With a vulnerability appearing on the scene, we felt it was an appropriate time to peel back the curtain on a technology we all use daily but rarely question: Bluetooth. Given the nickname of King Harald Gormsson, who famously united disparate Scandinavian tribes back in the 10th century, the technology unites our headphones, mice, and keyboards. Unfortunately, even the strongest alliances have their weak points.
If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.
This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.
Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.
Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.
If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.
Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.
Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.
No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.
Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.
Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.
Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.
This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.
If you become the target of ransomware, we suggest you call Coleman Technologies at (604) 513-9428. We can walk you through the appropriate next steps to address ransomware on your network.
Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.
Get started today by calling us at (604) 513-9428.
When I was a kid, there was a Tex Avery cartoon where Droopy Dog was chasing down a crook who escaped from jail. There was a particular scene where the crook (I think it was a wolf in a black-and-white striped jumpsuit) takes a bus, a plane, a ship, and a taxi to a secluded cabin, and then closes a series of increasingly complex doors with a large number of locks, in order to hide away from the pursuing cartoon basset hound.
Of course, when he turns around, exhausted by all the effort he puts in, he realizes that Droopy is standing right behind him, and greets him with a monotone “hello.”
I haven’t seen this cartoon since I was 7 years old, but I almost always think about it when I am using multi-factor authentication.
Strong complex passwords, multi-factor authentication, complex policies and rules, and not always feeling like you have total access to everything you need at any given time certainly can feel like a hurdle when it comes to getting stuff done.
Believe me, I get it. As a tech head, I love how secure my information can get, but as a business owner, as a person who just needs to get things done, it really can be just frustrating enough to make it feel like it isn’t worth it.
I’ll never stop advocating it though.
Sometimes, in my head, I might grumble and think to myself—this is stupid, I’m just trying to get into my Facebook account. But then I think, through my Facebook account, I have all of my contacts, many of which are people I do business with. I also own my business page, and a couple of groups that I rely on for networking, and my ads account, which has my business credit card…
You get the idea. It’s just Facebook, but it’s so wrapped around my life that if someone else were to get in there, it could get really messy and complicated.
The same goes for email accounts, bank accounts, and software that stores sensitive information for myself and my business. Basically, anything that you can lock down with multi-factor authentication, you really should, and your employees should all be doing the same.
Somewhere early on, when the world was figuring out what to do with computers and the Internet, a bunch of folks got together and decided that the password would be the ultimate authentication tool. You just type in your magic words, “open sesame!” and yep, that’s definitely you and can’t possibly be anyone else!
It wasn’t a bad idea back before we were doing banking and storing medical records and other sensitive information online, and before we were using online tools and databases to store tons and tons of client information about people besides just ourselves.
But the password just isn’t that secure. They are easy to crack, and it’s so easy to be lazy about them to the point where they don’t even offer any protection at all. A 12-character password can be cracked with password-cracking software on your average laptop in less than 14 hours, and that time could be much shorter if your password isn’t all that complex.
Plus everyone has the tendency to reuse passwords or establish a predictable pattern in their password-making behaviors… it’s a mess. It’s not a good way to rely on security.
That’s why we have things like multi-factor authentication. Yes, it adds an extra step and can be a little annoying, but it can be streamlined. Here are some tips.
Cybersecurity is complicated, and it can feel like an overwhelming hurdle, but we can help you and your business use it effectively. It is important, and it is something that we should all be using as often as possible.
To get help, give us a call at (604) 513-9428.
Technology is central to most businesses, which means that security is, by proxy, central to them as well. With cyberattacks on the rise, it’s more important than ever for you and your employees to be on the same page regarding cybersecurity. Today, we are looking at four ways you can ensure sound cybersecurity practices that even the most belligerent employees can follow… with the right support in place.
Passwords are your first line against hackers, so guaranteeing their quality is important.
You should have each of your employees utilize strong, unique passwords for each account. Password managers can make them easier to use, as you won’t have to create or remember them all. These credentials can be securely stored in an encrypted vault, only pulled when they’re needed.
Additionally, we recommend using multi-factor authentication whenever possible for the additional layers of security it provides.
Phishing scams are out of control, so you need to know how to respond to them.
These scams often come via email, text, or fake websites, and they can be strikingly legitimate-looking. You should never click on a link or download an attachment from an unverified sender. You can hover over links to ensure that they go to where you expect them to, and you want to ensure that any website or payment portal asking for sensitive information is encrypted for your protection by checking for “https” in the URL.
