baker, Anderson Technologies Systems Administrator. “I like the MFA standard of something you know and something you have—you know your password, and you have your phone for authentication.

“Everyone should go to haveibeenpwned.com to check their email addresses. For me, after entering my email, I searched for and found my compromised email and old password in a matter of seconds. It’s shockingly easy to get this info once it’s out there in plain text. If it’s something that you care about, protect it with MFA. If you can’t protect the account with MFA, then don’t use that account.”

If you believe information vital to your business has been compromised (current administrator credentials, for example), immediate intervention can help mitigate further security threats. Senior Systems Administrator Eric Dischert suggests the following steps:

  • Update passwords for all affected accounts
  • Temporarily lock all systems until extent of the breach is known and appropriate steps have been taken
  • Ensure proper auditing and logging are running
  • Determine the root cause, impact, and necessary steps to fix
  • Deliver a public announcement (if industry regulations require it) and prepare for corresponding responses
  • Educate employees regarding breach details and lessons learned

As always, consult with your managed services provider to ensure all these steps are completed thoroughly enough to protect your business from further threat. For more information about Collection #1 and the consequences for your personal information, contact us here or at 314.394.3001.

windows 7 end of life windows 10 upgrade

Countdown to Windows 7 End of Life on January 14, 2020

/in , , /by

While the world celebrated the New Year, Microsoft enjoyed their own major milestone as Windows 10 was finally declared more popular than Windows 7.  Previous iterations of the Windows operating system couldn’t sway many Windows 7 corporate holdouts (Windows 8 and Windows Vista, for example), but for several years Windows 10 has demonstrated the stability and performance necessary to support business users.

More than half of enterprise machines run Windows 10 today. However, many others still use Windows 7. Experts consider these active machines a security risk—not to mention their poor performance due to aging hardware. Now Microsoft is forcing everyone’s hand.  Exactly one year from today, Windows 7 joins other aged operating systems in “end of life,” placing any machines still running it on a deadline.

What Does This Mean for Your Computer and Your Business?

Windows 7 reaches end of life on January 14, 2020. After this date, Microsoft will no longer develop countermeasures or fixes to address new breaches, exploits, viruses, and attacks, leaving Windows 7 computers vulnerable. Some businesses may require a machine to stay on Windows 7 to run legacy software, but these machines should not be connected to the network as they will be a high-value target, giving hackers easy access to an otherwise secure network.

This deadline is an opportunity. Consider it a countdown to more efficient work spaces, more secure transactions, and features that integrate seamlessly with the Cloud and mobile devices. Speed, usability, and security all see major upgrades in Windows 10—upgrades that can make a huge difference for your business.

With the help of a managed services provider like Anderson Technologies, “end of life” doesn’t have to derail you. Is your business still relying on Windows 7? Contact us today to discuss your options for this important transition.

Best IT Firm 2018

/in /by

In December, Small Business Monthly listed Anderson Technologies as one of St. Louis’s Best IT Firms of 2018. Small Business Monthly is a St. Louis magazine that highlights local businesses. We are proud of the recognition in the Best IT Firms category for the second year in a row, and we are grateful to be serving you!

Our team strives to bring professionalism, honesty, and responsiveness to other small businesses with the goal of implementing robust and secure IT solutions designed to meet your needs. The experts at Anderson Technologies know what it takes to keep your business running smoothly.

In the past year, we have grown in service and expertise. Our team of managed IT service providers delivers long-term, enlightened IT solutions for local small businesses and organizations, as well as many out of town clients!

We work with many small businesses in the St. Louis area to provide cyber security protection, cloud storage and backup, and hardware and software consultation. Whether your business is facing ransomware or needs a website design, Anderson Technologies is here for you.

In 2018 we also launched Anderson Archival—sharing our expertise in historical and archival materials to organizations and individuals, backed by the technical know-how of Anderson Technologies.

Being awarded as one of the best IT firms in St. Louis in 2018 is a great honor. We look forward to expanding our business and continuing to serve the St. Louis area. Thank you for your appreciation and support!

If you would like a free IT consultation or if you are in need of a full network audit, please call us at 314.394.3001 or email us at info@andersontech.com.

Infected? A New Phishing Attempt for 2018

/in , , /by

Even managed service providers receive scam emails and phone calls.

These serve as a reminder that education on phishing, scareware, and ransomware is an ongoing process, one that even IT experts need to stay sharp on.

But let’s assume you aren’t an IT expert. How can you best determine the validity of these messages and if they have malicious intent?

As with any learning process, practice is important. You may want to start with our phishing quiz. Know where you stand with gut instinct and some important clues.

Pink phishing lure

Can you spot the phish? Take our quiz today by clicking on the image above!

Whether the attempt is made by email or phone, there is always something just a bit off about a phishing attempt. The phisher may have some accurate personal information—like your name, or the fact that you have Yahoo! email or an AT&T phone account—and see if you’ll take the bait.

It is easy to panic at the threat of suspension or an overdue bill and put aside any unease because of the urgent matter apparently at hand. This is exactly what phishers and scammers hope will happen.

The goal of these calls or emails is to collect even more information about you, fleshing out a profile for future scams, which the phisher can sell to other scammers, or—the jackpot—to collect banking or credit card information and cash in.

Because these phishes do have some truth mixed in, many do fall victim.

False Blackmail

It might sound like an episode of Black Mirror—in fact, the tactics used in this blackmail email are eerily similar to those dramatized in a recent episode of the Netflix series depicting fictional futures—but scammers are now using direct emails as a method to extort information or Bitcoin from unsuspecting users.

About a month ago, Mark Anderson, Principal of Anderson Technologies, received a blackmail email scam. “As you could probably have guessed, your account was hacked, because I sent message you from it,” the scammer began in broken English. They first boasted by showing an unencrypted old password—probably acquired from Yahoo’s 2013 data breach.

The email continued to outline the threat. “Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we’ve created.” This virus, they suggested, gave them access to “messages, social media accounts, and messengers.” This apparently wasn’t enough intimidation for most scam victims, because the email then amped up the threat.

Users all over the internet report similar threats; the scammer creates a scenario that, if true, would serve as ample motivation to give in to their demands. The scammer says that video of the user was recorded while visiting “adult websites,” and that, unless 700 dollars is transferred to the scammer’s Bitcoin wallet within 48 hours, this footage would be released and they would “show this video to your friends, relatives, and your intimate one…”

So, with a relatively low payout amount, and a previously accurate (but very old) password, how did Anderson know this threat was a scam? He knew what they’d accused him of was false, not to mention he didn’t have a webcam as they’d suggested. But other clues included:

  • While the email appeared to be sent from Anderson’s old account, this can be accomplished through spoofing.
  • The password they listed was not the current (or even recent) password for that account.
  • Broken English isn’t always a giveaway but combined with the generic threat, it seemed like a form letter.
  • Googling some of the email text brings up threads of other users exposing the scam. We’ve censored some of the less savory aspects of the original email, but the full text and break down can be read online.

If you receive this email or a similar threat, your first step should be to research the threat online or reach out to an IT expert. Never pay a blackmail, ransom, or other request for money. Instead, update your passwords, run anti-virus and anti-malware scans on affected devices, and consider implementing multi-factor authentication on your accounts in order to bolster your security profile.

Are you looking for an IT expert to help guard your small business from scams like this? Contact Anderson Technologies by phone (314.394.3001) or email (info@andersontech.com) today.