cyber security Archives | Anderson Technologies

Posts

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

October 17, 2019/in Data Security, Managed Services, News /by Marcia Spicer

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

Involve all stakeholders in raising cyber security awareness across your organization.
Backup key data regularly and perform scheduled test restores to ensure their integrity.
Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
Leverage internet content filtering to block phishy websites.
Prepare for cryptojacking attacks.
Purchase SMB security suites that include Dark Web monitoring.
Assess your organization’s cyber security policies and procedures and review annually.
Ensure that all third-party partners have cyber security protocols and policies in place.
Build a cyber security incident response plan and democratize key information.
Bind an appropriate level of cyber security insurance to cover your company in case of a breach
Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

3 Easy Ways to Make the Most of Your Firewall

May 7, 2019/in Data Security, General, How To, Managed Services /by Marcia Spicer

Is the mess of cords and cables in your server room weighing heavy on your mind? Whether or not you rely on a managed services provider (MSP) to keep your IT systems organized and in check, you have a responsibility as a business owner to understand the hardware that keeps everything running.

Misinformation about firewalls is one of the most common issues we see at Anderson Technologies. When asked “Do you have a firewall?” most business owners will emphatically respond “Yes!” without realizing that they’re unfamiliar with the hardware that they think is safeguarding their company. That dusty router in the corner of the phone closet or server room probably isn’t doing much more than its job, which is definitely not to protect your network.

We’ve previously written about the differences between hardware and software firewalls, and Anderson Technologies always recommends an enterprise-grade hardware firewall for businesses under our care. But don’t let that be the extent of your knowledge!

Below we’ve compiled a quick guide to understanding the nuances of your firewall and related equipment. By using the tips below, you’ll have an extra level of familiarity when discussing your hardware options with your MSP or teaching your employees proper cyber security protocol, as when striving for HIPAA compliance.

Read more about System Administration from Anderson Technologies here!

Get to Know Your ISP

You might be asking, “What does my internet service provider (ISP) have to do with my firewall?” The answer to this question varies greatly depending on your network setup. When asked about firewalls, many business owners automatically point to their internet modem or router, and misinformation from ISPs and previous MSPs are to blame.

Most home networks don’t have or require a separate hardware firewall, because the modem and/or router provided by your ISP may have a basic one built in—that is, if it’s configured correctly (more on configuration in #2). Businesses, on the other hand, almost certainly require a more robust level of protection in the form of a hardware firewall. Though HIPAA’s security standard §164.308(a)(5) doesn’t explicitly state the particular hardware necessary to protect against malicious software, having a trustworthy firewall can help and is well worth the investment beyond regulation compliance.

Your ISP factors into the firewall equation at a very basic level. After all, if you don’t have an internet connection, what is your firewall protecting? Your MSP can easily adjust things like wireless access points and device connections, but if there’s a problem with the internet itself there’s not much we can do. Whether you’re using your wireless router’s built-in firewall or an enterprise-grade Meraki, that stream of internet flowing into your business relies solely on your ISP.

Along with your IT services provider, your ISP is a partner and resource when it comes to the technical workings of your business. Always have your ISP’s contact information handy in case a security or performance problem is coming from the foundation of your network—the internet itself.

Configure, Configure, Configure!

Configuration is a term that tends to scare those who don’t consider themselves “tech-savvy,” but at its root, configuration is nothing more than telling your devices how to work.

Think about it this way: when you bring your new smartphone home, it won’t have any of your personal settings or information. Maybe the menu text is too small to read, or the brightness and sound aren’t set to your liking right out of the box. Fixing these settings may take some general knowledge about how the phone works, and possibly some investigation and deduction. But once you’ve changed all the settings to fit your lifestyle, the phone will be working for you and not the other way around.

Configuring your firewall and other network equipment works pretty much the same way, but with nuances that might require outside IT services. Firewall configuration determines which user accounts can manage the firewall’s settings, which computers can access different layers of confidential data, and any other restrictions you need to implement. After this, your firewall will know exactly how to act in a way that meets your business’s individual needs. Guides on configuring your firewall on your own aren’t difficult to find, but when it comes to your business’s firewall, if you feel unsure about how to program it, consulting with a professional is recommended.

Bolster Your Network—Inside and Out

Businesses are prey to targeted attacks more than ever, according to Symantec’s 2019 Internet Security Threat Report. Cyber criminals are stealthier in how they infiltrate networks and know how to take advantage of any weakness. Your firewall serves as your network’s dedicated bodyguard, but what is a bodyguard without backup when trouble arises? Supplement your firewall with both inside and outside reinforcements.

Network protections from the inside include intrusion prevention systems (IPS), robust antivirus/antimalware software, and protective buffers like Proofpoint or multi-factor authentication (MFA). If a cyber threat circumvents the firewall by entering your network from the inside—such as from unregulated permissions or compromised or unpatched software—security software can mitigate the damage. Inside protection also includes ransomware detection and data backups in case the worst happens.

