Coleman Technologies Blog

Upgrade Your Hardware and Migrate Over Your Data

Unfortunately, this option has two considerable downsides: it’s going to be pretty darn expensive, and since there is a very limited amount of time to get it done, you’ll likely have to pay even more to expedite the process. Furthermore, despite the professionalism and skill that our consultants at Coleman Technologies will bring to the table, rushing this normally slow and controlled process is bound to create complications. Sure, Windows Server 2008 R2 and Windows 7 may still work, technically speaking, but it will only become harder to find the other components that play nicely with the software you rely on - not to mention riskier to even attempt.

Before you bite the bullet and replace all of your hardware, you may have the option to simply upgrade the solutions present in your infrastructure already. Windows 10 has a few fairly attainable benchmarks. They include:

• Processor - 1 GHZ or faster
• RAM - 1 GB for 32-bit or 2 GB for 64-bit
• Hard disk space - 16 GB for 32-bit or 20 GB for 64-bit
• Graphics card - DirectX 9 or later with WDDM 1.0 driver
• Display - 800 x 600 resolution

Having said that, these are the minimum points for Windows 10 to work, so don’t expect your users to break any records using it with those specifications. Instead, we recommend that you have a dual-core processor rated to at least 2 GHz, anywhere from 4-to-8 GBs of RAM, and a 160 GB hard drive at the minimum.

Virtualize Your Data Via the Cloud

Of course, you also have the option to simply use virtualized solutions, rather than acquire new in-house hardware. Not only are virtualized servers more cost effective than purchasing a new in-house system, you have much more flexibility in the types of servers you can host. Microsoft Azure, for instance, offers virtual machine capabilities that cover the gamut of a business’ needs.

It also should be said that virtualization also assists with budgeting for your IT, as the purchases you would have made otherwise are turned into predictable operating expenses, rather than a pricey capital expense; plus, with services like Azure, your solutions are maintained as a part of the cost, so when compared apples-to-apples, virtualization could easily be the less-expensive option for you to go with.

Empower Your Team with Microsoft 365

Admittedly, while Microsoft 365 won’t do much to resolve your difficulties with Server 2008 R2, you can implement it quickly, which helps when you’re trying to beat an End-of-Life deadline. As it offers a comprehensive assortment of key solutions--including Windows 10, the Microsoft Office 365 productivity suite with Microsoft Teams, Outlook, and OneDrive--supported by the tools you need to keep your data secure and under your control, you could certainly do worse than implementing Microsoft 365.

Microsoft 365 Business takes these benefits even further than other cloud systems, while never losing sight of the productivity benefits that you are looking for from your business’ chosen solution. Additionally, with easily scalable licenses, this is likely a great choice for your organization to implement.

While Windows 7 and Server 2008 R2 were once the standard for businesses to utilize, those days are long past. Don’t let their lack of support create problems for your business. Call Coleman Technologies today to ensure that all of the solutions that you leverage in your operations are able to serve you well. Give us a call at (604) 513-9428 to learn more.

Connecting Your Office

The modern office functions a lot like the office of twenty years ago in terms of networking. Most of the time, endpoints connect to switches that connect to routers that connects to servers and the internet. This has been the way it has been for a couple of decades. Sure, the technology itself has been improved drastically, bandwidth dwarfs older connection speed, but all-in-all it is pretty similar to the way that office networking has been structured for some time. 

One major change is the reliance on Wi-Fi. Wireless internet provides a more flexible work environment, giving staff a better ability to collaborate through the use of mobile devices such as laptops and smartphones. The integration of wireless connections necessitates the integration of security infrastructure and policies that work to keep unauthorized entities off of the business’ computing network. 

What Is Changing?

You can count on one hand the inventions that have had the type of impact that the Internet has had on modern society. It’s no secret that there is a worldwide push for ubiquitous Internet access. This push will no-doubt be felt inside the offices of businesses big and small for years to come. There are new considerations coming to the forefront of networking technology. Some of which promise to change the way networking works. These include:

Improvements to Wi-Fi

Wi-Fi 6, or 802.11ax, upgrades the current highest-speed Wi-Fi available, 802.11ac. It brings a substantial improvement in efficiency across all current Wi-Fi bands, including older frequencies, such as 2.4 GHz. The biggest improvement Wi-Fi 6 brings is it increases the density of devices that can co-exist in a single space, increasing the networking speed on all devices. 

Additionally, Wi-Fi 6 will improve performance by supporting packet scheduling that will make for dramatic improvements in power utilization by mobile devices. This will improve the wireless experience for every user and will substantially improve the way the Internet of Things is leveraged in the workplace. 

Improvements to Wireless Mobile Networks

If you haven’t heard about 5G yet, you will. The fifth-generation wireless network is going to be a game changer. Wireless carriers are beginning to roll out 5G slowly and manufacturers have balked at going all-in on building 5G devices, but soon 5G will be the predominant wireless Internet platform and it will change everything. 

5G will bring improved speed and battery life to smartphones and expand high-speed Internet for home users.

For the business, 5G will have less of an impact, but it will have one. 5G fixed access will be a useful option as a WAN connection for organizations that have multiple branches. Additionally, as 5G rolls out, it will present more opportunities for organizations to leverage the Internet of Things in new and useful ways.

Smarter Networking

In managing a modern network, administrators need powerful tools to be able to make everything play nice together. This type of coordination, especially as new wireless technologies take hold, needs to happen in real time. Businesses will start to use machine learning to learn more about all aspects of their network. In doing so they will be able to prioritize the efficiency of their networks. 

Machine learning, a type of artificial intelligence, will help push this along by optimizing network performance, enhance security, and do it at a reduced cost. It accomplishes this through strong pattern identification that will reduce the amount of time and effort spent by administrators on issues that aren’t critical in nature.

The immediate future will see gains in the way businesses and individuals are able to share, collaborate, and produce. If you are looking for some more information about innovative new networking technologies and how they can work to help your organization, call us today at (604) 513-9428.

While we wish we could show you how to really accomplish true privacy on Facebook, the only way to actually reach that threshold would require you to have never signed up in the first place. This doesn’t mean, of course, that there is nothing that you can do now to protect your information - sharing more cognizantly and keeping it within circles you trust.

A Few of Facebook’s Issues

Like we said, Facebook has seen some pretty egregious security issues during its time. While we aren’t going to go too far into the weeds with these events, a quick summary might help to illustrate how careful users should really be as they use the platform:

• In 2007, Facebook introduced a feature that would allow companies to track purchases made by users and notify their friends of what they had purchased… without requiring any consent from the user.
• In 2011, the FTC charged Facebook for allowing private user information to be accessed by third parties, making this private information public without any notification.
• In 2013, Facebook introduced a Donate button that would allow users to make charitable contributions to such organizations. Unfortunately, a bug in the code allowed the email addresses and phone numbers of over six million users to be leaked.
• In 2014, Facebook actively experimented upon their users, testing their ability to manipulate their emotional states with the content the user is exposed to. Depressing content was prioritized to see if they could elicit depressed feelings. As it turns out, they can.
• In 2015, Facebook took action to assuage their users’ concern for their privacy, and rolled back the access that apps had to user data… but one has to wonder, just how much were applications privy to before this rollback?
• In 2018, Facebook suffered a massive data breach, losing the data of 50 million users. In response, Facebook did nothing… that is, until their reputation started to suffer. It was only then that they responded to the underlying issues.

