Coleman Technologies Blog

Today, it’s not enough to have an antivirus or firewall. You need solutions designed to actively protect your network and data from those that are actively trying to gain access to them. So while it may not be enough, making sure that your firewall and antivirus software are updated with the latest threat definitions, and that your other solutions like spam blocking and virtual private networks are being utilized properly, can set you up for success. Let’s look at four additional strategies that extend traditional cybersecurity into the modern age. 

How Hygienic are Your Passwords?

With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:

What Does a Security Audit Entail?

A security audit is intended to determine how effectively your business’ security is doing its job. Covering hardware specifications, your infrastructure as a whole, your network policies, the software you’re using, even how your employees behave, a good security audit will give you a complete picture of the protections and safeguards you have in place.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

How a Company Acquires Your Data

For a company to get your data, all they really have to do is ask you for it. Think about what happens each time you make a purchase online, or even create an account—you’re handing over your contact information, and usually pairing it to one of your financial resources.

Obviously, you’re subconsciously entrusting them with this information, assuming that they will keep it sufficiently protected and secure.

The Advantage COVID-19 Gives Hackers

To put it bluntly, diversion. With so much attention rightly given to COVID-19 right now, there are many who are remaining in their homes as much as possible to try and prevent the pathogen from propagating. This approach makes the Internet even more important to so many people. Not only are many businesses operating remotely, many rely on support services and other online functions for their in-house processes. Otherwise, people who cannot work remotely are seeking ways to pass the time, turning to social media and other online services for that.

Today, there are literally billions of phishing emails sent each day. Inevitably, you are going to confront this problem, and depending on your staff’s preparedness (or intentions), you will either deal with them or they will likely deal with you. 

The first thing that you should know is that you have to train up your staff about phishing and other issues surrounding your organization’s security. They have to understand social engineering tactics used by scammers to infiltrate networks, steal data, and deliver malware. If they are left in the dark about these issues, you will likely see a plethora of cybersecurity problems in your immediate future. It’s good to be lucky, but you’d rather be good.

Physical Security

First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.

To help, we’ll be going over a few best practices that you and your team can implement to improve the security of your remote work when using a wireless connection.

Password Best Practices are a Must

Whether at home or in the office, everyone who works within your business needs to subscribe to good password standards. For instance:

• Don’t rely on easy-to-guess passwords, passwords that rely on predictable patterns, or other passwords that might be found on “insecure password” summaries.
• Use a passphrase, or a combination of unrelated, randomly chosen words, instead of a password. Not only are these more secure, they are often easy to remember.
• Update your passwords regularly, including your network access password. Don’t give out the password to your network if you can help it.

With many “non-essential” businesses scrambling to find strategies that will keep revenue coming through the door, setting up a remote workforce has become most businesses' best hope. Unfortunately, with such little notice to dot the Is and cross the Ts, businesses are taking on more risk than many of them are comfortable with. That trepidation is not fruitless, either. In times of crisis, hackers have a tendency to prey on the unprepared. The fact is that workers that are operating where they are not comfortable--or where they’re too comfortable--can mean disaster for their employers.

First of all, it’s important not to panic. Many organizations have been offering work-from-home perks for years. Not only is it entirely possible to keep business running, but many businesses see a boost in productivity. A two-year Stanford study shows that in general, remote workers are as productive, if not more so, than those confined to an office.

How to Minimize General Exposure in the Office

Based on what is currently known about the coronavirus, the Centers for Disease Control and Prevention have some recommendations as to how to keep the potential impact of coronavirus to a minimum:

• Encourage employees who are ill to stay home. This will help to minimize the spread of infection within your business. Make sure that your employees are aware of this policy by reiterating it verbally, and by posting notices around the office encouraging them to stay home if under the weather.
  
  Emphasize hygiene and etiquette. Properly stifling coughs and sneezes and keeping hands clean are surprisingly effective ways to keep your workplace healthier. Rather than using their hands to catch a cough or sneeze, your employees should use a tissue or--if unable to do so--use the upper part of their sleeve.
  