What about protections outside your firewall? Those can be more difficult to implement, if only because they deal with the most vulnerable factor in any security network—humans. Email filtering tools (like Proofpoint) and internet content filtering software (CFS) can screen most of the potential threats that present themselves to your employees. But all it takes is one employee opening one spammy link from a spear phishing email, and your whole network becomes victim to a targeted attack. Everyone on your team needs to have the same awareness, goals and training because firewalls can only do so much on their own.

Firewalls are amazing investments that can save your business hundreds of thousands in the long run by preventing devastating cyber attacks. It’s important to know what’s going on beyond all those cables, circuit boards, and blinking lights. And when someone asks if you have a firewall, you’ll be able to confidently point out the device and know your network is protected.

Anderson Technologies is always here to answer any questions you may have, regarding firewalls or other cyber security topics. Contact us today here or by calling 314.394.3001.

Hardware Firewalls Strengthen Cyber Security Protection [Updated for 2018]

December 11, 2018/in Data Security /by Anderson Technologies

Does your organization or small business have a firewall?

The answer is “yes,” right? If you use the internet, you’ve got to have a firewall! Don’t computers come with them?

Our 2017 audit of St. Louis small businesses found that, while most of the businesses and organizations we surveyed did in fact have a hardware firewall, 100% were not operating optimally. According to a 2018 Sophos whitepaper, 84% of survey respondents agreed that lack of effective application of firewalls was a serious security concern.

A number of businesses think their answer to the firewall question is “yes,” but after investigation, the real answer is revealed to be “not at all” or “only a software firewall.”

Unfortunately, lack of firewall awareness is a trend that continues into 2019.

Firewalls, one of the most important facets of digital security, are often misunderstood and frequently taken for granted. In computing, a firewall is not a wall meant to confine fires within a building, but a digital wall meant to segment networks and protect sensitive information.

Are you beginning to wonder about the state of your firewall? The rest of this article will serve as a brief primer on firewalls, including six questions to ask your IT division or managed services provider to discover just how well that firewall is doing its job.

Hardware Firewall vs. Software Firewall

With hackers, viruses, ransomware and malware compromising computer systems worldwide, every small business needs a hardware firewall. Firewalls provide enhanced IT security to protect your technology from attack, blocking unauthorized access while still allowing legitimate users access to the systems and data necessary to perform their jobs. They are an essential part of any properly designed IT protection plan.

But why a hardware firewall?

The problem with software firewalls is that they exist on the same network where sensitive data is stored. A hacker hitting this firewall has already penetrated your network. Yes, the software firewall does offer limited protection for a single computer, but it is nowhere near enterprise-grade. A hardware firewall, on the other hand, is a completely separate piece of hardware that stands guard at the perimeter of the network and prevents access.

Once you can confidently answer “yes” to having both a hardware and software firewall in place, keep your business safe by asking the following six questions about your firewall.

Six Questions about Your Firewall

Is my firewall really protecting me?

Anderson Technologies performs an infrastructure analysis at the start of every new client engagement, and we’re surprised by the number of businesses vulnerable to cyber security risks. This is often due to the lack of a firewall (when the business owner thinks they have one) or insufficient and/or out of date configuration of an existing firewall, which results in inadequate protection of systems and data.

Can it handle the latest security threats?

Because new cyber security threats are developed and launched every day, your firewall’s firmware needs to be continuously updated. It should be tested on a regular schedule to ensure that security flaws are patched by the manufacturer and protected against the latest threats.

Is my firewall monitored?

Firewalls are not a “set it and forget it” device. Ongoing monitoring of a security appliance like a firewall is vital to understanding what kind of threats your business is exposed to and how often intrusion attempts are made. Knowing if and when your system is under attack allows you to marshal the proper response. Monitoring provides this valuable insight.

Does its configuration both protect my vital systems and allow my employees to do their work efficiently with minimal interference?

Many firewalls are installed with limited configuration and too often are set to the manufacturer’s defaults. This can lead to cyber security vulnerabilities, unnecessary exposure, and business risk. Firewalls must be configured for the particular business environment they are being installed within to provide maximum security with optimal functionality.

Is my firewall running effectively?

Blocking malicious attacks requires a firewall to perform many system-intensive background tasks. It needs enough processing power to not only handle the internet provider’s speeds but also efficiently run necessary protection processes while maintaining optimal performance. If your firewall is older, it could actually be causing a “bottleneck” on your network and slowing down your business’s productivity.

Is my firewall equipment up to the task?