Unfortunately, concerning events like these happen far too regularly to Facebook. There just seems to be difficulty in keeping their user data secure. This is why you need to pay particular attention to the settings on your own Facebook profile. Let’s go over how your information can most effectively be protected by ensuring these settings are configured properly.

Configuring Your Facebook Privacy Options

On your desktop, log in to your Facebook account. At the top-right of the page, there will be a small down arrow. Click it to access a menu, then click Settings.

You will be brought to another page, with Privacy in your list of options. Click into it.

From here, you can set your privacy options that restrict who has access to your information. For example:

Public - Setting your privacy to public is effectively turning off your privacy options. Not only can all other Facebook users potentially see your profile, even people who aren’t signed in could access it. Hypothetically, this means that the search engines could find you are well.

Friends - This setting restricts viewing privileges to only your confirmed Facebook friends.

Friends except… - If there are particular friends or members of a particular group who shouldn’t see certain information, you can prevent them from seeing this on their Facebook.

Only me - This means that (outside of Facebook) you are the only person with access to what you have posted. Just to be safe, we recommend that you still refrain from sharing anything that you wouldn’t be comfortable sharing publicly.

You also have the ability to choose the audience for each individual post. While this may give the impression of improved control over your privacy, the biggest threat to your Facebook security is probably Facebook itself.

Of course, that doesn’t mean that you aren’t given plenty of privacy options to play with. Let’s go over some of them now:

Who can see your future posts? This setting establishes a default privacy setting for the content you post on Facebook in the future. This helps insulate you from sharing content out to those who shouldn’t see it.

Review all your posts and things you’re tagged in. By using the Activity Log, you can review the entirety of your timeline and manage the permission settings of past posts. You can also review posts you have been tagged in from here.

Limit the audience for posts you’ve shared with friends of friends or Public. This is a semi-nuclear option when it comes to locking down what you’ve posted in the past. By clicking Limit Past Posts, you can change all of what you posted publicly or to friends of your friends to only be accessible to those on your Friends list. Fair warning - Facebook doesn’t provide any way to revert this, so you would have to go through your posts by hand to change them back if you so wished.

Who can send you friend requests? Depending on your preference, you have the option of picking between Everyone or Friends of friends. Unlike many of the other settings on this list, leaving this set to Everyone is probably okay.

Who can see your friends list? On the other hand, there is no reason that the rest of the world needs to see who you are connected with on Facebook. Setting this to Only me will keep this information between you and Facebook, nobody else.

Who can look you up using the email address you provided? Do you want someone who has your email to be able to find you on Facebook using it? Most likely not - so restricting this to Friends or Only me is probably in your best interest.

Who can look you up using the phone number you provided? Again, it’s really your call whether or not to allow Facebook users to find you via your phone number, but it really isn’t that necessary. You’re fine setting this to Friends or Only me.

Do you want search engines outside of Facebook to link to your profile? This one really depends on your situation. Facebook can work to prevent the assorted search engines out there, including Google and Bing, from indexing your profile (allowing searchers to find it). Most people will likely want to switch this off, but if your personal brand is part of your business, it makes more sense to turn this option to Yes.

Dictating What Others Can Do On Your Personal Facebook Profile

We all have embarrassing friends, and so you may want to avoid having them be able to freely post content to your wall - for instance, your college buddy Greg seems to have no problem with sharing candids from the good ol’ days… and tagging you in them.

Potential situations like this make it all the better that Facebook gives you control over who can post to your timeline, and who can see this content. You can access your many options to do so by clicking into Timeline and Tagging (which can be found on the left side of your Settings).

Who can post on your timeline? Naturally, you will definitely want to put a limit on this, as there is no reason that a total stranger should be reaching out on your personal profile. This is why it makes sense to only allow your Friends to do so - or, perhaps you alone with the Only me setting.

Who can see what others post on your timeline? This setting will largely depend upon who you have permitted to post on your timeline. If your Friends can post to your timeline, you definitely want your Friends to be the only ones who can see it - assuming you don’t want to maximize your privacy (and hedge your bets) with the Only me setting.

Allow others to share your posts to their stories? Ask yourself: do you want anything you post publicly to be shared by your Friends? If so, leave this one enabled.

Who can see the posts you’re tagged in on your timeline? Tagging can be an incredibly useful thing for someone trying to cultivate an image as an engaged thought leader, but it can also hurt your reputation, never mind your privacy. If people keep tagging you in assorted posts and you’d rather the public at large didn’t see these posts, you can keep these posts to your Friends, or even to Only me.

Review the posts you’re tagged in before the post appears on your timeline?
Alternatively, this is likely the best option for someone looking to be visible via tagged posts, while still remaining in control of which posts that are linked to them. Basically, you can be notified if you are ever tagged in some Facebook content, and can opt whether or not it will appear on your timeline. Fair warning - any mutual friends you have with the person who has tagged you will be able to see the tagged content before you have a chance to review it. Regardless, it is best to keep this setting on.

Review tags people add to your posts before the tags appear on Facebook? Again, this is something you’ll want control over, so set this to on as well.

Managing Your Public Post Settings

Again, from the Settings page, click into the Public Posts option on the left-hand side.

Who Can Follow Me - Rather than adding users as Friends, public figures can provide the option to just be followed by interested people. If you want to give the public at large this option, set this to Public. Otherwise, you can keep your posts among your Friends by setting this to Friends.

Public Post Comments - Or, who can comment on the posts that you’ve shared publicly. It is probably best to keep this restricted to either Friends, or perhaps Friends of Friends.

Public Profile Info - Some facets of your Facebook profile are generally available for anyone to see (like your name and profile picture). Who do you want to be able to comment on your profile picture? Keeping this capability restricted to your Friends or - maybe - Friends of Friends is probably best.

How Much Do You Want Facebook to Know About Where You Are?

Facebook has the capability to track your location history. While this information isn’t shared with your Friends or followers (beyond letting your Friends know that you are nearby), the only real reason we could come up with for Facebook to track this is to be able to target you with ads more effectively. Hopefully, that’s the reason, but even so, it is better to be safe than sorry. After all, Facebook has a history of data security missteps.

Again, starting from the Settings page, click where it says Location on the left-hand side. From there, you can see what Facebook already knows by requesting to View your Location History. However, to disable this, you’ll need to use the mobile application.

Using the Mobile Application to Turn Off Location

From the app, access the 3-bar hamburger icon (found at the top-right), and scroll down until you see Settings & Privacy. From there, you should access Privacy Shortcuts, where you’ll see a new area with various settings and documentation regarding Facebook’s identity controls.