We recommend testing your employees periodically to ensure that they know what to look for in a phishing message and how to report it.
Outdated software and devices are a disaster waiting to happen.
Patches and updates are required to ensure that your devices are as secure as possible. These patches and updates address vulnerabilities and bugs found in your solutions, effectively fixing them so that hackers can’t exploit them against you. We recommend that you implement automatic updates so that you don’t have to worry about the manual effort of deploying them to each of your devices.
Bonus tip: strive to deploy these remotely, as well, so it takes the least amount of time and effort possible on your tech’s part.
Public wireless connections are sketchy, so whenever possible, take extra precautions when using them.
A virtual private network, or VPN, offers an encrypted connection for your sensitive information and data. It effectively masks your Internet traffic so that any onlookers can’t intercept data while it’s in transit. A VPN can mask your location and encrypt online activities so that you can safely and securely work wherever your duties take you.
For more information about how to keep your business safe, be sure to contact Coleman Technologies at (604) 513-9428.
Cybersecurity is crucial for everyone to focus on, both in the professional environment and in their personal lives. That’s why I wanted to put together a list of cybersecurity practices you should encourage your team to follow when they aren’t in the office or working remotely, when their time is theirs.
Make sure you share these points with them, and have them pass on the lessons to those in their lives as well. The more people we can get into a perpetual cybersecurity mindset, the better.
I know, I know… it’s always about the passwords. The thing is, there’s a reason for that. Passwords are still the predominant security measure in computing, and it is incredibly important that you are careful and strategic about using them.
Wherever you need to use a password, make sure that you’re using a new one and that it’s sufficiently complex. Avoid using what are known as “dictionary” words, and NEVER use personal details or information as you do so. As much as you might like thinking about Fido the dog or Luna the alpaca every time you have to log into something, a cybercriminal would like how easy it would be to figure that out, too.
While it may seem like a lot, I recommend investing in a standalone password manager and avoiding ones built into Internet browsers. This nifty bit of software helps you manage all the passwords you should be using, protecting them all behind just one you need to remember.
With more and more accounts now implementing multi-factor authentication as an option, this may be one you’re already familiar with. If you’ve ever been asked to provide a code texted to you as you log in, you’ve experienced MFA.
MFA takes the security offered by the password and elevates it to the next level, requiring something that is much harder (not impossible) for a cybercriminal to get their hands on. Is it a pain? Yes, it is. However, it is also something that will leave you so much safer.
Again, I get it… data plans are expensive. Unfortunately, a data breach will cost you a lot more. Public Wi-Fi, like that found in restaurants and stores and the like, simply cannot be trusted with any amount of your data. First, cybercriminals have been known to create their own networks and name them something similar to a business’ actual network and see who takes the bait. Second, a cybercriminal could easily just sit and wait on the network to intercept your data.
Instead, we strongly recommend avoiding these kinds of networks at all costs.
Cyberthreats frequently hide in the most innocuous of places. For instance, cybercriminals are not afraid to send falsified emails that look like they come from someone else to try and get people to click on dangerous links—sometimes to initiate downloads, sometimes to direct you to completely falsified websites meant to steal your usernames and passwords.
This practice is known as phishing, and it comes in many different forms. Likewise, your response to it should also take many forms. Don’t click unexpected or unknown links, report any spam or junk mail you get, and limit what you share publicly because this is where phishing efforts get a lot of their data.
This is especially true of businesses, as they can largely be seen as repositories of data of exactly the kind that cybercriminals want.
While cybersecurity is important for everyone, businesses really can’t afford to fall short. Coleman Technologies is here to help. Give us a call at (604) 513-9428 for assistance with your business’ IT, including its security preparations.
Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.
Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.
This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.
As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.
The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.
Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.
The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.
To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”
With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Coleman Technologies a call at (604) 513-9428.
Conferencing and digital workplace software company, Citrix, revealed that hackers gained access to the company’s network between October 2018 and March 2019. Data stolen included Social Security numbers, financial information, and data of current and former employees.
1.6 million users of AMC Network’s Sundance Now and Shudder streaming services had their data left exposed through a database that was left unsecured. Names, email addresses, subscription details were compromised.