Not all hardware firewalls are created equally! Some manufacturers garner industry recognitions and awards for their security technology and constant innovations while others do the bare minimum. The latter companies lack enterprise-level support and fail to update their hardware to protect against the latest evolving threats. Make sure you have the right equipment to protect your business.

If you can answer these six questions positively, your firewall is likely performing well and protecting your systems and data from attack. If not, we’d love to help. If you suspect your business is vulnerable to attack and would like assistance analyzing options and developing a secure firewall solution, schedule a consultation by contacting us or calling 314.394.3001.

MFA – An Extra Layer of Digital Protection

October 1, 2018/in Data Security /by Marcia Spicer

What do logging into Netflix from a new device, updating your PayPal account, answering questions about your first car before accessing your iTunes, and withdrawing money at an ATM all have in common? Authentication!

The National Institute of Standards and Technology (NIST) creates guidelines for passwords and the software that requires them, which Anderson Technologies has previously discussed. Technology is still changing to adopt these standards, so it is up to us to take cyber security into our own hands—and that includes business security practices. The most commonly used and overlooked of these measures is password safety and authentication.

Hackers are great at keeping up with technology, so as consumers and business owners, we must keep up with it as well to stay safe. Multi-factor authentication (or MFA) has been around for years, and it’s so common that we take advantage of it more than we might realize. MFA remains one of the strongest defenses surrounding our digital lives.

What Does MFA Look Like?

You’ve probably already encountered MFA without realizing it. Any website that utilizes verification codes or emails is using a form of MFA. A task as simple as changing your Apple ID requires MFA to confirm the new information. IT Glue describes instances of MFA that don’t involve technology at all, like showing government ID to verify your identity.

MFA as it applies to your business’ safety most often takes the form of software that requires a user to provide two forms of evidence proving they are authorized to access the system. This includes security codes, verification emails, security questions, and biometric software. However, it is not necessary to contact your bank or insurance company to initiate MFA. Applications like Google Authenticator or Authy can be attached to countless logins by connecting your account information.

What does this look like for the user? Validated access to your account (your email, for example) is established with a unique QR code or numerical key that securely connects your mobile device. From that point forward, logging into the site requires not just your standard user name and password but also a randomized six-digit code available only on your device. This code refreshes every 30 seconds for even greater security. Many sites that store confidential data—think Intuit or IT Glue—require connecting your account login with an MFA application of your choice.

Some sites and servers have their own internal methods of verification, and other MFA methods may require special hardware. These are useful for businesses and organizations that use specialized systems to access confidential databases. This includes cashiers logging into their retail system or technicians scanning an ID card to pull up your file during a dentist visit.

What Are the Benefits of MFA?

Once hackers get their hands on your login credentials, it’s easy to mine data from your other accounts. MFA acts as a barrier to the hacker by assuring the identity of the user attempting to login. By using a secure method of authentication like Touch ID or Face ID on your smart phone, unless an unauthorized user has your fingerprint or face, it’s impossible for them to authenticate using your device.

MFA is beneficial for companies who have employees on the go or working remotely. Using multiple layers of authentication allow remote employees to securely access encrypted data from unfamiliar networks and devices.

What Are Some Challenges to Integrating MFA?

Resistance to change is one of the tallest hurdles when integrating MFA into your business networks. Though MFA usually uses devices your employees already have (like their smartphones and watches), the extra steps needed to gain access can seem superfluous. Some people see MFA as inconvenient or time consuming; however, this is rarely the case when using simple applications.

MFA goes hand-in-hand with the Zero Trust security model, a tool that requires authentication at every step of the login process. New security concepts can be challenging to introduce in the workplace but like all new plans of action, eventually the multiple verifications will become second nature. Your company will greatly benefit knowing all data is secure.

You and your employees may find it valuable to coordinate with a managed services provider when integrating MFA to internal networks, especially if your needs require special enterprise-grade hardware. An IT support team can provide training to ease the transition for your employees, some of whom may be hesitant or feel they don’t have the time to properly implement MFA.

With a little practice and an IT team behind your business’s transition, MFA doesn’t have to be intimidating or bothersome—and the benefits are great. For more information on how to keep your business safe using MFA, contact Anderson Technologies today at 314.394.3001.

Don’t Hold the Door Open for Cyber Criminals

June 12, 2018/in Data Security, News /by Anderson Technologies

Here in St. Louis, you’re likely to hear people saying they’re heading to Bread Co. for lunch, even if Panera is the sign above the restaurant. That’s because to St. Louisans, Panera will always be Saint Louis Bread Company. But recently, residents were relieved the St. Louis name wasn’t attached to Panera’s recent cyber security blunder.

On April 2, Brian Krebs of security news website KrebsOnSecurity broke the story that customer data from Panera’s loyalty program—including names, email and physical addresses, birthdays, and the last four digits of credit card numbers—was available through an insecure API on their website. Worse yet, Panera had been notified about the defect eight months prior in August 2017 and did nothing to resolve the problem.