Find Manage your location settings (you shouldn’t have to scroll to find it). Once there, you should:

• Turn off Location History (found in Location Access)
• Turn off Use Location (in Location Services)
• Find and disable Background Location

While you’re at it, you may as well delete your existing Location History.
Again, from within Privacy Shortcuts, select Manage your location settings and then View Your Location History. You will be asked for your password, and then you will see another 3-dot menu in the top-right. From there, you should Delete all location history.

Take note: if you post a photo with your location tagged, or check into some public place, you may be allowing Facebook access to your location data again.

Yes, this is a lot to take in.

Thank you for sticking with us for so long! We hope this helps you to secure your personal privacy on what is known as the social network. To learn more about protecting your privacy and information, geared more toward your business, reach out to Coleman Technologies at (604) 513-9428, and make sure to subscribe to our blog.

That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.

To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.

Your Security and Privacy Options

From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.

Verify the Accuracy of Your General Account Settings

Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.

Find Out Where You’ve Used Facebook with Security and Login

On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.

If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.

Change Your Password

While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.

Remember, you should never use a password for more than one online account.

Using Two-Factor Authentication

After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started. 

You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.

Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next. 

Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.

If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.

Add a Backup

Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.

Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.

Setting Up Extra Security

Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.

You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.

Stay tuned for part three of this series, coming soon.

Cyber Security Protection for British Columbia Businesses

No Business is Exempt; It’s Time to Take IT Security Seriously

Is Your Data Safe?

Consider how much of your business operations rely on computers - you store your business and customer data digitally, including financial accounts, personal information, and other specifics. Unfortunately, while this data is clearly invaluable to your business, do you know who else would find your data valuable?

Cybercriminals, that’s who.

Cyber security is the approach that businesses take to ensure that their data is protected against theft, breaches, or other threats by cybercriminals and user error, leveraging a variety of solutions and practices to accomplish this goal.

What Does This Mean for Your Business?

How would you respond if a business you entrusted your data to had betrayed that trust and neglected to protect it? Probably not well, and the same goes for everyone whose data you possess. They would feel the same way if you failed to protect their data. Allowing a cyber security incident to happen, either through neglect, negligence, or naiveté, will only bring you trouble. For instance, you will likely have to deal with:

• Upset clients and customers
• Time lost notifying those affected 
• Regulatory backlash
• Severe reputation damage
• Financial repercussions and reparations
• Bad press
• Litigation

Obviously, none of these outcomes are good, and should be avoided.

Let’s Protect Your Business

We Can Help You Meet and Exceed Industry Compliances and Protect Your Business, Staff, and Customers

These days, just having antivirus and a firewall aren’t enough to protect you from the majority of cyberattacks. That’s why we offer fully managed, always-on, enterprise-level IT security solutions to keep your business safe.

• 24/7 Network Security
• Unified Threat Management
• Content Filtering
• Spam Protection
• Mobile Device Management
• Email Encryption
• Access Control and Password Policies
• Penetration Testing
• Software Updates
• Staff Training

For help with any of these considerations, Coleman Technologies is here for you. Reach out to us to have a conversation about how your cybersecurity should take shape by calling (604) 513-9428, or filling out the form on this page.

What Does Facebook Know About Me?

Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.

You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.

Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.

On a desktop or laptop:

1. Log in to your Facebook account.
2. Click the down arrow on the top right and go to Settings.
3. On the left, click Your Facebook Information.
4. Facebook will present you with five options. Look for Download Your Information.
5. Click View, Facebook will give you a screen where you can choose the date range and format of the data. Since we want to download everything, we’re going to set the Date Range to All of my data and set Media Quality to High. This will give us a higher quality version of all of our photos and videos in the download.
6. Click Create File and Facebook will start building the download. This can take a while, but Facebook will give you a notification when your data is ready for download.
7. Once Facebook gives you the notification, click it and Download your data.

From the Facebook mobile app:

1. Tap the 3-bar hamburger icon in the top right of the app.
2. Scroll down and tap Settings & Privacy, and then tap Settings.
3. Tap Download Your Information.
4. Leave all of the options checked, and scroll down. Ensure the Date Range is set to All of my data and that Media Quality is set to High.
5. Tap Create File and Facebook will give you a notification when the data is ready for download.

The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.

Now that the report is available to you, click on Your Facebook Information.

Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.

Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.

Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!

So, How Much Does Facebook Know About Me?

When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.

Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.

What Does This Mean?

While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.

This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.

You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population. 

This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.

September

9/5 

Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.

Facebook - Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.

9/16

Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.

9/27

DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked. 

9/30

Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.

October

10/17 

Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more. 

10/21

Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 

10/22

Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.

10/26

Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.

10/27

Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.

November 

11/9 

Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 

11/16 

Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after. 

Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 

11/18

State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.

11/19

Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.

11/22 

T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.

Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.

With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.

Mobile malware is not new. It has been around since people used flip phones, but it doesn’t get the attention that the malware that targets Windows PCs do. This is mainly due to it being a little more rare, but if you are the unfortunate recipient of it, it can cause a lot of the same problems. 

Many people won’t consider it simply because of the way they use their device. A person’s smartphone is with them around the clock and they don’t often use it in the same manner as they would a PC. This doesn’t mean that there aren’t major threats that can users can be exposed to. Let’s take a look at each major mobile OS.

iPhone Malware

One of Apple’s favorite marketing strategies is to point out that iOS is the safest mobile operating system. They actually do a commendable job, but devices running iOS aren’t always completely safe, especially on “jailbroken” devices. By not doing this, which is a way to avoid a lot of iOS’ built-in security restrictions, you will be much more secure. 

Another risk that iOS-run devices run into is called a zero-day hack. The zero-day hack target devices haven’t received a security update after the security update has been released to the public. One major issue that users have with iOS security is that there aren’t a lot of ways to prevent issues. Apple itself does a lot of the heavy lifting. Their platform’s success depends on them keeping their reputation, so having trust in Apple to keep your device secure is not without its merits.

Android Malware

Android is a completely different situation altogether. With more devices comes more malware, and with so many different manufacturers making (and supporting) their various versions of Android, it gets a little dicey.

Android is much more flexible than iOS, which is one of its main benefits, but it can also be problematic when it comes to keeping the device secure. For example, if you want to install an application that’s found outside of Google Play, you can, but any negative situation you get into as a result is on you. It is also possible to jailbreak an Android device, which can override some of the built-in security restrictions.

There have been situations where installing apps off of Google Play have caused problems. Google has had to play games with app developers to keep some serious threats off their store. It just means that users need but it has become clear that it really comes down to the user being careful with what they install. It’s not normal for malware to be attached to Google-sponsored apps, but it has happened, so if you are an Android user, you don’t have to be too careful if all of your software comes from Google.