Freedom Mobile, a Canadian mobile provider had an estimated 1.5 million customers’ personal and financial information left exposed on a third-party server. The types of data left exposed included names, email addresses, mailing addresses, dates of birth, and credit card information.
The legal team behind the National Basketball Association’s Indiana Pacers was the victim of a major phishing attack. Employee and customer names, addresses, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, medical insurance information, card numbers, digital signatures and login information. No number of affected individuals has been given by the team.
WhatsApp has experienced a security flaw that provided access to an Israeli government surveillance agency, NSO Group. NSO Group had limited access to the microphone, camera, and WhatsApp message text of the app’s 1.5 billion users.
Facebook-owned Instagram, fell victim to a data breach that exposed more than 49 million Instagram influencers, celebrities, and brands’ Instagram information when an Indian-based social media marketing company left it exposed.
The 139 million users of Canva, a cloud-based graphic design tool, had their names, usernames, and email addresses exposed when hackers infiltrated their server.
First American Financial Corp., a leading title insurer for the U.S. real estate market, had 885 million customers’ Social Security numbers, bank account numbers, mortgage and tax records, wire transaction receipts, and driver’s license images compromised for all customers as far as back as 2003.
Other May breaches: Inmediata Health Group, Uniqlo, Wyzant, Flipboard, Checkers (the fast food chain).
Almost 12 million patient records have been compromised when hackers took control of the payments page of AMCA, a major payment vendor for Quest Diagnostics. Data such as financial account data, Social Security numbers, and health information (ePHI) were left exposed.
In the same hack, LabCorp announced that 7.7 million of its customers were impacted.
In the same attack, Opko Health had 422.600 customer and patient records compromised.
The gaming website Emuparadise had their users’ IP addresses, usernames, and passwords exposed in a data breach.
More than 100 million users of the Evite event planning app have had their information put up for sale on the dark web. Information that was stolen included names, email addresses, IP addresses, and cleartext passwords. Some even had their dates of birth, phone number, or postal address exposed.
Kentucky-based Total Registration, a facilitator of scholastic test registrations had their entire service compromised. Victims, who were mainly students who had registered for PSAT and Advanced Placement tests, had their names, dates of birth, grade level, gender, and Social Security number exposed.
A security vulnerability in Evernote’s Web Clipper Chrome extension gave hackers access to the online data of over 4.5 million users. Exposed data includes authentication, financial, all private communications, and more.
Over 2.7 million individuals and 173,000 businesses had their data stolen by a single Desjardins employee. Canada’s largest credit union, the hack resulted in the exposure of names, dates of birth, social insurance numbers, addresses, phone numbers, and email addresses of customers
Other June breaches: Oregon Department of Human Services, U.S. Customs and Border Protection, EatStreet, Dominion National
Due to the AMCA breach that affected Quest Diagnostics, Opko Health, and Labcorp, Clinical Pathology Laboratories had 2.2 million patients’ personal and medical information exposed with an additional 34,500 patients’ credit card or banking information breached.
A still unknown number of Sprint customer accounts were hacked through Samsung.com’s “add a line” website. Some exposed information included names, billing addresses, phone numbers, device types, device IDs, monthly recurring charges, account numbers, and more.
Other July breaches: Maryland Department of Labor, Los Angeles County Department of Health Service, Essentia Health, Fieldwork Software, Los Angeles Personnel Department
The online marketplace, Poshmark, has announced that they’ve been hacked. Usernames and email addresses of an unreported amount of clients have been exposed in the breach. Poshmark has nearly 50 million users.
The online fashion-trading platform had its over 6.8 million user accounts exposed. Data that was out there included customer names, email addresses, usernames and passwords, shipping addresses, and purchase histories.
A data breach at CafePress, a custom t-shirt and merchandise company, exposed the names, email addresses, physical addresses, phone numbers, and passwords of over 23.2 million customers.
Hackers left over 700,000 guest records exposed in a coordinated extortion attempt on the Choice Hotel chain. Stolen information included names, addresses, and phone numbers.
VPNMentor and independent security researchers uncovered a data breach containing over a million individuals’ facial recognition information as well as the unencrypted passwords and usernames of 27.8 million individuals exposed from Biostar 2, a biometric security platform.
Hostinger, a web hosting company sent out an email to their 14 million clients who had their information hacked through an API server. As a result, first names, usernames, email addresses, IP addresses and hashed passwords were exposed.
