Coleman Technologies Blog

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

To get started, let’s review the best practices for creating a password. The best practices for creating a password include the following:

• Use complex passwords: Your passwords should always be a complex string of letters, numbers, and symbols, including both capital and lower-case letters. Try to keep them as random as possible, without including any specific words or phrases if you can help it. This reduces the chance that your password will be guessed by a hacker.
• Use different passwords for each account: If you use the same password for every single account you have, you run the risk of one password exposing multiple accounts to hackers. Using multiple complex passwords can make them difficult to remember, however, which leads us into our next point.
• Use a password manager: If you’re following password best practices, you’ll notice that remembering passwords is difficult--especially when they are all different and complex. A password manager can store your passwords in a secure vault for access when they are needed, allowing you to use complex passwords at all times without needing to remember them. It sure beats writing down passwords in a Word document or elsewhere, and it’s much more secure than doing so. There are even password managers for businesses that let employers dish out certain credentials to staff in a safe, secure way.

While password best practices are important to ensure maximum security for your accounts, they’re often not enough to secure your business. Hackers are always trying to find new ways to crack even the most powerful of passwords. This is where two-factor authentication comes in. A hacker might be able to replicate the password, but can they replicate your accounts needed for access?

Two-factor authentication works by using a device or email account as a secondary credential for accessing an account or network. The obvious example is a smartphone, which can receive an SMS text message with a code needed to log into an account. Others might have codes sent to secondary email accounts. Either way, the point is that these types of credentials can only be received by the holders of the device, which is much more difficult for a hacker to take advantage of. There are even some types of two-factor authentication that utilize biometrics and near field communication technology (NFC), allowing for even more complexities that hackers will sigh and shake their heads at.

If your business needs to protect sensitive data, two-factor authentication is definitely one line of defense you will need. Coleman Technologies has a solution for you. To learn more, reach out to us at (604) 513-9428.

To begin, let’s examine the data that we currently have available, courtesy of Statista: in 2019, there were a total of 1,473 data breaches recorded. The first half of 2020 saw 540 breaches reported. Crunching the numbers, these 33 percent fewer breaches have impacted what other sources assert to be 66 percent fewer people.

At First Glance, This Appears to Be a Good Thing

However, there are more considerations to weigh before we can establish this as a positive trend. While we wish that we could simply say that yes, this is a good sign, there is unfortunately more data to consider. For instance:

The Kind of Breach It Was

There are so many more variables to take into account, starting with the type of breach that took place and how severe the breach itself was. Let’s consider a few scenarios.

On the one hand, you might have a dozen or so breaches with a few records lost in each. On the other, you have just one, but that one breach exposes thousands of records, each containing personally identifiable medical data.

Of course, the single breach is far worse—objectively speaking—than the dozen. However, this kind of scenario isn’t likely to be the case, as the data also showed that 66 percent fewer people have been impacted.

How Accurate the Records Are

Of course, we also have to take the accuracy of the data into account, simply reflecting on the delay that naturally occurs between the actual breach, when it is first discovered, and when the public is notified about the breach. Furthermore, it isn’t all that uncommon for new victims to be discovered long after the breach is first revealed. Some companies will attempt some level of damage control and play their numbers down as much as possible, or simply omit the actual number of impacted accounts in their announcements.

As a result, we may not yet be dealing with the actual number of breaches that have occurred in 2020, depending upon how forthcoming breached businesses have been.

What Impact Has Remote Work Had?

Finally, we need to acknowledge the fact that more people than ever before are working from home—outside of the protections that many remote-friendly businesses have implemented. In theory, this would typically lead to an increase in threats, but recent reports have shown threats to be decreasing. While it would be wonderful if this turned out to be the case, it is very possible that a shift in focus away from maintaining security to maintaining operations could be skewing these results. Furthermore, some businesses might not be able to sufficiently monitor their employees’ security as they are working remotely.

Regardless, You Can’t Allow Your Security to Be Shortchanged

Even if these apparently lowered cybercrime statistics are accurate, you shouldn’t take a break from your cybersecurity preparedness. Easing up will only encourage less secure security habits, leading to increased security problems later on.

Of course, you don’t need to work alone as you protect your business. Coleman Technologies can help you see to your IT needs, working to protect your resources and ensure that work can be accomplished. Find out more about what we can offer by calling (604) 513-9428 today.

Why Mobile Security is So Important in the First Place

Consider the capabilities of our mobile devices today, as compared to those that were considered high-end before Apple premiered the iPhone in 2007 (Not to discredit all the classic PDA/smartphones that came before the iPhone, like the Palm Trio, the Blackberry, and the line of super cool HTC Windows phones, but general consensus feels that the big shift in mobile computing really started with Apple). The difference is staggering. While those devices that are affectionately referred to as “dumb phones” certainly can contain sensitive data, it is effectively nothing compared to what a smartphone can access.