  The CDC recommends that tissues and alcohol-based hand sanitizer should be made readily available. Make sure your employees are washing their hands with soap and water for the recommended 20 seconds.
  
  

• Engage in keeping the workplace clean. There is a chance that coronavirus (and other illnesses) could be spread via infected surfaces. Make sure that all surfaces that are touched frequently, like desks, workstations, and doorknobs, are kept sanitized. Provide your employees with disposable wipes so they can proactively disinfect these surfaces before use.

If you find that one of your employees is confirmed to have been infected with coronavirus, make sure that you inform their coworkers of their possible exposure while still maintaining the confidentiality that the Americans with Disabilities Act requires. These employees and those who are living with a sick family member should assess their risk of exposure using the CDC’s guidelines.

Coronavirus as a Cyberthreat

Unfortunately, coronavirus will also require you to also keep an eye on your network security, particularly if you operate within the healthcare industry. Hackers and cybercriminals have taken advantage of the widespread concern that the disease has caused. For example:

• Scammers have phished healthcare providers with updates that appear to have come from the World Health Organization or hospitals local to their area, but actually introduce keyloggers into their systems.
• Those involved in the medical supply chain have been targeted with emails referencing the coronavirus that install malware to steal information.
• Ransomware has been introduced into consumer systems by promising recipients of an email information about COVID-19’s spread.

While the current climate may not make it easy, these emails and other threat vectors can be overcome through the same best practices that foil other cyberthreats. In addition to comprehensive digital protections, training your employees to spot these threats will be crucial.

Of course, you should also maintain a comprehensive backup in case you need to recover from a successful attack.

How to Maintain Productivity with Your Team at Home

With today’s technology, sending an employee home sick doesn’t necessarily mean that you will be sacrificing that employee’s productivity. We now have many ways that your team can work effectively from home, still contributing to your organizational agenda without exposing their coworkers to their illness.

Equipping Your Employees

Remote access solutions, paired with virtual private networking technology, can allow your employees to securely continue their work from home, safely accessing the applications and data their tasks require through an encrypted connection. As collaboration will certainly be necessary, you will want to be sure that your employees are also equipped with the communication tools that facilitate this collaboration as well.

Network Protections

You will also want to thoroughly secure your network infrastructure to help prevent threats like phishing attacks and other methods from being successful… as well as preparing for a potential breach or emergency with data backups and disaster recovery policies and procedures (including contact information for your employees) to help mitigate a worst-case scenario.

Employee Awareness

Finally, make sure your employees are on the lookout for any suspicious activity that could be a cybercriminal’s attempt at using the coronavirus as a means to an end. Not only should your employees know how to spot these attempts; they should also know the proper procedures for reporting and handling them.

Is the coronavirus scary? At this point, it is safe to say that it is, but does it have to interrupt your business operations entirely? Not if you are properly prepared.

For more assistance in preparing your business for any kind of disaster, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.

What is COVID-19?

COVID-19, better known as coronavirus, is a respiratory illness that first appeared in Wuhan, China, and was reported in the United States on January 21st, 2020.

As of March 3rd, 12 states have reported 60 total cases of coronavirus and six confirmed deaths, with no vaccines or specific antiviral treatments for the illness. Symptoms of the virus include fever, shortness of breath, and a cough, while those with complications from the virus can experience pneumonia in both lungs, failure of multiple organs, and death. 

Hackers have many methods they use to break into your network, steal data or put you in a position where you have to pay them money to get your data back. They use a combination of software and skill to make it happen. Here are three ways hackers and cybercriminals attack your network in an attempt to get what they want.

1. THEY GO THROUGH YOUR EMPLOYEES.

That’s right, they’ll use your own employees against you, and your employees might not even realize what’s happening. Let’s say a hacker gets ahold of your internal e-mail list, like the e-mails you have posted on your website or LinkedIn. All the hacker has to do is send an e-mail to everyone at your company.