How to Protect Your Smartphone from Malware

Keep App Downloads to Major App Providers - Both Android and iOS feature their own app stores, Google Play Store and Apple App Store, respectively. Even though Android devices can install applications that aren’t on the Google Play store, modern smartphones make this a little more difficult by making users acknowledge that they are putting their devices at risk by doing so.

If you refuse to jailbreak your phone, and you only install applications that are thoroughly vetted, positively reviewed, and come directly from the Apple App Store or Google Play, you will greatly reduce the risk of infecting your device.

Don’t Get Phished - Many of the most insidious threats today rely on user error. Phishing attacks are an annoying example of this. A user will get a legitimate-looking email from some account they actively use and will be directed to submit login credentials. Unfortunately, the email account is spoofed and on the other end is potential disaster.

Install Anti-malware - You have antivirus software for your PC right, why not get it for your mobile devices? Most providers have Android apps and can go a long way toward protecting your device from harm. 

Enact Policies - If you are a business owner and your employees use their personal devices to do work-related tasks, it’s a solid practice to establish an end-to-end mobile device policy. You can require users to enable security options like device locking and encryption, and since this gets set up on your network, the device (and therefore the user) has to comply with any requirement’s your IT admin requires. 

We have a dedicated plan to help all of our clients maximize their data and network security. If you want to talk more about it call our consultants today at (604) 513-9428.

1. There’s an Unexpected Attachment or Link

It’s one thing to get an unexpected email from someone, it’s completely another thing entirely to get an email from someone that includes an unexpected attachment or link. Neither of these is a good thing. Attachments can easily contain hidden malware files, and links can be disguised with very little effort.

Don’t believe me? Try visiting google.com. Go ahead!

Not exactly what you were expecting, eh? Keep in mind that you can double-check links by hovering your cursor over them, and if you weren’t anticipating an attachment, don’t click it unless you have confirmed its legitimacy through some other means.

2. The Sender’s Email Seems Off

It isn’t uncommon for scammers to disguise a fraudulent email address by making it look at lot like a legitimate one would. For instance, let’s say that you normally worked with a business vendor, hypothetically named “Super Business Supplies.” A scammer might send you an email from “sales (at) superbusinessupplies.com.” Looks pretty okay, until you notice that there’s one fewer ‘s’ than there should be. Scammers can get downright devious with these replacements, replacing “Amazon” with “Arnazon” and other blink-and-you’ll-miss-it tricks.

In short, read carefully.

3. There are Other Questionable Elements

While that may be a very vague tip, it is only because there is such a wide variety of warning signs that an email is actually a phishing attempt. For instance:

• Spelling and grammar errors. Look at it this way: would you anticipate a company like Microsoft, or Google, or the likes of such to send you an email riddled with mistakes? Of course not, so if you receive an email that purports to be from a company of high repute, but features these kinds of errors, red flags should be going up.
  
  
• Time-sensitivity. One of a scammer’s go-to tools is to put their target off-balance, especially by pressuring them into immediate action. If you receive an email that offers you a great deal by acting right now, or threatens to shut down your account unless you act right now, the first thing you should do is pick up the phone and call up the organization or individual that sent the email.
  
  
• Requests for personal information. Similarly to any messages that rely on cultivating a sense of urgency, you need to look at any emails that request personally identifiable information, access or financial credentials - really, any data that you and your company rely on - with a critical eye. This is another case where calling to confirm is probably your best bet.

Email can be an extremely helpful business tool, but it can also be an equally useful tool for cybercriminals looking to victimize your business. Coleman Technologies can help you secure it, with best practices and practical solutions to lock it down. To learn more, reach out to us at (604) 513-9428.

Here, we’ve put together a list of suggestions for the different kinds of coworker you might have to provide a present for.

The Health-Conscious

Let’s face facts - the desk jobs that are typical of the office aren’t exactly the healthiest ones in the world, so there are plenty of gifts that are intended for the office worker who wants to fight the battle of the bulge.

From numerous standing desk and converter options, to chairs that require active sitting (like those big inflatable balls you sit on) or are specially designed with ergonomics in mind, to elliptical machines that fit under a desk, you have your choice of means to help decrease sedentary behavior in the naturally-sedentary office environment, or at least minimize its impact.

Want to take the more affordable route? Look into posters with yoga positions or rolled up yoga mats that can be stowed away. If your office has an outdoor space, a few outside gifts like frisbees, jump ropes, and hackysacks might be a big hit.

While you may not be able to give your coworker the ability to avoid the snacks in the break room, or the extra cupcakes that Susie from Human Resources brought in from her daughter’s 7th birthday party, you can at least help them fight off their effects.

The Productivity-Minded

We all have that coworker who likes to keep themselves as organized as possible, as the more organized they are, the more productive they can be. There are many gifts that may be perfect for such a person, especially with the new year following so closely behind the holidays. For instance, a personal calendar or planner is a popular tool that many people use, especially those who prefer to find it easier to remember their responsibilities if they record them in analog, rather than digital format.

Alternatively, you might consider getting such a person a means of keeping their space uncluttered and organized, such as an attachable storage shelf for their desk, or a case to help them keep their various peripherals, dongles, and doodads organized and easily portable.

Of course, one of the most common ways to boost productivity is to add an additional display, so you always have the option to invest in any of a variety of products that can accomplish this. There are additional monitors for both desktops and laptops, of course, but there are also docks that can turn a mobile device into an additional, interactive display. Of course, these can be pricier than a gift for a coworker should perhaps be, but there are also options with a much less considerable price tag - like a wireless phone charger or similar device.

The Fidgeter

We all have that coworker who tends to think with their hands - that person who needs something tactile to help organize their thoughts. This is a fairly easy person to buy a gift for, as there are plenty of “desk toys” out there that you can find - fidget spinners, levitating tops, and magnetic balls just being the start.

One word of warning - unless your coworkers are always listening to music while they work, or are exceptionally patient, you will probably want to make sure whatever tchotchke you decide to give someone is minimally disruptive. Otherwise, your gift may result in issues down the line.

Of course, you don’t necessarily need to give gifts that are just for the office. It’s always fun to get a more personalized gift for someone to use in their personal life, as it means that you have really gotten to know your coworkers.

What was the best gift you ever got from an office gift exchange? What would you hope to receive now? Share it in the comments - you never know, someone might see it and give it to you!

1. report to the Office of the Privacy Commissioner (“OPC”) breaches of security safeguards involving personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach of the security safeguard creates a real risk of significant harm to an individual or individuals;
2. notify the affected individuals about those breaches; and
3. keep records of all breaches.

What you might not be aware of is that these data breach obligations apply to your business even if it is your third-party data processor who suffered the actual data breach. Additionally, if your business transfers personal data to a third-party for processing, your business is legally obligated to ensure appropriate contractual terms are place with that third-party to protect the personal data while in the possession of the third-party. 

Do You Use Third-Party Data Processors?