Applications for money management, shopping, medical data, and so many other examples of personal information currently reside on today’s mobile devices—which is precisely what makes the security that protects these devices so important. The authentication method that a user can confirm their identity through is just one example of this security.

The Best Options, and the Worst Options

The various methods that are available to users now each offer their own method of maintaining security, presumably for the user’s convenience. However, as we have established previously, not all these authentication methods are equally good.

Let’s review your various available options and see how their differences make some a better solution than the others.

Passcodes/PINs/Passwords

These authentication measures are effectively the baseline security on any mobile device, as they also protect the device from other forms of authentication being added without approval. While these security measures are by no means impassable, they form the foundation for any decent security measures if used responsibly.

Of course, we do have to address the inherent weaknesses that these authentication requirements present. Most of these weaknesses are derived from the user responsible for setting them up. For instance, a 2012 study demonstrated that most people used PINs that either represented personally important years, simply repeated digits, or heavily featured the number “69.”  Also prevalent, numbers that are simple to type: 1234, 7890, and so on. Another research study revealed that the benefits on a six-digit PIN were negligible as compared to a four-digit PIN, as the added length provides a false sense of security and winds up encouraging less-secure PINs in general.

Of course, passwords are also an option (and a stronger one to boot) if the user has the patience to retype their password each time the device locks. The consensus is that these authentication measures are the most secure option currently available.

Biometrics

Improved hardware and software now allow users to effectively use their own bodies as the key to their mobile devices, as biometric authentication is now incorporated into many mobile devices. Of course, the efficacy of biometric authentication isn’t universally consistent—some methods are simply more secure than others are.

Fingerprint Sensors: Most smartphones will have fingerprint-detection capabilities for some time, some projections seeing up to 90 percent of devices incorporating these tools by 2023, while 95 percent of phones had such a sensor in 2018.

There are various technologies in play that power these sensors, with varying security efficacy. For instance, Samsung devices are beginning to include sensors under the screen, which create a three-dimensional image of a fingerprint. While this makes them inherently very secure, screen protectors have been shown to bamboozle them, potentially allowing any fingerprint to unlock them. Furthermore, fingerprints can potentially be harvested from surfaces and transplanted to a device, so properly training your device to your unique fingerprint is crucial.

Iris Scanning: The prevailing opinion is that iris scanning is the most secure form of biometric authentication, as fingerprints aren’t as unique as a person’s irises are. Some phones feature these capabilities, but they may not be as popular, as scanning the iris can take a little longer simply because the user must look directly at the sensor for it to work.

Facial Recognition: Many manufacturers have begun to phase out fingerprint sensors for facial recognition options, especially as full screens have grown in popularity. With appropriately captured reference data, decent facial recognition software can simplify the unlocking process significantly.

However, the quality of the software and the images it uses for reference can cause some issue. Poor-quality images—like those with excessive glare—can make it easier for an attacker to make it past the lock, not to mention make it more challenging for the user.

Pattern Passwords/Knock Codes

Finally, many Android devices have the option to designate a pattern on a 2x2 or 3x3 grid that must be tapped correctly to unlock the device. Studies have shown that this method is by far the least secure of the authentication requirements, as it becomes far easier for an attacker to figure out the user’s chosen pattern.

For instance, in one study, researchers discovered that a full 65 percent of the 351 participants selected a code that began at the top-left square and immediately proceeded to the top-right, presumably influenced by Westernized reading patterns. Larger grids encouraged shorter patterns, and the data collected during the study revealed that some patterns were commonly adopted:

1. An hourglass: top left, top right, bottom left, bottom right, top left, top right
2. A square: Top left, top right, bottom right, bottom left, top left, top right
3. The number seven: Top left, top left, top right, top right, bottom left, bottom left

Proving patterns are an even worse method, these researchers also observed that knock codes were more easily forgotten, with about 10 percent of participants having forgotten theirs by the end of the 10-minute study, and their five-second entry time being slower than the 4.5 seconds needed for a PIN.

Make Sure Your Mobile Device is Secured

With our mobile devices playing such a huge role in our personal and professional lives, their security needs to be prioritized, with only the most secure methods protecting them.

For assistance in managing your security, from your in-house business solutions to the devices your employees use each day, reach out to Coleman Technologies. Our team can assist you in implementing the technology you need while educating your employees on the importance of secure practices. Give us a call at (604) 513-9428 to learn more.

Today’s business needs to be able to share files and data securely and efficiently. This process may seem straightforward, but there are a lot of options that the business owner or manager needs to understand. In today’s blog, we look at some steps that will help you create a strong and secure file-sharing system.