Cyber security researcher Dylan Houlihan found the flaw in Panera’s API and, after confirming the extent of the problem, contacted Panera’s cyber security team. He notes that reaching out to Panera was difficult as there was no information available for who to contact if security holes were found. Panera’s response was less than stellar. In Houlihan’s detailed account of their communication, Panera’s director of information security, Mike Gustavison, was suspicious of him, and after receiving proof of the problem, took several days to reply that they would work to resolve it.

Except they didn’t.

Every month, Houlihan checked to see if the flaw was fixed, only to see that customer data was still unprotected. Finally, in April 2018, he contacted Krebs to make the matter public and force Panera to respond. They did. Within two hours Panera claimed they patched the problem.

Except they hadn’t.

Krebs continued to monitor the website and found that, while the information was no longer accessible to the public, if a member logged into their free Panera account, they could still exploit the flaw. He also discovered that it extended to other parts of Panera’s business, such as the catering website.

After the negative media coverage, Panera took down its website and patched the problem properly. In a tweet following the incident, Krebs estimates that up to 37 million accounts could have been made public because of this flaw. While there is no evidence yet that malicious agents accessed the data, this was still a terrible security breach.

How Often Does This Really Happen?

It’s easy to lose the details in light of Panera’s poor response and subsequent inaction, but accidental data breaches from misconfigured hardware or software happen far more often than you might imagine.

March 6, 2017: River City Media left more than a billion email accounts exposed to the public, some with personal information. Also exposed were detailed records of their own illegal spamming activities. The problem—no password protection on the backups.
June 19, 2017: Deep Root Analytics left millions of Americans’ addresses, birthdays, phone numbers, and political views on a variety of topics open to the public. The problem—misconfigured user permission settings.
October 3, 2017: A National Credit Federation cloud storage bucket was found to be open to public access, revealing personal, credit, and financial information of tens of thousands of its customers. The problem—misconfigured user permission settings.
October 6, 2017: An Alteryx cloud storage bucket was found to be accessible to anyone with a free Amazon Web Services account. It exposed personal data, Experian marketing data, and US Census data for more than 123 million American households. The problem—misconfigured user permission settings.
April 9, 2018: A flaw similar to Panera’s was discovered in P. F. Chang’s rewards website. The problem—an insecure API.
April 23, 2018: After rebuilding their website following a ransomware attack, MEDantex’s new customer portal contained abilities intended only for employees, including accessing confidential patient records without authentication. The problem—a bug on the website.
May 17, 2018: LocationSmart’s demo feature is found to be able to track the location of almost any cell phone without the user’s consent. The problem—an insecure API.

What Does This Mean for a Small Business Owner?

These examples of private, financial, and personal information leaked unintentionally serve as a warning to all business owners. While there’s a sense of poetic justice that River City Media revealed their own criminal activities by forgetting to add a password, the truth is, not all data you could reveal belongs to other people. You can be a cyber threat to your own business.

Few businesses can run day to day without some amount of personal, customer, or vendor data stored either on their network or in cloud storage. The technicalities of properly configuring security for these electronic databases can be daunting, but even when things appear to be simplified for you, all it takes is one open port, one missing password, or one unsecured application for the door to your data to be left wide open.

This is why it’s vital for businesses to have their systems set up by IT professionals and to perform network security audits routinely to ensure both the hardware and the software are configured correctly. It’s not enough to simply hire an IT consultant once and assume your system is secure. Files get moved, employees are hired, and new hardware is installed—all leaving room for new settings to supersede old ones, or worse, be forgotten all together. A network security audit performed at least annually gives you peace of mind that your cyber doors are tightly closed and locked.

What Should You Do to Protect Your Business?

While it’s crucial to know how to avoid opening the door to criminals, knowing how to respond to a breach is just as important. Here are a few simple steps you can take to avoid or address an accidental data breach.

Hire IT professionals to set up all hardware and software. Your customers trust you to be the expert in your field, so trust the IT professionals to be the experts in theirs. Make sure all your hardware and software have been properly configured from the start.
Perform annual network security audits. Just because you configured everything correctly, doesn’t mean it will stay that way. Your business changes all the time, so it’s best to check the doors and windows before someone else notices they’re open.
Know your hardware. Many business owners don’t realize what’s in their hardware closet. Can you point to your hardware firewall with confidence? Are you certain it’s the correct type for your business? Ask an IT professional to review your hardware with you so you understand what you need and how it works. Doing so will improve your ability to spot potential problems.
Have a way people can contact you about problems they find. One lesson learned from the Panera breach is how important it is that people can contact you with problems they’ve noticed. Many security researchers who find flaws due to misconfiguration just want you to know about the issue so it can be resolved. Make sure they can get in touch. Larger companies should have separate contact information specifically for security issues to keep them from being lost with other routine technical issues customers might have.
Respond quickly to any problems found. Don’t wait eight months or for public embarrassment to sound the alarm before responding to an accidental data breach. If you act swiftly, your data may still be kept safe. In many accidental breaches, the problem was found not by criminals but cyber researchers.

