Let’s start with where we are now. History is best told on a timeline, so let’s start from the present. Cybercrime today is profiting over $1.5 trillion each year, and that figure continues to climb. Some have predicted that this figure will nearly quadruple by 2021. Security breaches are up by 67 percent over just the past five years.  

How is this figure climbing so quickly? Well, let’s examine the most popular form of cybercrime: phishing. The method that cybercriminals are using are able to deploy all types of malware, yet also has data-stealing abilities. Whether that data is your sensitive personal information, or login credentials to your bank account, phishing gives a cybercriminal direct access. The worst part for people who have fallen victim, is until something dramatic happens, they are clueless that they have even become a victim. Phishing attacks have led to billions of records being exposed, stolen, or corrupted each year.

Cybercrime has become a real concern for all business owners. So how did all of this start?

The Beginning 

This information Coleman Technologies is about to reveal may be hard to believe, but cybercrime was Bob’s fault. This trillion-dollar criminal trend is the result of a research project held by a man named Bob Thomas. Bob Thomas made the observation that a program is able to move across a computer network, leaving a trail behind. He then proceeded to write a code that was named “Creeper”. This code resulted in a program that was designed to travel between Tenex terminals on the ARPANET. The message that came across? “I’M THE CREEPER : CATCH ME IF YOU CAN”. 

The research project sparked the attention of email inventor Ray Tomlinson. Tomlinson altered this program into a self-replicating one. This resulted in the first computer worm. Immediately after this discovery, he wrote an additional code which was titled “Reaper”. This chased down the Creeper code, and deleted it; which resulted in what was effectively the first antivirus software. 

So how did Bob’s experiment start all of this? Well, in the 1980s Soviet hackers considered the applications of this experiment. Academics designed applications that could be used to infiltrate other networks. This ideology quickly spread, and in 1986 German hacker Marcus Hess hacked into an internet gateway which was hosted at the University of California at Berkeley. This hacked connection was then used to piggyback onto the ARPANET. He hacked into a total of 400 computers, including mainframes hosted at the pentagon. 

How did this turn into such a profitable “business”? Hess planned on selling the secrets found on these computers to the Soviet KGB. Before he was able to do so, he was caught by the group effort put forth by the FBI and the West German government. His conviction was the first of its kind -- cybercriminal activity sentencing. The abnormality of the case resulted in a 20-month suspended sentence. 

At the same time as this was occurring, computer viruses started to become a serious threat. With the exponential growth of the internet, there were more connections that viruses could infect. The virus started to become a real problem.

The Middle

In 1988, Robert Morris woke up and decided he wanted to see just how big the internet had become. Morris, a software engineering student at Cornell University, wrote a program designed to spread across various networks, work themselves into Unix terminals, and begin replicating. The software replicated so quickly that it actually slowed down the early Internet, which caused major carnage. This carnage become known as “the Morris Worm”. Morris’ worm resulted in the formation of the Computer Emergency Response Team, known as US-CERT today. Morris was the first person convicted under the Computer Fraud and Abuse Act (CFAA). This act was introduced with the intentions to protect against unauthorized access. 

After Morris’ worm was handled, viruses began being developed at an absurd rate. The antivirus industry, which started in 1987, began to grow as a result. By the time the Internet was an accessible user-product in the 1990s, dozens of solutions were available to prevent devices from being infected. These solutions scanned the binaries on a computer, and tested them against a database of known virus-code. There were major problems with this protection method, such as the abundance of false positives. They also had a tendency to use a lot of the systems’ resources to scan for these viruses. Remember how slow dial-up used to feel? Your anti-virus could have been the culprit. 

The mid-90’s to late-2000’s were a prospering time for the world of viruses. While the figure was estimated to be a few thousand known viruses in the mid 90’s, that figure was estimated to be around five million by 2007. These different malware strains were either worms, viruses, trojan horses, or other forms. By 2014, 500,000 different types of strains were being created daily. This time truly was the malware boom. 

Who was stopping this boom? Well, nobody. Cybersecurity professionals needed to make an effort. Antivirus solutions simply couldn’t keep up, and while they might detect malware, they had a hard time preventing it. Innovations in cybersecurity developed quickly. First, endpoint protection platforms (EPP) that didn’t just scan for known code, they also scanned for code similarities. This meant that unknown viruses could be detected.

The End?

With advanced malware defeating endpoint protection regularly, it was time to further innovate cybersecurity measures. The timeline innovators had was cut short with the deployment of WannaCry. WannaCry was, at this point, the most devastating piece of malware that existed. WannaCry even shook the world of the most capable security professionals. It encrypted the data on a computer and forced the computer owner to pay in Bitcoin to regain access to these files. This deployment sparked an explosive increase in the cybersecurity industry. It was time for cybersecurity to surpass the capabilities of cybercriminals, instead of being constantly behind.

The only way anyone was able to determine if they were being infiltrated was to have a transparent network. Administrators began using endpoint threat detection and response (EDR) services to monitor their networks. This solution is still cutting edge by today’s standards. While this isn’t the end for cybersecurity, EDR services are extremely capable of keeping malware out of your network. 

If you would like to learn more about cybersecurity, or are interested in keeping your business’ data safe, call Coleman Technologies today. Our professionals can be reached by calling (604) 513-9428.