Other August breaches: Presbyterian Healthcare Services, State Farm, MoviePass
Before your business has its network breached, data stolen, and reputation irreparably harmed, call the security professionals at Coleman Technologies to do a full security assessment. We can help you keep your data and reputation intact. Call us today at (604) 513-9428 to learn more.
We aren’t alone in believing so, either. A recent study examined twenty such AI-integrating cybercrimes to see where the biggest threats would lie.
Here, we’re looking at the results of this study to see what predictions can be made about the next 15 years where AI-enhanced crime is concerned. Here’s a sneak preview: Deepfakes (fake videos of celebrities and political figures) will be very believable, which is very bad.
To compile their study, researchers identified 20 threat categories from academic papers, current events, pop culture, and other media to establish how AI could be harnessed. These categories were then reviewed and ranked during a conference attended by subject matter experts from academia, law enforcement, government and defense, and the public sector. These deliberations resulted in a catalogue of potential AI-based threats, evaluated based on four considerations:
Split amongst themselves, the group ranked the collection of threats to create a bell-curve distribution through q-sorting. Less-severe threats and attacks fell to the left, while the biggest dangers were organized to the right.
When the group came back together, their distributions were compiled to create their conclusive diagram.
In and of itself, the concept of crime is a very diverse one. A crime could potentially be committed against assorted targets, for several different motivating reasons, and the impact that the crime has upon its victims could be just as assorted. Bringing AI to the party—either in practice or even as an idea—only introduces an additional variable.
Having said that, some crimes are much better suited to AI than others are. Sure, we have pretty advanced robotics at this point, but that doesn’t mean that using AI to create assault-and-battery-bots is a better option for a cybercriminal than a simple phishing attack would be. Not only is phishing considerably simpler to do, there are far more opportunities to profit from it. Unless there is a very specific purpose to a crime, AI seems most effective in the criminal sense when used repeatedly, on a wide scope.
This has also made cybercrime an all-but-legitimate industry. When data is just as valuable as any physical good, AI becomes a powerful tool for criminals, and a significant threat to the rest of us.
One of the authors of the study we are discussing, Professor Lewis Griffin of UCL Computer Science, put the importance of such endeavors as follows: “As the capabilities of AI-based technologies expand, so too has their potential for criminal exploitation. To adequately prepare for possible AI threats, we need to identify what these threats might be, and how they may impact our lives.”
When the conference had concluded, the assembly of experts had generated a bell curve that ranked 20 threats, breaking each down by describing the severity of the four considerations listed above—specifically, whether or not they were to a criminal’s benefit. Threats were grouped in the bell curve based on similar severity, and so the results neatly split into three categories:
As you might imagine, those crimes ranked as low threats suggested little value to the cybercriminal, creating little harm and bringing no profit while being difficult to pull off and easy to overcome. In ascending order, the conference ranked low threats as such:
(In case you were wondering, “burglar bots” referred to the practice of using small remote drones to assist with a physical break-in by stealing keys and the like.)
Overall, these threats leveled themselves out. The considerations for most canceled each other out, generally providing no advantage or disadvantage to the cybercriminal. The threats included here were as follows:
Finally, we come to those AI-based attacks that the experts felt the most concerned about as sources of real damage. These columns broke down as such:
Deepfakes are a digital recreation of someone’s appearance to make it appear as though they said or did something that they didn’t or were present somewhere that they never were. You can find plenty of examples on YouTube of Deepfakes of various quality. Viewing them, it is easy to see how inflammatory and damaging to someone’s reputation a well-made Deepfake could prove to be.
Of course, now that we’ve gone over these threats and described how much of a practical threat they really are, it is important that we remind ourselves that all of these threats could damage a business in some way, shape, or form. We also can’t fool ourselves into thinking that these threats must be staged with AI. Human beings could also be responsible for most of them, which makes them no less of a threat to businesses.
It is crucial that we keep this in mind as we work to secure our businesses as we continue to operate them.
As more and more business opportunities can be found online, more and more threats have followed them. Keeping your business protected from them—whether AI is involved or not—is crucial to its success.
Coleman Technologies can help you keep your business safe from all manner of threats. To find out more about the solutions we can offer to benefit your operations and their security, give us a call at (604) 513-9428.