No company wants to find themselves in a situation like Panera’s, so make sure your network security is done right. If you’d like to learn more about configuring your systems or to schedule a network security audit, contact Anderson Technologies by phone at 314.394.3001 or by email at info@andersontech.com.

“The Russians Have Hacked into Our Computer…” – Human Behavior and Cyber Security

May 8, 2018/in Data Security /by Anderson Technologies

Here at Anderson Technologies, we’ve reported on a wide variety of topics to help keep you and your business’s technology safe from harm: breaking news on security breaches like the Equifax hack and KRACK, password security tips, the importance of firewalls, and many more. But sometimes preventing trouble isn’t about the hardware or software you deploy—it’s about your people.

We all know someone who has fallen victim to a phone or email scam. Many of us have received a desperate call from a friend or family member trying to undo an unknowingly self-inflicted intrusion on their personal or financial information.

A member of the Anderson Technologies team recently received this harried voicemail from a family member:

“The Russians have hacked into our computer, and we’ve been on the phone for half an hour or so with India. The guy’s helped me reestablish my password but he thinks we should do some further work and maybe take the modem to the Apple store.”

From an objective perspective, this scam appears obvious. Why would the Russian government want to hack your personal home computer? How did these “tech support” guys get your information to call you and fix the problem? Thankfully, no permanent damage was done in this particular case, but you may find yourself wondering who could fall for such a transparent scheme.

Scammers target unsuspecting consumers and use data gathered from the web to build trust and elicit the missing pieces needed to access private account information. But how do these choreographed schemes apply to your business?

It’ll Never Happen to Me

Who do you picture when you hear the words “scam victim”? Several common stereotypes come to mind. The Better Business Bureau (BBB) released a comprehensive report that breaks down the perceptions we have about scam victims. Their 2016 survey shows that most people inaccurately predict scam victims to be older, retired, or less-educated blue-collar workers or women.

If you don’t fall into those categories, it’s still too soon to consider yourself safe! Thinking scammers won’t hound you because you are (at least in your own mind) an improbable target leaves you exposed and off guard.

For this we can blame optimism bias, or the tendency for individuals to believe they are less likely than others to be vulnerable to negative events. Even when the BBB or the Federal Trade Commission (FTC) releases accounts and warnings about the thousands of scams reported each day, in-the-know readers might react by thinking these threats don’t apply to them. Do you think you’re too smart to be fooled? What would you have that a hacker would want anyway? A quick skim of some unsuspecting person’s scam story, and you’re back to your usual technological habits.

“It stands to reason that individuals who believe they are not at risk will be less receptive to efforts to provide protective information,” says BBB’s marketplace scams report. “Media coverage, with victims shaped to fit squarely into these categories, risks being digested by the public simply as intriguing ‘real life drama’ affirming their beliefs.”

What the statistics show, however, is that all consumers are equally at risk. Some scams do target the “typical” grandmother or otherwise negligent prey (more on those tailored cons below), but the BBB research found that the groups at highest risk of losing money to a scam are college-educated individuals between the ages of 25 and 54. An estimated 90% of scam incidents go unreported, which goes to show how the inaccurate stigmas surrounding scam victims have infected our culture. No one wants to admit they were tricked.

But We Have a Firewall!

Personal consumer scams may not seem like they’re much of a threat to your business. Like any physical crime, cyber crime can’t gain access to your business unless there is an open door or a breach of some sort, such as when someone opens an email or picks up a phone. Who your employees share information with on their own time may not seem to be your concern as a business owner, but good personal practice translates into a stronger, safer business.

Cyber crime is changing. Phishing and spear-phishing campaigns are some of the most commonly-encountered scams by businesses, and they’re now more dangerous than ever. Hackers and scammers seek larger payouts now instead of quantitative scale. Rather than targeting individuals as they’ve done in the past, scammers are now narrowing their crosshairs to strike organizations. No business, large or small, is safe.

Hacking into your business’s hardware systems or networks is only one way to gain unauthorized information. Dedicated spear-phishing tactics use data mined from public accounts and web activity to target specific departments or employees. The only thing that separates personal consumer scams from business scams are the lies the criminal uses to try to break down your barriers.

Scammers often take advantage of brand familiarity and emotional response. Unexpected messages from a random email address or blocked phone number are much easier to ignore than a seemingly safe communication from the Yellow Pages or UPS.