Any data you collect, you must protect. You might not think your business is big enough (or noteworthy enough) to be targeted by hackers, but the truth is, those are the reasons you are a target. It is estimated that by 2020, more than 24 billion devices will be connected to the Internet, so it is imperative that you follow simple, yet crucial, steps to ensure your data and information are kept safe.

Here are some variables you--and the other people on your network--need to be aware of. 

Phishing

Phishing attacks are some of the most prevalent attacks being made in 2019. Basically, users will send you an email that seems to be from a user the recipient might know. If a user interacts with that email by clicking on a link or downloading an attachment, the phishing scam is a success. A successful phishing scam is a huge problem for your business. 

You will want to train your staff on how to spot and avoid phishing attacks. Phishing attacks have been developed to be subtle and admittedly easy to miss. There are, however, several tell-tale signs that an email is legitimate. Hackers know that the weakest link in any business or organization is the employees. Do your employees know how to recognize an out of place email? It is crucial that you take the time to train your employees the art of phishing identification. 

Secure Passwords

Passwords are the standard in which most people use to keep files secure and to authenticate access to devices, platforms, programs, etc. Understanding what makes a strong password can go a long way toward securing your IT resources. Some best practices include:

• Creating strong, unique passphrases
• Changing passwords frequently
• Using Upper and Lowercase letters, numbers, and symbols

Multi-factor Authentication 

Multi-factor authentication, often rolled out as two-factor authentication, puts an additional step between you, and potential threats to your network or data. You use a password to unlock a 2FA/MFA platform that requires you to get a randomly-generated code from a third-party device to gain access. Since you need a third-party device/account to open the application, account, or device protected by 2FA/MFA, that account is more than twice as secure. 

Applications and Software Updates

In order to say ahead of security attacks, the software you use cannot have vulnerabilities. As a result, patching and updating software is essential to comprehensive security. If you are going to remain secure you will want to be sure to stay up-to-date on your updates. 

How Do I Know If My Systems are Safe?

So, you want to know if you are safe from a cyberattack? To put it lightly: nobody is. By associating security preparedness with cybersecurity and routinely taking proactive, preventative measures to enhance your security position, you reduce the chance that your organization will have to suffer from downtime, data loss, and reputation damage that a data breach would bring your company.

If you would like more tips; or, if you would like to talk to one of our experts about network security, call us today at (604) 513-9428.

Leverage Authentication Measures

One of the first steps to securing your network against threats is to create strong authentication procedures. Most of the devices with permission to access your network will already have an authentication system in place, based on a password. If the passwords used are strong enough, this can actually mitigate most threats - but you still have to worry about the ones that this doesn’t discourage. Leveraging something called multi-factor, or two-factor, authentication can help minimize the chance of something slipping past your security.

Two-factor authentication works in a relatively straightforward way. As with most login systems, a username and password are entered - but instead of being granted access, the user is asked for another credential. This is usually a randomly-generated code that a specialized authentication app will generate. Mobile devices are popular to use with 2FA, as their convenient nature makes them more likely to be available when needed. In order for a user to leverage their mobile device, the 2FA system administrator has to authorize it.

Tip: Make sure that you don’t let your password best practices slip, even if leveraging 2FA. Your passwords still need to be sufficiently complex. If you are one of those who find remembering different passwords difficult, consider using a password management system in conjunction with your 2FA. 

Protecting Your Business’ Computing Environment

Whether you use a Local Area Network or a Wide Area Network, the security practices that you need to deploy are fairly predictable. Once you’ve seen to your authentication needs, you need to combine three approaches to security into one all-encompassing strategy: your software-based security, your physical security measures, and your security awareness and best practice training.

Software-Based Security

There are many examples of how software can help keep your business’ network secure. From firewalls to content filtering to antivirus to spam detection, each of these tools protect your business data from a different kind of threat. You may even want to consider adding encryption to your email solution to make it a lot less likely that the contents of your messages will be intercepted.

Tip: If you aren’t sure which solutions are the right ones to implement, think about how your data moves about your business. The more insight you have into how your data operates, the more effectively you will be able to plan its protections.

Physical Security Measures

Somewhat ironically, we seem to have become so focused on our digital security that it can sometimes seem like we forget that there are very real reasons to protect our physical locations and infrastructure, as well. Consider the damage a bitter ex-employee could do in moments, should they manage to get into your server room. It has become fashionable to leverage biometric authorization measures to protect your server room - and there’s a lot to be said about a good, old-fashioned surveillance system, complete with alarms and cameras (as well as some updates to make this system considerably less old-fashioned).

Tip: Bring in a consulting professional to help you determine your physical security needs. Not only does this save you time by eliminating work you would otherwise have to do for yourself, it ensures that your system will be designed by an experienced professional that knows what will work best in different situations.

Security Awareness and Best Practice Training

Would you be surprised to hear that your employees are likely your biggest vulnerability? Of all of the pieces that make up your network security, the people who use your technology are the leading cause of security issues. With the number of ways that your business could be attacked, your staff needs to be educated on how to identify them and avoid them.