If you have a business, it almost certainly engages third-party service providers to process its data. For example, if your business uses any cloud services, you have engaged a third-party to process your data. Cloud services include things like online data storage, webmail, social networking websites, online business productivity applications, and software-as-a-service offerings. Any time you collect personal information about an individual (e.g. your customers or employees) and store that information in the cloud, you have engaged a third-party to process personal data thereby triggering legal obligations under PIPEDA.

It is important to keep in mind that third-party data processors are not limited just to cloud services providers. Processing does not necessarily require the application of a computer. For the purposes of PIPEDA, processing is better understood as a use of personal information by a third-party service provider where the third-party did not directly collect the personal information from the individual who is the subject of the personal information, but instead received the personal information from the organization (e.g. a business) that directly collected the personal information and obtained consent to use the personal information for the purposes that the third-party is now carrying out on behalf of the organization (i.e. the entity that originally collected the personal information).  Consequently, a third-party data processor could be, for example, a third-party call centre you engage to contact your customers about important product information, a payroll company that provides your business with payroll services,  or an insurance provider that provides group benefits to your employees.

Who Is Responsible In The Event of a Data Breach

It would be reasonable to assume that if your business transfers personal information to a third-party for processing, and that third-party suffers a data breach related to such personal information, the third-party would be legally obligated to comply with the mandatory data breach reporting obligations under PIPEDA; however, this is not the case. It is the outsourcing organization (i.e. the transferor of the data) – and not the third-party service provider – who is responsible for compliance with PIPEDA’s mandatory data breach reporting obligations. This is because the reporting obligation falls upon the organization in control of the personal information, and the OPC has taken the position that it is typically the outsourcing organization, and not the third-party service provider, who has control of the personal information. Consequently, if you engage a third-party service provider to processes personal information that you have collected and that third-party service provider suffers a data breach, you (the outsourcing organization) have the reporting, notification, and record keeping obligations and the corresponding liability under PIPEDA for failure comply with those obligations.

PIPEDA Compliant Contractual Terms

Since PIPEDA holds the customer (i.e. the outsourcing organization) of the third-party data processor liable for data breach reporting, it is crucial that contracts involving third-party data processing expressly address the customer’s rights, and the third-party service provider’s obligations, upon the occurrence of a data breach. Without data breach terms in your contracts, you might not even be notified by your third-party service provider that a data breach has occurred. This lack of notice would obviously undermine your ability to comply with PIPEDA’s data breach reporting, notification, and record keeping requirements. But to make matters worse, failing to have appropriate contractual arrangements with your third-party processors regarding data security and breaches is in and of itself a violation of PIPEDA’s accountability principle, which states:

An organization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.

Unfortunately, third-party service provider contracts often completely omit data security and breach terms. This should be of immediate concern to customers of those third-party service providers, since the omission of contractual terms regarding data security and breaches places the customer in contravention of PIPEDA (regardless of whether or not a breach has actually occurred) and exposes the customer to significant risk and uncertainty should their third-party service provider suffer a data breach.

So what contractual arrangements should be implemented? For one, outsourcing organizations should ensure that their third-party service providers are obligated to notify the outsourcing organization of data breaches within the time periods required by PIPEDA. The third-party processors should also be obligated to ensure the notice contains enough information to enable the outsourcing organization to comply with PIPEDA’s mandatory data breach reporting obligations. This means that, at the very least, the notice should contain information concerning:

1. Date and time of breach;
2. Duration of the breach;
3. How the breach was discovered;
4. When the breach was discovered;
5. Type of security safeguard breached or whether breach occurred due to lack of security safeguard;
6. The type of breach;
7. Whether there is evidence of criminal intent or a state sponsored attack;
8. Who may have had access to the personal information;
9. Steps taken to mitigate harms flowing the breach and prevent future breaches;
10. The types of information involved (e.g. financial information, health information, etc.);
11. The number of affected individuals;
12. The names and contact information of the affected individuals; and
13. Other information that would enable the outsourcing organization to determine if the breach creates a real risk of significant harm to an individual.

Outsourcing organization should also contractually obligate third-party processors to:

1. comply with all applicable privacy and data security laws to which they are subject;
2. limit their use of the personal data to specific purposes;
3. not disclose personal data to third parties, subject to certain exceptions;
4. protect personal data from unauthorized access or breach by implementing security safeguards and controls;
5. investigate data breaches and take actions directed by the outsourcing organization to contain the breach; and
6. cooperate with the outsourcing organization in connection with the outsourcing organization’s reporting and notification obligations.

Although a good starting point, the above is not a complete statement of all contractual terms that should be included in agreements with third-party data processors and is of course a simplification of a complex topic. Deciding upon and drafting appropriate data security and breach contract terms requires an analysis of the totality of your circumstances by experienced legal counsel knowledgeable in privacy law. If your business needs assistance with developing PIPEDA-compliant contracts or with planning ahead for data breaches by third-party data processors, contact the author of this blog post, David McHugh, at d.mchugh@segev.ca or 604-629-5401.

The above blog post is provided for informational purposes only and has not been tailored to your specific circumstances.  This blog post does not constitute legal advice or other professional advice and may not be relied upon as such.

Original Source: https://segev.ca/legal-obligations-when-outsourcing-data-processing

Here, we’ll go over a few topics that your BYOD rules need to address.

Password Practices and Other Security

It’s hardly a secret that some people utilize lax passwords - especially on their personal devices, where there isn’t an IT department establishing policies to help ensure password strength. According to Pew Research Center, 28 percent of smartphone owners don’t use a screen lock. Obviously, this isn’t something that can be allowed in the business setting.

So, if your employees are going to use their personal devices to access business resources, you need to have a policy that their devices are set to lock after a certain period of inactivity, and require some form of authentication to unlock. Furthermore, the device should further lock down if an incorrect authentication code is input so many times.

Your policy should also include any required security solutions you plan to utilize as part of your mobile monitoring and management toolset. All devices should have antivirus installed, along with mobile device management and unified endpoint management solutions.

Provisioning and Network Security

Provisioning a personal device that is going to be used for company work helps to ensure a few things. Not only does it help to make sure that productivity applications are configured properly, it also helps to boost your security. Furthermore, your network needs to allow your employees’ devices to access the business network - not just a guest network you have set up. Of course, there should be procedures and safeguards in place to ensure that this is done securely.

Tracking, Remote Access, and Data Wiping

Accidents happen, and devices can be lost - and sometimes, stolen. Furthermore, any device that is attached to a company network and has accessed illegal content could possibly leave the company liable - especially if this content was accessed via the company network. Your IT team should have the capability to monitor what websites and content each device included in a BYOD strategy has accessed, as well as to remotely access these devices to help ensure their security should they wind up missing. It also helps if they can implement updates to work solutions and security measures.

If worse comes to worse, it is beneficial to be able to delete all of a device’s data remotely - that way, even if it is stolen, your data won’t be at risk for as long. This also comes in handy if an employee is ever to leave your employ and you want to make sure they no longer have your data (or access to it).

BYOD can offer significant benefits to any organization. To learn more about putting a policy in place at your business, give Coleman Technologies a call at (604) 513-9428.