One scam that aims directly at businesses is the “Directory Scam.” Employees receive a call from a well-known or non-existent agency requesting business information to update their directory. When your employee provides them with your business’s address and contact information, they send a fake invoice for the “service” and, if questioned, often fire back with edited audio from their previous call that “proves” your employee accepted the charges.

Another targeted hustle that’s gained steam over the last couple of years is known as the “Grandparent Scam.” In this case study, the victim receives a call from a scammer who claims to be his grandson needing bail money. This scam may seem ridiculous, but many have fallen victim to it because the caller knows the names of the grandparent and child as well as other personal information that would encourage one to believe they’re telling the truth. The scariest part about this scam is that the scammer called this victim at his place of work, further illustrating that public data on the web is available to anyone with the knowledge to find it.

What Steps Can I Take to Protect My Business?

BBB is one of many organizations to provide a checklist of actions to take against common scams. While most of the lists aren’t geared towards business owners, many of the habits suggested perform double-duty in both your professional and personal life. Anderson Technologies has a few tips for applying that knowledge specifically to your financial livelihood:

Keep an open dialogue with your employees and vendors about cyber security practices. Educating employees—Anderson Technologies has covered employee cyber security education in the past and takes it very seriously—protects their well-being as well as your business’s.
Educate yourself about what kinds of scams you or your business might encounter. BBB has compiled a thorough list here.
Be wary of email attachments. If you didn’t request it, you probably shouldn’t open it.
Use technology to your best advantage. Know how firewalls, anti-malware software, secure browsing, and network safety can benefit your business.
Develop a system for inspecting invoices. If you’re a larger company with many different clients and vendors, it’s easy for rip-offs to fall through the cracks.
Ask your IT provider about resources that can keep you safe. There are many programs that do some of the background work for you: NoMoRobo, LastPass, HTTPS Everywhere, Proofpoint, and so many more! Some of them are free, and others are not. Talk to a professional to determine the best investment for your business.
Question everything. Zero-trust practices can be employed over time, making universal authentication easier for everyone involved.

“The Russians have hacked into our computer” example at the top of this article is one of hundreds of similar scams permeating every demographic, consumer and business alike. In hindsight, it may be humorous to imagine someone getting so caught up in the urgency and persuasiveness of a slimy scam artist. However, when it’s happening, you or your employees may truly believe your business is at stake.

For more information on avoiding scams that target you or your business, download our free cyber security eBook or contact our team today.

How to report scams:

FBI: https://www.ic3.gov/default.aspx
BBB: https://www.bbb.org/scamtracker/us/reportscam
FTC: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
Microsoft “Tech Support” Scams: https://www.microsoft.com/en-us/reportascam/?locale=en-US

Use Managed IT Services to Handle Common Tech Problems

4 Common Tech Problems Impeding Your Business’s Growth

April 10, 2018/in Managed Services /by Anderson Technologies

Like most business owners who live and breathe their enterprises, you and your long-time employees are probably familiar with the quirks and qualms of your office technology.

Does one of the front-desk workstations sluggishly boot up at the beginning of the day or frequently crash? Do your mobile devices only pick up a wireless internet connection on one side of the office? Simply coping with these issues costs your business valuable time and money.

Without a consistent framework for growth in place to manage your technology, your business may face unnecessary challenges preventing it from reaching full potential. This was the case for the corporate office of a large property management company based in Florida that manages many residential properties throughout the southeastern US and Arizona.

Having grown from a start-up to midsize company in just a few short years, the company inherited a significant number of legacy IT systems and hardware from acquisitions. It didn’t have a scalable platform to support further growth. “We’d been growing very quickly and didn’t have a solid foundation for IT,” says T.R., Vice President of Finance and Administration. “As we acquired new properties and hired more people, we decided we needed one standardized system that met all our business requirements and was available to all employees. We couldn’t afford to continue with a mix-and-match approach. It wasn’t efficient.”

“It also became clear that we needed someone to manage IT on an ongoing basis,” says T.R., “not only for the right functionality, but also for security and helping us make the right choices.”

When T.R. contacted Anderson Technologies, it was not only to bring on a managed IT services partner to handle an expansive company network, but also to build a platform that could be used to efficiently onboard new properties for years to come.

Principal Mark Anderson worked closely with T.R., first evaluating the corporate headquarters’ immediate needs. The two also discussed to what extent Anderson Technologies would be involved. “At first, we looked at using a consultant,” says T.R., “but we quickly realized that we need more than just a part-timer who is ‘on call.’ We needed someone who was willing to take ownership.”

Anderson quickly identified areas where the company had learned to cope and where radical improvement was needed. With the help of Anderson, T.R. and his team became aware of how legacy infrastructure adversely affected the company’s operations.

Four common technology problems came to the forefront after an initial assessment.