Tip: Both businesses and individuals have experienced difficulties with phishing and it adversely affecting them, so it makes sense to begin your training there. Not only is it a common issue, it is conceptually very simple to grasp, so it is a good starting point before moving on to increasingly complex concerns. The more your staff knows about how they can resist attacks, the more likely they’ll be able to do so if the needs arises.

Remote Solutions Via the Cloud

Modern organizations need to contend with potential threats to their network infrastructures, as businesses always have in some form. The difference is that issues can now come in on the mobile devices owned by their staff, and company resources can be routinely accessed from outside the business’ area network.

This has helped contribute greatly to the growth of cloud computing technologies - although the relative cost savings don’t hurt either. Using the cloud, your staff can access their work data and applications from a remote location, while the resources stored in the cloud are kept secure by the platform’s baked-in security and privacy.

Mobile devices have also been a disruptor to business-as-usual, which means that businesses need to plan on leveraging them if they don’t want them becoming a distraction. Designing a Bring Your Own Device policy and enforcing it through mobile device management solutions is an effective and secure way of reaching a compromise and minimizing the time wasted by mobile devices in the workplace.

Tip: Remember that cloud services are inherently scalable, so you don’t need to worry about overreaching your capabilities. However, you also don’t want to waste capital that doesn’t need to be spent. Auditing your resources is an effective way to identify and eliminate redundant costs leeching from your budget.

Network security can be complicated, but it is an absolutely crucial element to your technology strategy if you want to have any success. Coleman Technologies can help take care of the technical side of things for you, and help teach better habits to your staff. To learn more, keep reading our tips, and reach out to us at (604) 513-9428.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

• Paypal.com - This is safe. That’s PayPal’s domain name.
• Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
• Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
• Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
• Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
• Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
• Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Coleman Technologies. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Unfortunately, most attacks still come in through email, and can slip by your users. Even the most complex cybersecurity platforms used by massive corporations and governments can be foiled by a simple phishing attack, and your end-users are your last line of defense.

How Can an Employee Fall Victim?

Phishing attacks are designed to look real. An email might come in looking like a valid message from Paypal, a bank, a vendor, or even from another employee or client. Hackers use several tricks to make the email look real, such as spoofing the address or designing the content of the email to look legitimate.

Unfortunately, if the user clicks on the link in the email or downloads the attachment, they could open themselves and your company up to whatever threats contained within.

Commonly, this leads to stolen sensitive information, or installs malware on the device, or grants the hacker the ability to log into the user’s bank account.

While having strong IT security can reduce the amount of these phishing attacks that come in, a percentage can be tricky enough to bypass your firewalls and content filters, exposing your staff to situations that could your whole endeavor in

Educate Your Employees

It’s important to teach employees how to catch a phishing attack. We recommend sharing the following steps with your staff, or even printing them out and posting them around the office:

1. Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from Paypal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com.   If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
   1. paypal.com - Safe
   2. paypal.com/activatecard - Safe
   3. business.paypal.com - Safe
   4. business.paypal.com/retail - Safe
   5. paypal.com.activatecard.net - Suspicious! (notice the dot immediately after Paypal’s domain name)
   6. paypal.com.activatecard.net/secure - Suspicious!
   7. paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
2. Check the email in the header. An email from Amazon wouldn’t come in as . Do a quick Google search for the email address to see if it is legitimate.
3. Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
4. Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious.

Phishing Simulation

Another great tactic is to have regular phishing simulations. This is where we create a series of fake phishing emails (don’t worry, it’s safe), and randomly send it to your staff. When someone falls for the attack, we send them educational information to help them prevent being tricked by a real one.

We’ve found this to be very effective, without taking a lot of time out of an employees already busy day.

Are you interested in helping to protect your staff from falling victim to phishing attacks? Give us a call at (604) 513-9428.

Password DOs
Password security doesn’t have to have a nuisance. Here are some of the easiest best practices to follow when building a password.

• The longer the password, the better: Long passwords are better for security than short passwords, but only if the password contains a varied-enough string of characters. You should aim for at least 16 characters.
• Special characters, numbers, and symbols are great for security: A strong password will contain both forms of letters, numbers, and symbols.
• Alphanumerics are ideal: If you’re trying to improve security, use alphanumeric passcodes. Try replacing a lower-case “i” with an exclamation point, or an “a” with the “@” symbol.
• Passphrases work wonders: If you find passwords are hard to remember, a passphrase might help. Use a short phrase that is easier to remember, but difficult to guess. A good example is, “iL0veW@ffle$2much” instead of “ILoveWafflesTooMuch.”
• Password variety is key: It might seem counter-intuitive to use multiple passwords that are difficult to remember, but it’s much more secure to use different passwords for each of your accounts. If the same password is used for each account, all it takes is one breach to expose multiple accounts to risk.

Password DON’Ts
Of course, best practices are more than just what you practice; it also includes what you don’t practice. Here are some pointers.

• Avoid words like “password”: Some of the most common passwords out there include “password” and “notapassword.” You should avoid using these whenever possible, as they are often the first ones to be cracked.
• Avoid key strings like “qwerty”: Strings of characters with consecutive keys, like “qwerty” and “12345678,” should be avoided at all costs.
• Don’t include sensitive information: You wouldn’t believe how easy it is to find sensitive or personal information about an individual--especially if you are the target of a hacker. To make sure a hacker can’t use any information contained in your password against you, avoid using anything like this in your password altogether.