The e-mail might be disguised as a message addressed from you asking your employees for a gift card, which is becoming an increasingly common scam. Another e-mail tactic is making a message look like it’s from a fellow employee, asking everyone else to open an attached file, which is likely malware or ransomware. A third e-mail scam is directing people to a phishing website, which is a website that scammers have designed to look like popular websites in order to get login information to hack accounts. All it takes is a single click from any employee to let the bad guys into your business.

2. THEY ATTACK YOUR NETWORK DIRECTLY.

Some hackers aren’t afraid of forced entry. Hackers and cybercriminals have access to black market tools and software that helps them get into networked devices – particularly unprotected networked devices.

For example, if you have a PC that’s connected to the Internet and your network doesn’t use any firewalls, data encryption or other network protection software, a hacker can break in and steal data from that PC and potentially other devices connected to that PC, such as portable hard drives. This method of entry isn’t necessarily easy for hackers, but the effort can be worth it, especially if they can walk away with sensitive financial information.

3. THEY HOLD YOUR DATA HOSTAGE.

Hackers are relying on ransomware more and more to get what they want. Hackers rely on e-mail, executable files and fraudulent web ads (such as banner ads and popups) to attack networks with ransomware. It goes back to the first point. All it takes is someone clicking a bad link or file and the next thing you know, you’re locked out of your network.

This has happened to dozens of businesses and even city governments in the last year alone. The thing is that even if you pay the ransom, there is no guarantee the hacker will restore access. They can take the money and delete everything, leaving your business high and dry! This destroys businesses!

All of these points are why you need to take a hard look at IT security solutions and use them. For instance, if you had all of your data securely backed up to the cloud and a hacker came in and tried to hold your data hostage, you wouldn’t have to worry. They don’t really have your data. You can tell them “no,” then all you’d have to do is work with an IT team to get your network back up and running while scrubbing it of any malware or ransomware.

Then, it would be a simple matter of restoring data from the cloud. Sure, you might be out of commission for a day or two, but in the grand scheme of things, it’s much better than losing your business to these jokers.

Hackers are just looking for easy targets and, sadly, a lot of small businesses fit the bill. Just because you haven’t had any major problems yet doesn’t mean you won’t in the future. The threats are out there and they’re not going to go away. Invest in security, partner with an IT security firm and protect yourself. This is one investment that is truly worth it!

What is Social Engineering?

Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack. 

Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.

Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.

Individual Carelessness

When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.

Perceived Kindness

Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.

Business as Usual

When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business--where there are often a lot of moving parts--and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems. 

Reaction to Fear

Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem. 

Coleman Technologies Can Help Protect Your Business

If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at Coleman Technologies can help. Call us today at (604) 513-9428 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.

The past few years have seen some of history’s greatest data breaches. For instance, the most notorious of these attacks, the Equifax breach, Yahoo, and Marriott-Starwood, resulted in a combined total of 3.5 billion accounts breached.

This means, statistically speaking, you would have a pretty good chance of picking a data breach victim of the past few years by randomly selecting two human beings from the entirety of planet Earth’s population.

Crunching the numbers, there has been an increase of security breaches of 67 percent since 2014.

What Does this Mean? Is Anything Secure Anymore?

Interestingly, there is a plus side to these enormous data breaches happening in the public eye, thanks to a few key points:

• It brings attention to these kinds of crimes - Thanks to disasters like the Equifax breach, more Canadians are aware of the impact of cybercrime. This kind of awareness is crucial to encouraging improved security.
• There is too much data for cybercriminals to practically use. This one can be chalked up to statistics… the more data that a given cache has, the less of a chance that your data is pulled up in an attack.

To clarify, we aren’t trying to sugarcoat the severity of a data breach, but having said that, the past few years’ cybersecurity threats have really given us all an example to consider. With new compliances, regulations, and other mandates being put into play, businesses are certainly considering these threats.