Unreliable and Slow Internet Connection

One of Anderson’s first priorities was helping T.R. get their internet up to snuff. “The company network was completely wireless, and they were paying for a 300 Mb connection,” says Anderson. “However, their laptops were only getting anywhere from 1 to 12 Mb. Abysmal!”

From VoIP telephone services dropping or not receiving calls, to slow access to vital documents, a temperamental internet connection has many costs. Inconsistent access or frustrated clients may result in lost sales and wasted time.

Not only was the network unreliable and slow, the entire network was running on a single wireless router provided by their internet service provider—a router without an enterprise-grade firewall. “We had an unsecured network that really didn’t have any kind of firewall on it,” explains T.R..

Anderson recognized the office’s physical environment was greatly impacting the network’s performance and reliability. “They were in a high-density office building,” Anderson says, “so tons of businesses were fighting each other for clean Wi-Fi.”

Wired connections to stationary devices proved a perfect solution. Hardline connections aren’t subject to severe weather or frequency interference. Anderson says, “Unless you hammer a nail through it, the wire in the wall is good forever.”

Maintaining a wireless option was still important to the company. Employees who travel to the properties need an internet connection for their laptops and mobile work devices while they’re at corporate headquarters. To give them the wireless support they need, Anderson Technologies installed a Meraki device, an enterprise-grade wireless network and security appliance.

“What’s great about our Meraki solution,” says Anderson, “is it automatically detects channels with lots of interference and auto-selects the cleanest one. The speed is now dramatically improved.” After Anderson Technologies’ intervention, its wireless devices now regularly see 250 Mb instead of 1 to 12 Mb!

Outdated Hardware

T.R. had many remote employees who work on machines that should have been retired years ago, not realizing their equipment barely qualifies as home-grade. This was especially the case with many of its more mature properties. Every property operated under varying technological standards. Machines at some properties were still running Windows Vista!

“We’ve grown really quickly through acquisition,” says T.R. “Elena [a member of the Anderson Technologies team] helped us put together a survey of all our hardware [at different properties]. She made sure that we knew what was out there and made recommendations for replacement.”

Because the organization was growing so quickly, discovering this information and securing recommendations was vital. Anderson Technologies got “everyone onto hardware that actually works for what we need,” according to T.R.

The recommendations ensured that not only was hardware up to date, but they were enterprise-grade and protected against today’s cyber security threats.

Inconsistent Email Configuration

Beyond building out the company’s hardware and network infrastructure, Anderson Technologies also took charge of internal organization. When onboarding new properties, T.R. noticed wildly disparate email configurations. “It was clear that the way it had been configured wasn’t right and there were downsides to continuing to use it,” says T.R.

The answer for these disparate systems was to migrate everything to a single Office 365 environment. This system of tools and applications enables every employee to work on the same cloud infrastructure. Office 365 also houses the company’s email, and moving forward as new properties are acquired, they’ll be seamlessly integrated into the primary email domain.

In concert with Microsoft’s Office 365 platform, Anderson Technologies’ remote monitoring and management platform makes a difference when it comes to IT support and rapid issue remediation. “It’s the right solution for us,” T.R. says.

Missing a Strong, Multi-Layered Backup Solution

With the corporate headquarters located in Florida, natural disasters such as hurricanes are a concern to the company. While Tampa was largely spared from 2017’s Hurricane Irma, elsewhere in Florida, more than 58,000 insurance claims were filed for commercial property and business interruption.

“One of our biggest potential IT risks is data loss,” says T.R. “I wanted to make sure that our financial data is covered by a real-time backup solution.”

Anderson installed a Datto device that serves as a standalone server backup with a redundant cloud backup to Datto’s two geographically dispersed data centers. This way, if a disaster hit corporate headquarters, the local data infrastructure could be almost immediately virtualized and made accessible online via Datto’s proprietary cloud platform.

When T.R. and his colleagues discussed whether a managed IT service provider was right for them, it became clear that the IT solution Anderson Technologies provided was exactly what they needed. “It’s nice to have somebody who’s monitoring the status, health, and warranty of everything out there to feel much safer against any kind of threat,” says T.R.

What seemingly inescapable tech problems plague your business? Are there issues that may be affecting your speed and efficiency? Are you ready to utilize managed IT services to find out? Let us know by requesting a free consultation today, or call 314.394.3001 to speak with a member of our team!

Build a Cyber Security Sandwich and Keep Your Business Safe

Quotables: Building a Cyber Security Sandwich with Common Sense (Home Business Magazine)

April 2, 2018/in Quotables /by Anderson Technologies

Check out Mark Anderson’s recent guest contribution on Home Business Magazine, an article that uses a sandwich analogy to explain the benefits of a multi-layered cyber security approach!