First, let’s delve into what ITAM actually covers.

Understanding ITAM

Consider all of the internal resources that your business uses, with the exception of your living, breathing employees. Everything that’s left can be considered an asset. ITAM narrows this down further into specifically the assets that pertain to your comprehensive IT infrastructure. This includes:

• Hardware (like workstations, servers, printers, etc.)
• Software (antivirus, productivity titles, etc.)
• Any Peripherals (Keyboards, computer mice, other devices)

With these assets identified, ITAM assists you in tracking their purpose, how they interact, and other crucial details. This means, as you’ve likely realized, ITAM covers a considerable breadth of your resources, which makes it important that you keep it organized.

How ITAM Helps

A well-organized ITAM can help you save time and hassle by streamlining your processes, simply by keeping the data you need in a manageable and accessible record. As a result, you can make a variety of processes easier through improved data. This data can also help inform you of potential issues, or of the minimum requirements you have to meet to implement change.

Making the Most of ITAM

As promised, here are a few ways that you can optimize your use of IT asset management practices.

• Make it a proactive process. Managing your technology assets needs to be something that you start before you are required to do so, and that isn’t abandoned after reaching a certain milestone. This will help keep you prepared for a wider range of circumstances.
  
  
• Leverage automation. While Excel used to be an invaluable tool for asset management purposes, there are better options now that don’t require you to contend with spreadsheets that extend into the thousands of rows. Not only are automated solutions easier to manage, they come with a valuable set of added features to make your work life that much easier.
  
  
• Track your assets. This one especially applies to your software. There is often a difference between what an agreement says can be deployed, and what can be deployed practically. Keeping your agreements and receipts helps you pass audits by proving compliance.

Coleman Technologies can assist you with your IT assets. To learn more, reach out to us at (604) 513-9428.

What is Voice over Internet Protocol?

Traditionally, telephones work by sending electricity through the phone wires and phone lines and having it converted back into sound. Today, they have figured out how to do the same process through the Internet. Sounds are sent as data packets over Internet wires and then they are unpacked to make sounds again. VoIP is the product that has come from this innovation. Basically, where you once had to have an expensive business telephone system hardwired to your place of business, you can now do the same for a fraction of the cost by using your company’s bandwidth to send and receive calls.

How Does VoIP Work to Save Me Money?

VoIP presents several options that work to save your business money. They include:

You’re Paying for One Less Thing

Your business telephone system has worked, but the cost is high. Of course, you’ve needed it, but today, VoIP offers just as much in the way of features as a dedicated telephone system, but it does it through your Internet connection; a service that you almost assuredly have and use regularly. 

VoIP is Easier

Since VoIP is delivered via your Internet connection, your staff no longer needs additional infrastructure--such as a wired connection for every phone--to be able to make calls. You can scale your hosted VoIP solution up and back as you need. What’s more, for many solutions you can utilize your staff’s personal devices as reliable work phones through the use of a mobile app. That’s much easier.

VoIP is More Efficient

Most VoIP solutions enable you to provide them with an auto attendant feature that provides directions to callers. This reduces the time that people need to be on the phone. Clients get connected with the person they are calling, while employees won’t need to deal with their phone ringing and causing interruptions.

There are many other benefits to VoIP solution. If you would like to learn more about implementing VoIP and saving money in the process, reach out to Coleman Technologies at (604) 513-9428!

January 14, 2020

Microsoft has announced that Windows 7 will no longer be supported after January 14, 2020. Computers that are running the software will no longer be protected, and put your business at risk. After January 14th, any computer still running Windows 7 will not be receiving technical assistance from Microsoft. First released in late October 2009, Windows 7 was one of Microsoft’s most effective and popular operating systems, but the time has come to upgrade.

Why Shouldn’t You Run Unsupported Software?

Simply put, by running unsupported software your business becomes much more vulnerable to cyberattack. Supported software is routinely patched to keep potential vulnerabilities from becoming disasters for your company. A data breach can flatten any forward momentum a business has, and today, with ransomware being a consideration, making sure all of the software you depend on is supported keeps your business secure.  Besides the security issues, there are other considerations to contend with, like a loss in functionality 

What are Your Options?

Since you have around a month left to upgrade away from Windows 7, you still have time to switch your Windows 7 workstations over to Windows 10. Windows 10 is the current standard and has been for nearly five years. To upgrade to Windows 10 requires at least a 1 GHz processor, 2 GB of RAM, and 20 GB available on a hard drive. Since these specs aren’t much over what Windows 7 required, it may not be necessary to overhaul the hardware on each of your workstation. 

Extended Support

For organizations that simply won’t have time to upgrade their machines there are a couple of options that you should know about. Microsoft is offering a costly extended support package that will available for all Windows 7 Pro and Windows 7 Enterprise customers with volume licensing through January 2023. Most businesses will not qualify, but if yours does, the costs for Enterprise will be $25 per device from 2020-2021, $50 per device from 2021-2022, and $100 per device from 2022-2023. The cost of support for Pro versions will be double that. 

There are, at this moment no plans to support this software after 2023.

Microsoft 365

If your business is looking for an option that will move you on from Windows 7, Microsoft now offers the Microsoft 365 bundle. Available in enterprise, business, and education platforms, the cloud-based bundle provides users with Windows 10, the productivity and storage applications in Microsoft Office 365, and the security and control settings you’ll need to get the most out of the subscription service. Paid by the user, per month, major hardware upgrades can be tabled or done incrementally, allowing a business to pay as they go until they get to where they want to be. 

If your organization needs help upgrading your software, or keeping it patched and up-to-date, call the IT professionals at Coleman Technologies today at (604) 513-9428.

What is Project Management?

This may seem pretty self-explanatory, but project management is the planning and systematic organization of a project’s tasks. Unfortunately, anything that ends up going wrong in a project is immediately the result of bad project management. That’s why it is essential to have tools that allow for efficient and effective project management. 

Project managers typically oversee the creation, delegation, and completion of tasks that are coordinated in a way where the tasks result in a finished product. Therefore, a lot of what a project manager does “quarterbacking” a team of resources. Solid communications, time and resource management, and constant and diligent assessment are the staples of a successful project manager.

Parts of Solid Project Management

Every project is different, but there are some of the elements that the PM has to manage. 

• Planning- It’s the PM’s job to plan out each task and assign it to the resources that are available for it. Being able to properly schedule resources is a core responsibility of the project manager mainly because most projects not only have multiple people that work on them, but also because tracking the time that the project takes is how organizations measure the profitability of the project.
• Time tracking - Typically integrated with the scheduler to streamline operations, time tracking is essential to manage resource involvement and be able to properly assign tasks. 
• Collaboration - Today, businesses have collaboration options that fuel efficient project work. It is the PM’s responsibility to ensure every resource not only has access to a collaboration tool, but also uses the tool provided to complete their tasks as efficiently and effectively as possible. 
• Documentation - In order to have a complete and thorough assessment of any finished project, you’ll need to have complete and thorough documentation to go through. Many of today’s productivity options have integrated a great set of tools that help PMs analyze contributor value.
• Assessment - At the end of a project, after the delivery of the product to the customer/client, a complete audit of the project will provide all the successes and failures that took place in the duration of the project, helping a business know what it needs to improve on and, ultimately, if their project is bringing a large enough return (or a return at all). 