What About Small Businesses?

There is a tendency to overlook small businesses when discussing data breaches. After all, the ones that have struck large targets (like Yahoo, Target, eBay, Sony, and many others) almost always get a headline, along with the attacks that focus on municipalities, like the ones that targeted Wasaga Beach, Ontario and Midland, Ontario with ransomware.

What aren’t heard about so much, unfortunately, are the attacks that lead to much smaller companies shutting their doors for good… a side effect of the limited number of victims per attack, and the relatively casual approach that many have towards security. Unfortunately, a Verizon survey shows just how misguided the assumption that a smaller business size will protect it from threats, when 43 percent of businesses breached would be classified as small.

Security Needs to Be a Priority

Fortunately, there are ways that you can reinforce your business’ cybersecurity, especially with the help of Coleman Technologies and our experienced cybersecurity professionals. Call (604) 513-9428 to get in touch with us, so we can help evaluate and fulfill your business’ needs.

Lock. Everything. Down.

Did you know there are entire websites out there, devoted to providing the default factory passwords for different devices? They aren’t on the Dark Web, either - this is on the visible, indexed Internet. Imagine if I were to come in with some idea of what brand of routers you had… if I had the right default credentials with me, I could easily access your router and wreak havoc in your business.

You need to consider every potential access point into your business and ensure it is properly secured. The same goes for any online accounts associated with your business, like cloud storage. Take the time to make sure that everything is secured with a password that meets best practices, and if memories are an issue, use a reputable password manager to simplify the task for your employees.

This also goes for your physical location. Many access control solutions exist that enable you to keep track of who accesses a certain area, and when, with the added benefit of keeping those without authorization out.

Keep Your Antivirus Updated

Many people may assume that, once they’ve installed an antivirus/antimalware solution, they are all set. The trouble is, more malware is being developed all the time, and there’s a good chance it is being developed to help the malicious software get past your antivirus. As it happens, the developers of the antivirus are aware of this, and frequently add new threat definitions to the software to make it more effective.

However, all the threat definitions in the world will do diddly-squat if your antivirus solution isn’t updated to include them. This is why it is important to keep an eye on your network’s health and take the time to check that you have the latest definitions included.

Keep a Backup

Finally, you have the nuclear option against malware… mutually assured destruction, that only you can recover from. That is, as long as you’ve been maintaining a proper backup.

If you should fall victim to a malware infection, completely wiping your devices and quite literally starting from scratch with them is your best hope of getting rid of it. However, in order to keep yourself from crippling your own business while doing so, you need to maintain an ace in the hole. By keeping a backup that passes best practices, you can be sure to have your data if you have to sacrifice your original copy.

Coleman Technologies can help you do all of this, and more. Reach out to us at (604) 513-9428 to learn more.

By many, we mean about a quarter of them.

With the deadline just a week and a half away, we wanted to reiterate what a solution reaching end of support means, how it would impact you, and what your options are.

The first thing to address is what “end of support” actually means. It doesn’t mean you won’t have the ability to use whatever software it is (in this case, the Windows 7 operating system) after the end of support date. What it means is that Microsoft is no longer doing anything to it - including improving its security and patching issues. As a result, the software will lose its functionality over time. Worse, the computer running the software becomes vulnerable, which makes the entire network vulnerable - not a good thing.

To be fair, there are some ways that you can protect your network while still using these devices. For instance, if you rely on a particular line-of-business application that requires Windows 7, you could theoretically isolate a Windows 7 device to allow you to do so. However, to be completely fair, there isn’t any guarantee that you will be protected from vulnerabilities, short of completely taking problematic systems entirely offline.

Therefore, it only makes sense to explore your other options.