Coleman Technologies can equip your business with a password manager to improve network security and better manage account passwords. To learn more, reach out to us at (604) 513-9428.

Before we go into depth about network and cybersecurity, we’d like to point out just why they are so important. You invest a lot of time and money into making your business what it is. You pay a lot of money for hardware, software, services, and time to give your business a chance to succeed. The act of protecting your business, its staff, vendors, and clients is one that should be taken seriously, because if any are compromised, your business is in trouble.

The Protection of Business Computing

Today’s business uses a computing infrastructure that is much larger and complex than most and includes considerations outside the physical confines of the network. Cloud services have become a very popular product for businesses and individuals alike. Cloud services are hosted in some other place, and by companies that have taken great diligence at securing their solution. For obvious reasons, you can’t guarantee that your cloud-hosted data is 100% secure, but logic suggests that a company offering computing services over the Internet would be in serious trouble if they were to have their security compromised.

These services all have dedicated access control systems that are designed to only let authorized users in. Some organizations also require their staff to utilize two-factor authentication to secure the solutions further.

This brings us to the perimeter of the network. Regardless of a company’s ineptitude with cybersecurity, there is typically some form of firewall that stands between the Internet and the company’s network. If the firewall is properly maintained with threat definitions, it will stop a good amount of unwanted traffic. It’s just not enough. With the immense amount of attack vectors threats are coming from nowadays, a stand-alone firewall is like a single sheet of flypaper in front of a window.

Going the Extra Mile

In order to keep their business’ data and infrastructure safe, many organizations have begun to utilize Intrusion Prevention Systems (IPS). These systems include Intrusion Detection Systems (IDS), software that attempts to block determined threats, and logs network traffic so that IT professionals can go in and see the current state of the network.

For years, this would have been enough technology to keep most threats out. Nowadays, however, it’s really just getting started being vigilant. If you consider your network to be like an onion, you need to understand that each layer needs to have its own set of security protocols that typically come in the form of a dedicated access control system and a firewall.  This way, every “layer” is protected from its perimeter, to the applications, to the databases that hold all your data. This tiered access control system is designed specifically for your needs and is in place to do one thing: protect your assets.

It also works to protect your business against the biggest digital threat on the Internet: phishing attacks.

A phishing attack is where someone outside your network tries to infiltrate it by passing off some form of correspondence as legitimate. It’s all a fraud. Verizon, who does an annual study of cybersecurity, found that around 90 percent of all network attacks are the result of successful phishing attacks. Unfortunately, there is no piece of software out there that will make phishing attacks completely benign. That is why training is so important.

Training Your Staff

Training your staff about phishing (and cybersecurity in general) has to be a priority. You’ve spent a lot of capital and time building what you have, and the thought of losing it because you bullheadedly forged ahead without getting your staff trained up properly could be thought of as shortsighted.

A phishing attack is now the preferred method of hacking. Since security systems have evolved to be hard to crack, hackers now look to use your staff’s legitimate credentials to gain access to your network, applications, and databases. By training your staff about phishing, specifically what to look for, how to react when they come across phishing attacks, and what the consequences of a phishing attack can mean for your company, you should be in a better position to protect your network, infrastructure, and data against the onslaught of outside phishing threats.

To learn more about how to secure your network, train your staff, and acquire the technology you need to protect your business, reach out to Coleman Technologies today at (604) 513-9428.

Birth of the Internet

The first Internet was born on college campuses. It was built by intellectuals, for academics, without the massive list of considerations that now accompany software development. It spread quickly, of course, and somewhere, pretty early on, it was decided that by being able to support commerce, the Internet could become one of the west’s greatest inventions.

This came to fruition in 1984 when the first catalogue was launched on the Internet. This was followed by the first e-store (at books.com) in 1992, and the first software to be sold online (Ipswitch IMail Server) in 1994. Amazon and eBay launched the following year and the Internet has never been the same.

By then, the academic uses for the Internet had multiplied, as well. By the time Amazon launched, many colleges and universities were offering students access to the Internet as an important part of their continuing education. Boy, was it ever.

Today, you’ll be hard pressed to find a classroom (outside of the poorest school districts in the country) where every classroom isn’t Internet-ready.

College Internet Needs and Cybersecurity

This stands true in university and college circles, as well. Campuses today are almost completely connected. You’ll be hard pressed to find a place on a modern campus that, as long as you have security credentials to do so, you can’t gain access to an Internet connection. In a lot of ways, it is the demand for access that makes network security a major pain point for the modern college. Firstly, having to protect computing networks from a continuously variable amount of mobile devices is difficult. Secondly, the same attacks that plague businesses, are also hindering IT administrator efforts at colleges.

Colleges themselves aren’t doing anyone any favors. According to a 2018 report, none of the top 10 computer science degrees in the United States require a cybersecurity course to graduate. Of the top 50 computer science programs listed by Business Insider only three require some type of cybersecurity course. Moreover, only one school out of 122 reviewed by Business Insider requires the completion of three or more cybersecurity courses, the University of Alabama. Regardless of the metric, it’s clear that learning cybersecurity is not a priority for any school.

Are There Cybersecurity Problems Specific to Colleges?