To keep your business running smoothly, even if something goes wrong—like a power outage, cyberattack, or other disaster—you need a reliable way to protect your data. That’s where data backup comes in. It’s important to make sure your backup is thorough and trustworthy so you can recover if things go south.
Here are a few key parts of a good backup system:
Usually, having something "redundant" means it’s not needed, but in the world of data, redundancy is a good thing. A backup is just an emergency copy of your data in case the original gets damaged or lost. But one backup copy isn’t enough. You should have several copies so that you have more to fall back on if one gets ruined.
The 3-2-1 Backup Rule is a smart way to ensure your data backup is safe and reliable. It goes like this:
By following this rule, your data is much safer no matter what happens.
People make mistakes—forgetting to do something is normal. But you can’t afford to forget about your backup. Luckily, modern technology can automate your backups. This means the backups will happen on their own, without someone having to start them. As a result, your data is always up-to-date, and you don’t have to worry about missing a backup.
Sometimes, mistakes happen, or a virus messes up your files. You don’t want to lose everything if your backup occurs right after these events. That’s why it’s wise to have a backup that keeps old versions of your files, so you can go back in time to a clean version if needed.
We can help you set up a strong, reliable backup system to keep your business running, no matter what. Call us at (604) 513-9428 to learn more.
For a company to get your data, all they really have to do is ask you for it. Think about what happens each time you make a purchase online, or even create an account—you’re handing over your contact information, and usually pairing it to one of your financial resources.
Obviously, you’re subconsciously entrusting them with this information, assuming that they will keep it sufficiently protected and secure.
Here’s the thing: not all companies are totally deserving of this trust. Quite a few companies will make some extra money by bundling their contact lists and selling them off to other companies. This is considered a common enough practice but is fortunately looked upon more and more negatively as data protection is being prioritized more.
Even if this practice goes away, you still have no control over the company’s data security practices. Consider what information of yours could be exposed if that company was to be breached:
These are all forms of personally identifiable information (PII), and this isn’t even a comprehensive list of the data that these companies will collect. Plus, if they were to suffer a data breach, the onus is still on you.
One of the biggest flaws of the Internet today is the questionable privacy of any activity. Anything you do on the Internet adds to a massive data trail that describes you, from the content you’ve streamed, the messages you’ve sent, everything.
As you might imagine, there’s a lot of value to be had from this kind of data.
Due to this data’s value, you must do everything you can to protect it. Here are a few good ways to start:
Coleman Technologies has the experience and know-how to keep your business safe from many cyberattacks. To learn more about how we can help, reach out to us at (604) 513-9428.
What is Encryption?
Encryption is a security measure meant to thwart any would-be hackers from using your stolen data to further their ambitions. Think about it like this; without encryption, hackers would gain access to your files, plain as day. Encryption provides a measure that keeps hackers from using your organization’s data even if they were to gain access to it. It essentially scrambles data to everyone who doesn’t have the decryption key, rendering it useless.
One particular technology that uses encryption to a considerable degree is a virtual private network, or VPN. A VPN can connect your employees to your infrastructure regardless of their location in a secure way. Think of it like this; the connection between your employee’s device and your network is normally a clear tube that can be observed by anyone ambitious enough to look for it. Rather than leave it as is, encryption makes the tube opaque--enough to obscure what’s inside so it’s not quite clear for any unwanted onlookers.
Why is it Important?
You can imagine the immense importance of encryption in today’s data-oriented business world. If you’re not taking every measure possible to secure your data, you could be making a huge mistake. Encryption in particular is important for assuming the absolute worst. You can never know when your data will be stolen, so it’s best to take preventative measures to ensure that it will cause a minimal amount of damage should it occur. If your encrypted data is stolen, it will simply be unusable without spending far too much effort to get the data into a readable state.
Coleman Technologies can equip your business with encryption services that you can count on to keep your data as safe as can be. To learn more, reach out to us at (604) 513-9428.
Potential data breaches are increasingly problematic for organizations, and the most common way that data is stolen is through phishing attacks. Phishing attacks are currently one of the most pervasive threats on the Internet, and you need to understand them to thwart their effectiveness against your users. Let’s explore what exactly a phishing attack consists of and some best practices you can use to defend your network against them.
Phishing is an attack method in which scammers try tricking you into giving important information by pretending to be from a trustworthy source. It involves someone trying to obtain passwords through deception. Scammers pretend to be someone you can trust. This is usually done through deceptive emails, messages, or websites that appear to be from trusted sources, like banks or well-known companies. The goal is to “phish” for this information and use it for malicious purposes, such as identity theft or financial fraud.