Your Other Options

With the deadline as close as it is, you will need to hustle to put any of these alternatives into action:

Upgrade to Windows 10

Objectively speaking, Windows 10 is better than Windows 7, if only for its improved security. Furthermore, it isn’t one of those solutions that requires insanely higher specifications to run. In fact, the minimum numbers you need to operate Windows 10 are as follows:

• Processor - 1 GHZ or faster
• RAM - 1 GB for 32-bit or 2 GB for 64-bit
• Hard disk space - 16 GB for 32-bit or 20 GB for 64-bit
• Graphics card - DirectX 9 or later with WDDM 1.0 driver
• Display - 800 x 600 resolution

Mind you, this is all it takes to run Windows 10, not to run Windows 10 well. To improve your performance, we suggest that you make a few alterations - upgrading to a 2 GHz dual-core processor, increasing your RAM to between 4-and-8 GB, and Increasing your hard drive space to 160 GZB, at least.

Purchase New Hardware

While it will cost you a pretty penny, obtaining new hardware (that comes with Windows 10 installed) may be the easiest option, especially when you take your looming deadline into account. Windows 10 and regular updates to it are all included, but it may take some time to configure everything properly.

Virtualize with a Thin Client

In a similar vein as leveraging Chromebooks instead of Windows, you could use your old hardware as a thin client to virtualize your needed solutions. However, despite the reputation that virtualization has as a solid option for businesses, it may not be a practicable option with the deadline pressing so close.

Alternatively, you could simplify this process using one of Microsoft’s services. Microsoft 365 offers a combination of Windows 10, Office 365, One Drive with an included terabyte of storage, and fully featured security. Available at a predictable monthly flat-rate per user, it gives you a solid alternative for at least your productivity-software-using employees.

Regardless, you need to take action now. Reach out to Coleman Technologies today for help. We’ll figure out which approach is best for you and help you with your upgrade process. Call us at (604) 513-9428 to learn more.

That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.

To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.

Your Security and Privacy Options

From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.

Verify the Accuracy of Your General Account Settings

Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.

Find Out Where You’ve Used Facebook with Security and Login

On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.

If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.

Change Your Password

While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.

Remember, you should never use a password for more than one online account.

Using Two-Factor Authentication

After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started. 

You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.

Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next. 

Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.

If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.

Add a Backup

Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.

Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.

Setting Up Extra Security

Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.

You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.

Stay tuned for part three of this series, coming soon.

What Does Facebook Know About Me?

Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.

You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.

Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.

On a desktop or laptop:

1. Log in to your Facebook account.
2. Click the down arrow on the top right and go to Settings.
3. On the left, click Your Facebook Information.
4. Facebook will present you with five options. Look for Download Your Information.
5. Click View, Facebook will give you a screen where you can choose the date range and format of the data. Since we want to download everything, we’re going to set the Date Range to All of my data and set Media Quality to High. This will give us a higher quality version of all of our photos and videos in the download.
6. Click Create File and Facebook will start building the download. This can take a while, but Facebook will give you a notification when your data is ready for download.
7. Once Facebook gives you the notification, click it and Download your data.

From the Facebook mobile app:

1. Tap the 3-bar hamburger icon in the top right of the app.
2. Scroll down and tap Settings & Privacy, and then tap Settings.
3. Tap Download Your Information.
4. Leave all of the options checked, and scroll down. Ensure the Date Range is set to All of my data and that Media Quality is set to High.
5. Tap Create File and Facebook will give you a notification when the data is ready for download.

The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.

Now that the report is available to you, click on Your Facebook Information.

Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.

Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.

Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!

So, How Much Does Facebook Know About Me?

When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.

Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.

What Does This Mean?

While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.

This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.

You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population. 

This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.

September

9/5 

Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.

Facebook - Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.

9/16

Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.

9/27

DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked. 

9/30

Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.

October

10/17 

Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more. 

10/21

Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 

10/22

Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.

10/26

Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.

10/27

Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.

November 

11/9 

Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 

11/16 

Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after. 

Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 

11/18

State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.

11/19

Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.

11/22 

T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.

Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.

With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.