The short answer is no. That’s why it's so important to get people thinking about cybersecurity any way they can. No industry can afford to have the skills gap between people that hack and the people looking to stop them grow any wider. This is why, no matter what you do (or plan on doing) for a living it’s important to understand what your responsibilities are and how to get them into a place that can help your organization ward off these threats from outside (and sometimes inside) your network.

Many colleges have turned to companies like Cyber Degrees to help them not only educate the people utilizing the college’s networks to why cybersecurity awareness is important, but also help people understand that with the rise of cybercrime and hacking-induced malware, that cybersecurity has become a major growth industry with many facets. In 2015, the Bureau of Labor Statistics found there were more than 200,000 unfilled cybersecurity jobs in the U.S. With curriculums not prioritizing cybersecurity, and with threats growing rapidly, imagine how many are unfilled today. As demand rises for competent individuals to fill a multitude of jobs in the computer-security industry, colleges need to do a better job prioritizing cybersecurity training.

For the business looking into protecting itself, look no further than the cybersecurity professionals at Coleman Technologies. Our knowledgeable technicians work with today’s business technology day-in and day-out and know all the industry’s best practices on how to keep you and your staff working productively, while limiting your exposure to risk. Call us today at (604) 513-9428 to learn more.

 What You Need to Know About Cybersecurity

In order to completely understand cybersecurity, you first need to understand what it is, and what you need to protect. Your organization needs to have a cybersecurity structure that covers the following subjects:

• Your Network - Network security strategies typically protect the network and infrastructure from intrusion-whether that be direct intrusion or via the dispersal of malware.  
• Your Applications - Whether your applications are hosted in the cloud or in your own onsite servers, application security protects programs that have access to all your data.
• Your Data - Data security strategies are created to add additional layers of protection to any data you can’t afford to have shared or stolen.
• Your Disaster Recovery - Systems that are deliberately set up to protect your digital assets in case of a disaster need their own protection.
• Policies - In order for you to properly protect your network and infrastructure from your staff, you need to have some very forthcoming policies set out so there are expectations attached to your cybersecurity initiatives.

Let’s take a look at the security makeup of a well-protected business:

The Perimeter

There are several layers to any effective cybersecurity strategy. The outermost layer of any major computing network is, by definition, the parameter (although security professionals today have more considerations to make than ever before). It is essentially the moat around the castle. It typically includes:

• Outside firewalls
• Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
• Data loss prevention
• Secure DMZs
• Antivirus & Anti-malware

One qualification that should be explained is that many organizations look to cloud-hosted solutions to improve organizational collaborative capabilities, reduce capital costs, and to add useful and scalable computing resources, among other benefits. Some IT professionals have stopped using the moat and castle analogy since with cloud systems in tow, the actual perimeter of the network reaches inside the very place that perimeter security is securing against.

In cybersecurity circles, the dedicated secure perimeter strategy has been replaced by the “Zero Trust” strategy. This system is one where validation is paramount. This also makes it very resource intensive. If everyone is a possible threat - which they are - building near-impenetrable defense requires this type of diligence.

Network Security

This layer is what many businesses prioritize. Think of your network as a thoroughfare to all of your applications and data; and, while you still need to design and implement a strategy to protect those systems (more on that later), keeping your network free from obstructions and potential dangers is a must. An organization’s network security includes:

• Access control
• Message security
• Wireless security
• Remote access
• Content filtering
• IDS/IDP
• Additional firewalls
• Software patching
• Data Backup

Network security is crucial for any business because once someone gets access to the network, unless applications, databases, and the like are individually protected, any infiltrator worth his/her salt will be able to corrupt and/or steal the information they are seeking to corrupt/steal from there. This is why it is important that every person in your organization is aware of, and in constant compliance of, static rules that govern your organization’s network security strategy.

Sure, most of the heavy lifting is going to be done by your IT technicians, whether they are employees of your organization or outsourced experts. Putting in place the strategies and products necessary to keep the network safe from the outside, and providing the staff training that’s needed to keep it secure from the inside, are both critical parts of a business’ network security strategy.

Furthermore, in order to really secure your network from harm, you, without question, need to back up your data. Ensuring that you have a workable copy of your business’ day-to-day data is essential for it to stave of ruin in the case it is inundated with a disaster: malware attack or otherwise.

End Points

To the average employee, endpoint security is simply just a part of network security, but for the conscientious organization, ensuring there is endpoint security in place to protect any device that is remotely connected to the business’ network. These include IoT devices, smartphones, and other network attached devices that infiltrators could use to gain access to the computing network. Some of the technology used to protect endpoints include:

• Antivirus & Anti-malware
• Encryption
• Access control
• Device Firewall
• Virtual Private Networks
• Password managers
• Endpoint detection and response (EDR)
• IDS/IPS

Since a lot of organizations subscribe to a Bring Your Own Device (BYOD) strategy, there are often a lot of devices that have to be protected so that the network can be. Today, larger enterprises are routinely attempting to circumvent any attempts at infiltration, but smaller organizations typically use strategies like two-factor authentication to ensure that the people--and devices--that can access network-attached data are safe for employees to access that data on.