Let’s look at a few ways to keep phishing attacks from breaking into your network.
To protect your business, you need to understand phishing and do what you can to prevent falling victim to it. You will want to create a comprehensive training regimen focusing on faux phishing attacks to bring awareness to employees who may not have a naturally security-minded approach.
If you would like to learn more about actions you can take to keep the massive amount of phishing attacks you and your employees receive at bay, give our team of experts a call at (604) 513-9428.
Let’s explore some of the risks that the IoT can present.
The Internet of Things has added utility to many devices, expanding their potential in ways that would otherwise be impossible. This has only been further augmented by the access to personal devices that many employees enjoy through Bring Your Own Device policies.
However, these benefits have come with an assortment of considerable risks alongside them. Devices that are a part of the IoT are notoriously vulnerable to many cyberattacks, which means that they could potentially be used as a point of access to your business’ network. From there, a cybercriminal has plenty of opportunities to create issues - whether that’s by stealing your data, hijacking your devices to be used in a botnet, or whatever their goal may be.
This problem is only exacerbated by the tendency for IoT devices to go without updates, whether through the negligence of the manufacturer or of the consumer. Without these updates, security flaws go unresolved, and the devices are thereby left vulnerable.
Consider how many devices are now manufactured that connect to the Internet. Smart watches and other wearables, smart speakers and televisions - really, almost anything with the word “smart” in its name - we have more or less surrounded ourselves with the Internet of Things. This includes the time we spend in the workplace, despite many of these devices not being visible on the network to IT. As a result, it has become almost impossible to track all the devices that attach to a network, which has developed into a new issue for businesses.
Thanks to the public demand for convenience and advanced functionality, more and more IoT devices are being manufactured all the time. If any of these devices makes its way into your office without the knowledge and approval of IT, you have a shadow IoT problem.
If you do, you aren’t alone.
In 2017, 100 percent of organizations surveyed by an IoT security firm were found to have consumer IoT devices on the network that qualified as shadow IoT. Another report, from 2018, stated that one-third of United States, United Kingdom, and German companies have over 1,000 shadow IT devices on their networks every day. Combine this with the security shortcomings discussed above, and you have a recipe for a cybersecurity disaster.
You may remember the Mirai botnet, which struck back in 2016. This botnet was built up of over 600,000 devices at its peak and focused primarily on IoT devices. Once these devices were identified by Mirai, they would be attacked and infected, adding more computing power to the botnet. Mirai is far from the only example, too… cybercriminals have been known to hack into IoT devices to gain network access, spy and listen in on conversations, and otherwise prove themselves to be a nuisance.
Clearly, shadow IoT isn’t a good thing for any organization. There are a few things you can do to help protect your business from the security issues that shadow IoT can cause.
Your business’ security is important - too important to be undermined by an insecure consumer device that was brought in without your knowledge. You need to get out ahead of shadow IoT, as well as the other threats that could do your business harm.
Coleman Technologies can help. Our professionals are well-versed in cybersecurity best practices and how to use them to your benefit. To find out more about what we can do for your business, reach out to us at (604) 513-9428.
When hackers steal data, they don't just sit on it. Sometimes they delete it, but most of the time, they sell it or use it for illegal activities. A lot of this stolen data ends up on the Dark Web, a hidden part of the Internet where people do shady things. That's why it's so important to keep an eye on the Dark Web to protect your business.
The Dark Web is like the hidden back alley of the Internet, where illegal activities happen without much oversight. Things that would normally get removed from the regular Internet, like selling stolen information, drugs, weapons, and even worse things, can be found there.
To access the Dark Web, you need special tools like the Tor browser or specific permissions. Websites on the Dark Web are encrypted, meaning they can hide users' locations and identities, which makes it harder to track who is doing what.
The most common way your data gets to the Dark Web is through data breaches. Hackers break into systems and steal personal or business data, then sell it to make money.
Even if you're careful, your data could still be at risk if companies or websites you use get hacked. If you've ever signed up for a service or shopped online, your personal information might already be on the Dark Web, waiting to be misused.
If your business data—like passwords, credit card info, or customer details—gets leaked, it can lead to serious problems, like identity theft or financial fraud.