Read the full article on the Home Business Mag website.

https://homebusinessmag.com/management/how-to-guides-management/building-cyber-security-sandwich-common-sense-defending-small-business-deliciously

Are you in need of expert IT consulting? Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses. Let us help you today! Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables? This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.

Zero Trust IT Service Model Keeps Your Network Safe

Trust No One: The Anatomy of a New Security Model

March 27, 2018/in Data Security /by Anderson Technologies

The world of information technology sometimes feels like an old seafarer’s map showing monsters lurking in deep waters and warning, “There be danger here.” The digital world doesn’t need to be so melodramatic, but no company should ignore the warning that danger is all around.

From ransomware to malware to hackers stealing private data, businesses need a strong IT infrastructure to protect against these threats. Zero Trust Architecture, or the Zero Trust model, is a highly secure method of protecting your data that has gained popularity in the last few years. It switches up the traditional idea of “trust but verify” to “never trust and always verify” and can be implemented over time with existing technology.

What Does Zero Trust Mean?

Zero Trust is exactly what its name implies. Trust no one entering your network no matter where they are located, whether from the security of your office or logged into the unsecured Wi-Fi of a hotel. John Kindervag, creator of the Zero Trust model, refers to the danger of the current system as “relying on a broken trust model” where there is a consistent failure to verify when a person accesses the system from a trusted source. Once the user, harmless or malicious, is past the perimeter security, they become a trusted user and have access to the network.

The Zero Trust model eliminates this danger by having no trusted source or trusted user that could be overlooked in the verification process. All traffic, anywhere in the network, is subject to segmentation, authentication, and verification. According to the Zero Trust model:

All resources should be accessed in a secure way regardless of location or user.
No user receives access to all information. Strictly enforce access to information on a need-to-know basis.
All traffic going into or out of the system is inspected and logged in order to catch malicious traffic.

What does this mean? Imagine your system is a battleship. Inside, there are hatches that can be sealed to cut off a breached part of the ship so the whole vessel doesn’t sink.

In the current popular method, all the hatches are open once you make it inside the ship. The only barrier is the outer hull, the perimeter security of your system, and you can move freely throughout the ship without reauthenticating.

In Zero Trust, every hatch on the ship is closed, and you must have the proper access codes to open each door. Once you’ve proven yourself, only the room you need information from is opened, all other hatches remain closed and protected. In order to get to information you’re not supposed to have, you’d have to break through each door one at a time, all while someone is monitoring your movement through the ship.

Via network segmentation and next-generation firewalls, Zero Trust uses existing security features such as multifactor authentication, analytics, encryption, security groups, and file system permissions to secure all information and allow in only those who have proven they should have access.

How Should I Start a Zero Trust Model?

Zero Trust is more than just the technology—it’s a way of thinking about who has access to your network. Trying to overhaul your entire system to a Zero Trust model in one go would be expensive and confusing and could lead to downtime that your business can’t afford. It also requires a great deal of technological know-how, IT security, and consistent management in order to give appropriate access to the correct people for the intended information.

For most businesses, when implementing a Zero Trust model, start small. While a complete overhaul would be costly, Zero Trust features can be easily adapted into current systems in pieces and, over the course of several years, be built into all areas of a business’s systems. Many new features of business technology, such as cloud services, already work well with the Zero Trust model and can be easily adapted.

Any business wanting to begin the move to a Zero Trust model should identify a small piece of their system, such as customer personal identifying information or credit card information, and institute segmentation and authentications around that information. You can then build your Zero Trust network from there over time.

Allow Managed Services to Bring Zero Trust to You

The Zero Trust model is a good way to secure your information, but if you don’t have your own IT department, it can be a challenge to implement. Zero Trust requires more than an IT company to set it up, walk away, and leave it to run. It will take time and constant adjustment to bring your current network into a complete Zero Trust model. A managed IT services company like Anderson Technologies is the best way to ensure your business is moving toward a Zero Trust model. Managed IT services can offer:

equipment set up
implementation
maintenance
employee training (most important)

For a small business, taking the time necessary to figure out IT improvements like this on your own can hinder the daily running of your business. Don’t let security get in the way of serving your customers. Zero Trust eliminates the threat of trusting too much but only if properly installed.

For more information about moving toward a Zero Trust model, contact Anderson Technologies by email at info@andersontech.com or by phone at 314.394.3001.

Outdated equipment are a cyber security vulnerability

Quotables: 32 Cybersecurity Experts Predict Threats and Trends for 2018 (phoenixNAP)

March 19, 2018/in Quotables /by Anderson Technologies

Check out Amy Anderson’s recent guest contribution on phoenixNAP providing readers with insights to help protect data and secure businesses long term!

Read the full article on the phoenixNAP website. Amy’s quote is number 24.

https://phoenixnap.com/blog/cybersecurity-experts-threats-trends

What are Quotables? This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.

Posts

Latest News