Applications

Application security, again, is often seen as an element of network security, but ensuring that all the software that you utilize is properly updated and has had any potential vulnerabilities patched is an important part of securing your applications. The most pronounced strategy used to secure software is patch management, which, like its name suggests, is the act of patching potential vulnerabilities as to not leave holes in your network.

Data

Finally, we get to data. Securing data is often the least priority since most of the other security protocols put in place are put there to do exactly that...protect data. If an organization thinks it needs additional security on its data, however, there are some options that can help keep specific data secure. These include

• Identity & Access Management (IAM)
• Drive encryption
• Data classification

Since every piece of security that you deploy is put in place to protect your organization’s data from theft or compromise, there is a whole other side to data security: education. In order to ensure that your employees don’t put your organization’s cybersecurity efforts at risk, you need to be able to properly train your staff on the best practices of individual data security, and how to approach the outside threats they very well might encounter. Knowledge of how to handle phishing emails and messages, social engineering, and other nefarious practices will always be a benefit to the organization, so prioritizing employee engagement in mitigating threats is essential to any business cyber security strategy.

How does your organization stack up? Do you prioritize cyber security training? Do you secure every layer of your business’ IT infrastructure? If there is any doubt, call the IT experts at Coleman Technologies to talk about how you can better protect your business from data loss, theft, and malware attacks. To learn more call us today at (604) 513-9428.

What’s At Stake?
Imagine a scenario where your business has allowed an external entity entry to your network. What kind of sensitive documents are found on it? Think about all your trade secrets being stolen and sold somewhere on the black market, and that’s not even considering the repercussions of any personally identifiable information being stolen. And when your business has a reputation of network security being poor, you might start having trouble finding people who are willing to work with you. Plus, the fines associated with security breaches could be enough to force your business to file for bankruptcy.

Security Solutions for Business
Generally speaking, the most common security measures you will see for small businesses are enterprise-level solutions that are accessible, yet powerful at the same time. Among these are Unified Threat Management, Virtual Private Networks, and Mobile Device Management. All of these services provide some level of security for businesses that need it, but in different parts of operations. They are all equally important, though, and you should consider each of them to optimize network security.

• Unified Threat Management: A UTM solution combines four enterprise-level solutions into one tool, providing a plethora of protection from online threats. A UTM includes a firewall, antivirus program, spam blocking system, and content filtering solution, all to minimize the chance of threats infiltrating your network and eliminate the ones that do.
• Virtual Private Networks: VPNs are critical to keeping your data secure while accessing it outside the protection of your network. VPNs offer encrypted access to data found on your network, eliminating the possibility of onlookers stealing data while it’s in transit.
• Mobile Device Management: With so many mobile devices in the workplace, it’s no surprise that users are taking data with them while out of the office. Without proper measures in place, data could be put at risk. Mobile device management allows your organization to control consenting devices through the use of whitelisting and blacklisting applications, remote wiping, and user access control. This creates a safety net that your business can fall back on if a device is ever lost or stolen.

Implementing the right security measures can be challenging, to say the least. Coleman Technologies can help your business implement useful new additions to your security infrastructure. To learn more, reach out to us at (604) 513-9428.

With the shift in the manner in which humans interact with machines - and increased number of available machines, it is important to look at how these devices could have an effect on your data security. Today, we look at a few security issues that have popped up with the IoT and how responsible IT administrators can help their organizations ward off these negative situations.

The Things
The things you find in your workplace are honestly not that different than the things you will find in your home, your gym, or any other place you come into contact with smart equipment. There are the ones that the business utilizes, and the ones brought there by their employees. Wearables, like smartwatches, if directly attached to a network, can bring in nefarious code, but for the most part, these devices come with integrated security software (through their OS), and are less of a threat than devices that are left unprotected by their developer support.

The problem businesses have is that it’s against a consumer’s nature to disregard the cool, new devices because they may present a problem for them down the road. So now there are literally billions of smart devices connected to the Internet each day that don’t get any attention. This is largely because the idea of the “smart” life, the one where people are clamoring to be the first in their neighborhood to be using these smart technologies, simply hasn’t materialized, leaving support for older products at a minimum or non-existent. Turns out a small business doesn’t have the available capital to invest in replacing all their technology with smarter technology. So companies (and consumers) are doing it piecemeal. If IoT devices are to become the standard, manufacturers are going to have to find a way to provide IoT devices affordably. There is little doubt that a world where typical products are connected, monitored, and managed is still an inevitability, but that reality hasn’t developed as fast as some people projected.

IoT Uses for Business
The modern business typically tries to use innovative new tools in the most effective manner possible. The Internet of Things, however, may seem like one of those concepts that weren’t built for business use, as the tools that get the most press are smart appliances and energy-saving technology like smart thermostats and smart lights. This couldn’t be further from the truth. In fact, industry experts surmise that nearly 70 percent of all IoT implementations through 2020 will happen in a business setting.

So, what are some of these smart tools that an SMB should consider deploying?