With the success of an individual project tied to the management of the resources it takes to complete it, proper coordination, documentation, and assessment are especially important. 

Project Management Tools

Most of the actual tools needed to fuel your organization’s projects have now been integrated into one or two pieces of software. They provide PMs with all of the information they need to place resources, assign tasks, and oversee the whole project. A few of these tools include:

• Gantt chart - A Gantt chart is a visual representation of the project. The Gantt chart is used to illustrate how a project will run. It makes recalculating the timeline of a chart and shuffling resources around to meet demand much easier. 
• PERT chart - PERT stands for Program Evaluation, and Review Technique. It’s essentially a chart that shows where each task assigned in a project is connected to other tasks in a project. Also represented through what is called the Critical Path method, this allows project managers and their teams to get a clear representation of how all the tasks in a project end up creating the end product. 
• Moscow analysis - An analytic technique that stands for: must, should, could, won’t it allows PMs to work with project stakeholders to create the scope of the project. Obviously there are things you must do in the scope of a project, those need to be planned for and scheduled first. Then the things that should be done, followed by things that could be done to improve value, and finally eliminate things that simply don’t need to be done. 
• WBS chart - WBS stands for Work Breakdown Structure, and is a common tool to help people visualize the entire scope of a project. This provides a comprehensive list of individual tasks. 
• The Cone of Uncertainty - This is a visual tool that shows the measures of uncertainty vs. time. As the project goes forward uncertainty decreases. As risk is mitigated and governance is solid, confidence will increase. By managing risks properly, any project’s cone of uncertainty will show static improvement, ultimately leading to a successful finale.  

There are several other tools that a project manager can use, and many of them are incorporated in today’s powerful collaboration software. Many Customer Relationship Management software titles provide project management tools. If yours doesn’t, you can get stand-alone project management tools for your email client that provides PMs a set of useful options.

What is happening more today, however is that PMs are beginning to use collaboration apps like Microsoft Teams and Slack that come with dozens of software integrations strategically designed to make project management--which is, of course, a traditionally messy endeavor--easier. These titles alone do a lot of good mitigating risks and fueling collaboration.

IT projects can often be difficult to implement, but the knowledgeable professionals at Coleman Technologies have a great track record of improving our client’s businesses through strategic project success. Call us today at (604) 513-9428 to see how we can help. 

How Does This Happen?

An employee had access to data that they weren’t authorized to have. According to Trend Micro, they were able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”

This employee, who remains unnamed, apparently had planned to steal data, and ended up being able to bypass the internal protections Trend Micro had in place.

Since the data had more than enough information for a scammer to use to trick a user into believing they were calling from Trend Micro (all it really takes is a name and phone number, and knowing that they use the product), this kind of data has a great deal of value to scammers. It gives them an easy way in to steal money from unsuspecting people under the guise of Trend Micro tech support.

Be Wary of Any Unsolicited Tech Support Calls

This isn’t a new problem, and it definitely isn’t only a problem for Trend Micro customers. Fake tech support scammers have been around for years, often preying on older, less-technically-savvy users. They use scare tactics and feign urgency to get their victim to hand over credit card information or allow remote access to the PC. 

More often than not, these calls will come in saying they are “Microsoft Windows Support” or some general computer support. If the scammer thinks they are targeting an individual at a business, they might say they are from the IT department.

It’s important to be wary and educate your employees so they know the proper channels for getting support requests handled. 

The Other Lesson - Don’t Let Employees Access Data They Don’t Need

As a business owner, you need to ask yourself who has a little too much access. Can all employees wander into folders on your network that contain personal or financial information? 

An employee should only have access to the data that they need, although it’s also important to not make it too difficult for an employee to do their job. Establishing the policies for this can be tricky but setting up the permissions on your network just takes a little work with your IT provider.

Enforcing security policies, like controlling who has access to what data, requiring strong passwords, and setting up multi-factor authentication can go a long way in protecting your business and its customers from a rogue employee running off with data. An ounce of prevention is worth a ton of damage control, in this case.

Need help? Our IT experts can work with you to lock down your data. Give us a call at (604) 513-9428.

A Refresher on the Cloud

“The cloud” is a term that is used extremely loosely, effectively referring to any data that is stored on the Internet. So yes, online storage spaces like Google Drive, Microsoft 365, and Dropbox count as the cloud. Your website’s hosting service counts as the cloud. The social media sites you use, like Facebook and Twitter, qualify as the cloud in a way. Arguably, even online banking is a cloud-based service, as your information is stored on your bank’s online servers.

If you use a store’s photo printing services, or attach a file to an email, or ask your virtual assistant to wake you up early, you are utilizing a cloud service. Businesses around British Columbia use cloud technology to share documents, store data, and host apps and line of business software titles.

Any data you have stored online is data that you have in the cloud.

Is It Okay to Have So Much Data Online?

Truthfully? It all depends upon what data you are storing, and where it is being stored.

It is important to remember that - in essence - all the cloud is, is someone else’s computer that you can leverage. Storing data in the cloud is quite literally entrusting its security to someone else… something that has both benefits and drawbacks.

On the one hand, many businesses have onsite servers in which they keep their company data, which requires them to keep those servers secure. If something happens to this data (despite the network protections and backups that should be in place) it is on that business.

On the other hand, cloud services are typically provided by big-name companies who can feasibly afford to protect the data they have been entrusted with. Who would have more capital available to invest in cloud security… your business, or the likes of Google or Microsoft?

It should also be considered that these larger companies can provide much more value to the people who can successfully hack them. It isn’t unheard of, either… Yahoo, Dropbox, and Apple iCloud have all been breached at some level, and attacks are always happening.

So, Is the Cloud Safe? How Can I Protect My Data?

All this may make you feel as though your most secure option is to eschew the cloud as much as possible - but, depending on what you’re storing and how this data is protected, you may have other options. Here are a few practices to help you balance the potential risks and rewards.

Encrypt BEFORE Uploading

Encryption is a very popular buzzword among cloud solutions. Public cloud providers will throw terms like “256-bit encryption” around, making their services sound pretty great. However, your data will only be encrypted like this as it is being transferred. In storage, it is unencrypted, and is therefore vulnerable. If your data were to be encrypted independently of the cloud, on the other hand, it would be rendered effectively useless to someone who didn’t have the ability to unlock it.

Understand Your Compliance Requirements

Different industries maintain different standards for the security of your customer and client data, in addition to the data privacy laws that are on the books. The medical field has HIPAA, and many businesses need to abide by PCI DSS. In order for you to use a service provider’s cloud solution to store your data, you need to confirm that it is compliant to the requirements imposed upon your industry by such regulations.