To stay safe, businesses should regularly check the Dark Web to see if their data has been leaked.
If your information is on the Dark Web, criminals could use it to break into your accounts or steal your identity. With monitoring tools, businesses can quickly find out if their data has been exposed and take action to protect themselves—like changing passwords or improving security.
But checking the Dark Web yourself isn't a good idea. It's better to let cybersecurity professionals handle it. At Coleman Technologies, we can monitor the Dark Web for your business and help you take the right steps to stay safe. Call us at (604) 513-9428 to learn more.
We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.
Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.
Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.
Our motto is simple: TallMart: Why Go Anywhere Else?
Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.
TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.
Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.
While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.
While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:
Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru
The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.
You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source.
If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.
Please share this with others because the more people know about how to stay safe online, the safer we all are.
A security audit is intended to determine how effectively your business’ security is doing its job. Covering hardware specifications, your infrastructure as a whole, your network policies, the software you’re using, even how your employees behave, a good security audit will give you a complete picture of the protections and safeguards you have in place.
The reason behind doing this is simple: it allows you to identify (and, in theory, mitigate) any shortcomings in your current security infrastructure. Once your audit has been completed, you should essentially have a checklist of any detected vulnerabilities to attend to. Whether “attending to” these solutions will result in you decommissioning, consolidating, adding to, or reconfiguring them will all depend on the challenges you encounter.
Of course, considering how quickly technology can develop (particularly that which pertains to the business environment), these audits should be performed on a fairly regular basis. Even changes to your processes or the odd software update could easily expose you to new, unforeseen vulnerabilities.
In any case, documentation will be your greatest ally throughout this process. Any audit that is completed properly will generate an extensive list of discoveries, evaluations, and suggested next steps pertaining to your business’ security. These outlines should be detailed and particular, going so far as to identify specific departments within your organization if need be. Perhaps, due to the nature of the information they interact with, your HR department needs to have more cybersecurity protecting it specifically. Whatever your situation, your audit should give you a clear path to follow moving forward.
A brief disclaimer seems appropriate here: this is FAR from a comprehensive list. There are hundreds of issues that an audit could potentially catch, but in our experience, these are the most common discoveries:
Again, there are hundreds more possibilities, so be prepared.
There are many standards that different industries and governing bodies have set for businesses to uphold, under threat of fines and other challenges if any shortcomings are discovered. Therefore, in order to pass these compliance standards, it is mandatory to run audits based around those that apply to your operations. These may include:
Again, this is not a comprehensive list, so make sure you are aware of any compliance regulations that you are expected to abide by.
Coleman Technologies is always here to help you make sure that your IT is properly managed and maintained—including the security and compliance standards that apply to it. To find out more about what we can do to help your business with its IT and cybersecurity, schedule a consultation with us at (604) 513-9428.
With remote work remaining popular, employees can benefit from flexibility and work-life balance, but at the cost of certain challenges on the business side. The big one is security, as your network ends up spread out across multiple locations rather than siloed in-house. Here are three rules you should consider when planning out how to approach remote work.
Security at home is non-negotiable for the remote worker.
If you haven’t already equipped your wireless network with a strong password, you should do so immediately. Additionally, you should change the default name and password if you haven’t done so already, as manufacturers will share this information online in case users need to find it. Be sure that your wireless network is also using the latest Wi-Fi security protocol—if this sounds foreign to you, just let us know and we’ll be happy to explain it to you.
This next solution helps to protect data while it’s moving to and from your network.
With a VPN, you can keep your data secure even on an unsecured wireless network, making it valuable for a remote or traveling employee.
A VPN creates a secure, encrypted tunnel connecting your business’ infrastructure to the employee’s device. If a hacker tries to steal or monitor data while it travels along the network, they’ll see an encrypted bundle of data. A VPN is a solid tool that can help your business conduct operations from anywhere, even in places like airports and coffee shops where you cannot guarantee the safety of the wireless network.
With so many devices accessing your network, it becomes important that you have a way to manage them.
Since you have smartphones, laptops, desktops, tablets, and other devices accessing your network, you’ll want a comprehensive way to manage them all and keep tabs on them. First, you’ll want to keep software updated, including their operating systems and antivirus/antimalware tools. You’ll also want to keep their password updated and ensure they have implemented multi-factor authentication to protect against theft or account stealing.
Don’t let security hold you back from remote possibilities. Learn more by calling us today at (604) 513-9428.