1. Real-Time Data Management - By attaching all of your resources to a network, administrators are able to track every part of your business, whether that be expenses, workflow, hardware, etc.
2. Streamline Supply Chain - For the growing manufacturer, the IoT can become a complete game-changer. By having an IoT system capable of integrating with the complete production, distribution, and procurement processes, it can be free from human error, making business run much more efficiently. This is made possible through the use of data loggers, barcode readers and RFID tags.
3. Remote Worker Management - The IoT is helping connect systems that aren’t typically connected. As a result, the feasibility of having a staff of remote workers has never been more realistic. Companies will be able to reduce turnover, reduce costs, and get higher degrees of productivity out of their resources with the use of IoT-based integrations.
4. Workplace Management - For those businesses that are forced to (or who choose to) employ onsite workers, the IoT can be a major time and money saver. By deploying smart locks, smart thermostats, smart lighting, etc., you can save money and have complete control over how your workplace is setup and managed.
5. Time Management - You know those smart speakers everyone is getting as gifts? They can do a lot. In fact, they can do as much or more that a human assistant. Voice assistants like Alexa, Google Assistant, and Cortana (to name a few) will become important components of the modern workplace over the next few years; and, can function as a central hub of other IoT devices that you use for your business.

IoT and Data Security/Privacy
For the small or medium-sized business, the IoT is all about data; and, the questions that are presented when capturing it. Why, if it’s making things easier, is there this underlying fear about IoT? Whose data is it exactly? What data is helpful/hurtful to your organization?

To answer this, we have to know what exactly an IoT device is.

An Internet of Things device is any device that has integrated network functionality. That’s it. There doesn’t have to be much function to it, and as you’ll learn soon, security isn’t necessarily a priority either. Knowing that, you have to know that when each of these devices is accessed by people, it creates a veritable treasure trove of data. So, in order to properly use IoT devices for your business, you have to do two things:

1. Ensure data goes where it needs to go so it is protected or destroyed.
2. Secure the devices against threats.

That’s it. If you want to protect your network from the threats surrounding IoT devices, you’ll have to understand both the security of your network from the outside, and the integrated security of any device you allow to access your network.

The Threats
There are several threats the IoT can present, but two of them are extreme. The first one is the propensity for these devices to not be secure. Since new smart things are made every day, some of the older smart things will need to be upgraded to stay secure. The problem with this is that many devices don’t have strong support, and don’t necessarily even get updates. This can put your network in a very precarious position. When deciding which IoT devices to allow on your business’ network, you have to know that it comes with the security required.

The other threat is that, today, with so many devices providing access to a person’s sensitive information, lines are beginning to blur a bit as to what is good to use and what is too personal. For example, an employee wears a fitness band and connects it to your business’ network. Of course, all the data from that device is fully able to be captured, but should it be? The job of the IT administrator gets more difficult when they have to decide what data has to stay anonymous and what data is fair to use. This is why many cloud-based IoT platforms will present IT administrators with the ability to encrypt certain types of information. Since not all platforms do this, it is on the shoulders of the IT administrator to make sure they understand that (along with the security of the business’ network) users’ privacy needs to be made a priority.

As the IoT continues its immense growth, people will be utilizing it to improve their lives and their businesses. There is a lot that is misunderstood about the Internet of Things, and a lot that even experts don’t know yet. With its emergence, however, it will likely transform the way small and medium-sized businesses look at their data. For more information about the Internet of Things, visit our blog today.

To get the most out of A.I., we first need to understand why A.I. seems to be the likely answer to a lot of troubles surrounding network security.

What Makes A.I. So Helpful?
Automated systems might be able to help organizations protect a network to a certain degree, but there are a lot of reasons to be cautiously optimistic about their inclusion in modern network security. Considering the lack of technology education in today’s business environment, it can be difficult to acquire the skills needed to protect against high-level threats and implement necessary security solutions. This doesn’t change the fact that security is more important than ever before, though, as more devices are being introduced to networks every day. The more devices, the more likely threats are to surface, and the more difficult it is to protect networks. A.I., backed by algorithms to detect threats, has the potential to improve network security, as well as make the jobs of internal IT departments much easier.

Of course, there are several reasons why A.I. for network security isn’t the best solution. Here are a few of them.

Considering How Threats Are Detected by Artificial Intelligence
How does A.I. detect threats? Even if machine learning gives these solutions the ability to learn over time, it has to start somewhere. A.I. initially identifies threats based on algorithms assigned to them. According to the MIT Technology Review, A.I. is essentially “trained” to detect threats based on tags assigned to specific data sets. The unfortunate side-effect of this is that the programs can essentially be reverse-engineered by hackers if they get ahold of them, effectively giving malware developers the ability to create threats that aren’t identifiable by the majority of automated systems.

Overreliance on a Single Method
With only one way to detect threats, A.I. is quite vulnerable to being exploited, as hackers can simply turn that into their own advantage. This is why it’s so important to have multiple algorithms to detect threats, as only one isn’t going to be enough to keep all threats out of your network. Consider this hypothetical scenario: your office hires a single security guard that keeps watch over the front door of your building. There are no other guards on-site to protect the building, and you don’t have security cameras. While nobody is getting in the front door, what about the other entry points? It’s a simple fact that one algorithm is easily exploitable and far from an ideal security situation.

Coleman Technologies can help your business determine the best security solutions on the market, and they can be combined with our expertise and active monitoring to ensure data security from a variety of threats. To learn more, reach out to us at (604) 513-9428.