Practice Password Hygiene

While this is important to consider when leveraging a cloud service, any of your online activity should abide by the same rules. If you don’t repeat passwords across accounts, you can effectively limit the number of accounts that can be breached through one action.

Be Discerning

Cloud storage and services is a growing industry, thanks to its low barriers to entry and huge potential profits. You need to make sure that you select a service that is fully protecting your data, not just the one that offers you the lowest price.

Coleman Technologies can help you with your cloud service needs, without sacrificing your security. To learn more, give us a call at (604) 513-9428.

Fiber optic cable is a network cable that contains small strains of glass fiber. Those glass strains are covered by an insulated casing. They transmit data through light. They are often not much thicker than a human hair. They are made up of the core, which is the pathway for light to travel. The core is surrounded by a layer of glass called cladding that keeps light in via reflection to avoid signal loss and keep transmissions true as the wire bends. 

Since the transmission of light is so fast, data can travel long distances quickly.  These cables provide higher bandwidth and can maintain the integrity of data transmission over long distances. Today, this technology supports much of the world’s Internet, cable television, and telephone systems. Their main benefits include:

• Higher capacity data - The amount of data that a fiber optic cable can carry exceeds that of traditional copper cable. Fiber cables are rated at 10 Gbps, 40 Gbps, and 100 Gbps. 
• Longer Distances - Since light travels for much longer distances without losing strength, there is less need for signal boosters. 
• Less Interference - Copper cables require shielding to protect it from electromagnetic interference, but this shielding doesn’t always work. The physical makeup of fiber optic cables works to avoid this outside interference. 

Most fiber optic cable is installed to run long-distance connections, there are some Internet providers that roll out fiber optics for direct access to customers. They are deployed the following ways:

• Fiber to the Premises (FTTP) - Fiber that is laid to support the use of media services to residential buildings.
• Fiber to the Building (FTTB) - Also called Fiber to the Block or Fiber to the Business - This is fiber optic cable that supports commercial buildings.
• Fiber to the Curb of Node (FTTC/N) - This is fiber cable that is laid to the node, while copper wires complete connections to customers.
• Direct fiber - Fiber that leaves the central hub and is attached directly to a customer. Some of the most expensive network cabling on the market. 
• Shared fiber - Much like direct fiber, but at the end it’s split up to other customers. 

Deploying fiber optic cable to your place of business is possible, but it is extraordinarily expensive. Due to the mounting costs associated with it, it may not be an option unless your provider is rolling out new infrastructure. 

If you would like to learn more about the technology your business uses, and what kind of effect it can have on your business, return to our blog regularly. 

On the surface there is nothing abnormal or wrong about this scenario. The problem, however, that dropping a new hire into the fray with a copy of the employee handbook and a day-and-a-half of software and sensitivity training may actually not be the best way to handle your human resources. This month we are going to talk about how creating a sustained training platform can actually have a marked effect on your business’ ability to stay secure and productive. 

Education vs. Experience

The first place we’ll start is with the hiring process. Many organizations prefer to hire people that have a college degree of some sort. While that may be prudent if you are hiring people for a specialized job, many entry-level job postings are now requiring college degrees, often to the organization’s detriment. Since college graduates are likely to command a higher salary--and they didn’t go to college (and often assume large amounts of debt) to work entry-level jobs--they typically get impatient with their professional growth and hop from job-to-job until they find something more to their liking. In fact, people who have graduated from college since 2010 have averaged four job changes in their first nine years. 

That’s not the only thing. You have people whose education doesn’t match up with the demands of the jobs. People that get their degree in a certain discipline and didn’t work a job relating to that discipline for years, are often further behind than people who have experience in the field. Then you have that person who applies, but majored in Latin in college. Most businesses would be better off filling the position from within than hiring someone from outside the company and lacks real-world experience in the job.

This is where training comes in. For the college graduate who has been exposed to different perspectives, disciplines, and rules than the people that work real-world jobs are exposed to the practical knowledge necessary to troubleshoot even basic problems in a business setting may be a little troublesome to start with. There’s a reason why your average mechanic, plumber, and electrician keep being able to raise their rates: they’re experienced and trained.

Types of Training

The first thing that should be mentioned is that dedicating a lot of time and resources to employee training can become expensive. This is likely why a lot of people don’t do much of it. There are five major types of training that most organizations offer, in varying degrees. They are:

Orientation

Every business has some form of orientation. This is a short run down of the expectations of an employee by management.  Orientation will show new hires all the relevant information about what it means to be an employee at the company. Some businesses go into detail about things like the company mission, values, corporate culture, leadership information, employee benefits, administrative procedures, and any other tasks that need to be completed before any actual training begins. 

Onboarding

Onboarding is different than orientation. When you are onboarding your employees, you train them in the specific duties their job entails. This could be training on software systems they need to be accustomed to using, or training on how your business wants them to complete specific tasks. The idea is to make new hires as effective as possible, as quickly as possible. Some jobs come with a half-a-day of onboarding, while others take over a year to complete. 

Mandatory

There are some things that workers need to know, regardless of the position they hold. Some mandatory training is dictated by Federal and State governments, while others are strictly industry-wide points of emphasis. Public sector jobs often are required to take occupational health and safety courses. This practice is becoming more and more prevalent in the private sector, as is sexual harassment training.

Operational Skills

Skills training is designed to improve an employee’s ability to do the work, or to fill in other positions in your company. There are soft skills training and technical skills training. Soft skills training is designed to improve an employee’s ability to interact with others; and, with the company. These skills include:

• Presentation and communication
• Problem solving
• Conflict resolution
• Time management
• Collaboration
• Emotional intelligence
• Adaptability

Studies have shown that a dedication to soft skills training works to resolve the normative problems with high turnover and unsuccessful collaborative culture.

Technical skills training enhances the technical proficiency of an employee. Any time employees can get better at the technical aspects of their jobs, it improves the products and services the company they work for delivers. 

Security

Nowadays, with the circumstances that modern workers have to consider, security training is an absolute must. Not only does it improve employees’ ability to protect business assets, it ensures that they are aware of the potential problems that the modern business is exposed to. 

Physical security training is typically limited, but if it is a major part of a person’s role within your company to keep assets secure, they should be given the information needed to accomplish this task. 

What’s more likely is that each person will need to take part in cybersecurity training. Digital assets are routinely targeted by people inside and outside of your business, so knowing how to protect them is a major point of emphasis that decision makers have to consider. The average worker needs to know how to identify a phishing attack, the best practices of data transmission, and what are good and bad practices when interacting with cloud-based and other online-based resources.

At Coleman Technologies, we know just how important keeping malware and unwanted visitors out of your network is and can help you with your cybersecurity and network security training platforms. Our team of professional IT technicians, and our dedication to helping businesses keep hackers from negatively affecting business, can go a long way to help you establish the training platform you need to keep your business' digital assets secure. Call us today at (604) 513-9428 for more information.