We talk a lot (and we mean a lot) about cybersecurity, with ransomware getting a lot of our focus…and for very good reason. Ransomware is a huge threat that today’s businesses need to be prepared to deal with. In light of this, we wanted to share a few tips to help you avoid the negative ramifications of ransomware.
When you consider how many potential access points an attacker has to target your business’ network with ransomware—or any other threat, for that matter—it can be really concerning, really quickly. In short, there are a lot of ways that your business could be targeted, so you need to take the time and ensure they are all sufficiently protected. All internet-facing applications need to be fully up-to-date, every endpoint needs to be locked down, and your team all needs to be educated to help lock down security further.
The key is that you need to be aware of these needs in order to do anything about them, so make sure you’re paying attention.
Your business relies on its data, and as such, your data is a prime target for cybercrime. The entire point of ransomware is to take advantage of this reliance, cutting off your access to it in order to coerce a payment out of you—a payment that you’re more motivated to make as your business drags to a halt without its essential resources. However, this all hinges on the fact that you wouldn’t have access to your data. If you maintain your access to this data (by keeping it safely backed up, for instance) you’ve eliminated what makes ransomware so effective, allowing you to purge the infection and start fresh.
If you aren’t sure how you should be handling your backups, you don’t have to worry. All you need to do is call (604) 513-9428 for our help.
One extremely common way that ransomware is spread is through various means of manipulating your business’ users, like phishing messages, malicious attachments, and infected downloads. You can help minimize your risk by educating yourself and your team members on how to identify risks and avoid them appropriately. Remind them not to open or click on unexpected attachments or links, not to plug in random devices they’ve found, and generally act in a more secure way.
Coleman Technologies can not only help keep your business productive, but secure and resilient as well. Learn more about what we can do by giving us a call today at (604) 513-9428.
The threats for businesses to get hacked or deal with data breaches of some type are more pressing now than at any other time in the digital age. It’s as if there are thousands of cat burglars on the prowl looking for a way into your business. If one of them is successful, it can bring some severe consequences for your business including financial loss, reputational damage, and even legal issues. In this week’s blog we will go through some of the actions you need to take in the case of a network breach.
The first step in responding to a data breach is to identify and contain the incident. This involves promptly reaching out for help. This means contacting IT experts, legal advisors, and public relations representatives. The team should work together to investigate the breach, determine the scope of the incident, and take immediate action to stop any further unauthorized access.
After containing the breach, it is crucial to secure the affected environment to prevent any additional damage. This may involve isolating affected systems, changing passwords, and implementing stronger security measures. Businesses should also ensure that all software and systems are up to date with the latest security patches to minimize vulnerabilities.
Once the breach is contained and the environment secured, businesses need to assess the impact of the data breach. This involves identifying what types of data were compromised, how many individuals or entities are affected, and evaluating the potential risks associated with the breach. This assessment will help in determining the appropriate steps to take next.
It may seem like you are shooting yourself in the foot by doing so, but ethically, businesses have a responsibility to inform individuals or entities whose personal or sensitive data may have been compromised. The notification should be clear, concise, and provide relevant details about the breach, including the types of data exposed and any actions that affected parties should take to protect themselves. Consult legal advisors to ensure compliance with applicable data breach notification laws and regulations.
Maintaining open and transparent communication with stakeholders is crucial during a data breach. This includes informing employees, customers, partners, and other relevant stakeholders about the breach, the actions taken to address it, and any ongoing efforts to prevent future incidents. Clear and frequent communication will help rebuild trust and maintain a positive reputation.
Data breaches are a significant threat to businesses, but by following these best practices, organizations can effectively respond to such incidents. By prioritizing data security and implementing robust preventive measures, businesses can protect their sensitive information and maintain the trust of their customers as well as employees and other stakeholders. If you would like help setting up your business’ cybersecurity policy, give the IT professionals at Coleman Technologies a call today at (604) 513-9428.
Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.
Get the Knowledge You Need to Make IT Decisions
Technology is constantly evolving, and keeping up can feel overwhelming. Whether you want to understand cybersecurity threats, explore automation, or learn how regulations like PCI DSS impact your business, we’ve made it easy to access clear, straightforward insights on key IT topics.
20178 96 Ave C400
Langley, British Columbia V1M 0B2
Mon to Fri 7:00am–5:00pm