Shadow IT
In a lot of ways, productivity is a lot like the thing it produces, money. People will do anything to get more of it. Businesses, have a plan; and, while they also want to maximize productivity and money, they typically don’t put their whole enterprise in jeopardy to get a little bit more of it. Shadow IT is the process in which an employee will download and use a piece of software that hasn’t been tested or passed by a company’s IT administrator to try and get a little more done.

Often times, the employee is just showing initiative, with no real knowledge that by downloading and utilizing a certain off-brand software that they have just put their whole business in danger. This wouldn’t be such a major deal if it was an isolated incident, but studies show that nearly 80 percent of all employees admit to utilizing software that wasn’t selected, tested, and released for use by their IT administrator. These apps may have vulnerabilities that would-be infiltrators can take advantage of. That is why it is important to utilize the software that has been vetted by the company, even if that means losing out on a bit of productivity.

Cryptojacking
There are well over 1,500 different cryptocurrencies, and in 2018 crytojacking, the strategy of using malware to use a target computer’s resources to mine for cryptocurrency was a major problem for businesses. Since this is a computationally complex task, it significantly reduces the computer’s effectiveness and longevity. As a result, cryptojacking has become en vogue for hackers and others looking to mine cryptocurrency without the investment necessary to do it.

Most studies show that the effect of cryptojacking could get way worse in 2019 since the value of cryptocurrency has fallen significantly over the past year. This means more machines mining for crypto are necessary, and thus more attacks. Users are just learning how these attacks are carried out and how to protect their business against them.

Ransomware
While there was a reported reduction in the number of ransomware cases in 2018, it still remains a major concern for any business looking to build a comprehensive network security strategy. Ransomware, of course, is a strain of malware that encrypts parts of or entire computing systems and then demands payment in cryptocurrency in a set amount of time for safe return of the files/access.

Hackers using ransomware have taken to targeting healthcare organizations’ networks for the breadth of the sensitive data they hold on them. They’ve also began to target operational technology systems, since, as with healthcare, costs of restoration of these systems (rather than payment) are prohibitive. This produces a little more urgency to get the problem resolved.

Unsecured Internet of Things
The Internet of Things keeps expanding, but so does the security threats to networks as a result of security-light devices. With more and more devices presenting security problems for businesses and individuals alike, it becomes important to ascertain exactly what devices are present on your network at any given time. Remember, even if a security-less IoT device is connected to a network-attached smartphone, it still offers up a major vulnerability.

While this is a major threat, there has been a push to improve the security of IoT devices as of late. With more security-minded companies developing useful smart products, these concerns will begin to take a back seat. But until that shift has been well documented, you’ll want to be diligent in the manner in which you utilize IoT devices.

Phishing
No business goes very long without getting some type of phishing email. In fact, it is estimated that 156 million phishing emails are sent every day, making it the most used practice by hackers everywhere. The way it works is that since most accounts are secure enough not to be guessed outright, hackers search for ways for people to help them gain access to the accounts they want to get in to. Nearly every successful cyber attack begins with a successful phishing scheme.

A specific example called business email compromise (BEC) which targets specific members of an organization is responsible for over $12 billion in losses across the globe. Once thought to be an email scam that could be mitigated with strong spam filters, today’s phishing scam is taking on a new shape by utilizing text messaging, instant messaging, phone calls, and even the seemingly-benign social media quiz to gain access to business networks.

2019 is lining up to be another stellar year for business technology, and as more tech is used, more threats come with them. If you would like any more information about how to prioritize network security, give our IT experts a call at (604) 513-9428 today.

Of course, it’s not entirely the fault of the user, even if they do represent part of the blame for this. Internet of Things devices are well-known security threats, but it’s largely because of the way they are designed and developed. Even if the user was aware of the security issues presented by these devices, the truth is that there isn’t anything they can do about it barring just not using them outright.

This is due to the fact that the security issues found in Internet of Things devices are built into them, particularly because the developers of the devices don’t build them with security in mind. If you think about it in terms of what they are used to building--devices that don’t have any kind of connectivity--it all begins to make sense. A manufacturer who produces a smart blender isn’t a software engineer or a security professional. Up until that point, they just made blenders, so they had no need for software development or security. Unfortunately, this creates a device that is made with functionality in mind over security, much to the detriment of businesses.

These devices are most vulnerable to threats that could be patched, if only the Internet of Things devices were easily patched by the developer and the user. This isn’t currently the case. It’s practically impossible to distribute patches to all Internet of Things devices manually, so if the developer hasn’t enabled automatic updates, you can forget about the user actually doing it, unless it gets in the way of the core functionality of the device. While this responsibility would fall on the developer, some have also suggested the implementation of unique default passwords, as users often see no need to change the default password on their new device before putting it to work.

To counteract these threats, businesses have to implement measures to keep their networks safe from the wave of additional devices entering the office. Whether you’re aware of it or not, it’s likely that employees are bringing new devices to work every day, whether it’s a tablet or a smart watch. A Bring Your Own Device policy with clear-cut rules on what’s allowed and what’s not will go a long way toward keeping unwanted devices in the workplace, and it can help to provide a general outline for how these devices should be used in the office as well. Remember, it’s about the future of your business, not about inconveniencing anyone.

If your business could use a hand with implementing a BYOD policy, Coleman Technologies can help. To learn more, reach out to us at (604) 513-9428.