Do a Preliminary Assessment

Start by understanding your business' specific file-sharing requirements. It’s important to understand what type of data is typically shared and how much of it is on the move. This step can help you not only determine how your organization’s data is moved but also how your employees collaborate on it. Collaboration largely depends on these efficient data movements, so understanding the basics of how they share and receive data is a big step to building a file-sharing strategy that works for your business.

Choose a Solution That Fits Your Needs

You will want to select a file-sharing platform that aligns with your business needs. You have to determine if the data you have is able to be saved in the cloud or if you need to set up on-premises infrastructure to house the data. If the latter is what you choose, you need to look for features such as end-to-end encryption, multi-factor authentication (MFA), and secure link sharing. You will also need to ensure the solution allows you to easily manage user permissions and roles, making sure that only authorized personnel can access sensitive files.

Access Control

You’ll want to set up user profiles that allow you to assign file access based on roles within the company. You’ll want to provide employees with the minimum level of access they need to perform their tasks, but also ward against providing more access to data they don’t need. This strategy just reduces risk of data exposure and unauthorized access. Finally, you want to have a comprehensive system of logs of all access and file-sharing activities, which can be easily reviewed.

Maintaining Security

Data security is extremely important and to this end you will want to implement encryption tools to keep data at rest and in transit secured. You’ll need to have reliable password protection for shared files and links, particularly when sharing files outside the organization, and it’s also a good idea to implement technology that allows you to monitor and protect data from being shared that has no business being shared. 

Employee Training

There are several ways to train your employees so that organizational file sharing doesn’t turn problematic. One of the best ways is to provide security training. That means teaching them what you expect of their data handling, the importance of data protection methods (such as creating and storing strong passwords and other measures), and how to ensure that sensitive information is handled properly. 

Building a secure and efficient file-sharing system for a small business requires careful planning and the right combination of technology and practices. By choosing the right solution and having a reliable strategy for handling data, you can create a file-sharing environment that supports your business while ensuring that data isn’t stolen or lost. 

If you would like some help choosing and setting up a file sharing system that supports your business and your employees’ collaboration, give our IT professionals a call today at (604) 513-9428.

IT Security

Let’s start with IT security because it’s undeniably important if you want to maintain not just IT regulatory compliance, but business on your own terms. IT security, like the act of complying with regulations, is an act of risk mitigation. In the case of IT security, the risks are many and complex. You have the risk of operational issues like downtime. You have the risk of system corruption from hackers and other outside entities who are trying to break through (or in) and get access to your assets. There is also internal risk to physical systems, central computing infrastructure, and every endpoint on the network.  

In IT security, the amount of risk often dictates what kind of action is necessary, since reacting to the problems themselves isn’t a viable option. Thus, when protecting your network from threats, you will likely have to be much more comprehensive about your attention to detail as you would even under the most strictest compliance standards.

IT Compliance

Compliance also is all about minimizing risk, but to stay compliant, it’s more about focusing on following set-in-stone rules than it is about keeping systems secure. Most of the regulations that have been passed down by a government entity, third-party security framework, or customer contract have very specific requirements. This gives network administrators a punch-list of tasks that need to happen to keep their organization’s IT compliant with their various IT mandates. 

Insofar as it works to maintain digital asset security, many regulations are created to ensure that risky behavior is not introduced, while others are very specific about what data needs to be protected, and what systems need protection. In fact, some regulations barely touch the IT infrastructure, only dictating that the business purchase regulation-compliant hardware. 

Where Your Company Stands

Compliance standards typically depend on which vertical market your business does business in, or more specifically, how it uses sensitive information in the course of doing business. That doesn’t speak to your organization’s complete IT security strategy. In order to keep all of your digital (and physical) assets secure, there needs to be a dedicated plan to do it. After all, today the user is the most common breach point. 

With that truth it is important for the business that operates under the watchful eyes of a regulatory body to understand that you may be compliant, but still be at risk. It’s important that aside from meeting all the compliance standards set forth by your industry’s regulatory mandates, you need to put together a cybersecurity strategy that prioritizes the ongoing training of your endpoint operators. 

At Coleman Technologies, our technicians are experts in modern compliance standards and cybersecurity. Our team can work to simultaneously build an IT infrastructure, the policies to govern that infrastructure, and the endpoint monitoring and protection solution that will keep your business secure from threats, while also being compliant to any mandated regulations your business is under. Call us today at (604) 513-9428 to learn more.

Ransomware has rapidly climbed to be one of the most dangerous and feared malware attacks that is used nowadays. It’s gotten to the point that, if you wish they would just stop, we can hardly blame you.

Unfortunately, there is no reason to believe that ransomware is going anywhere.

Numerous Statistics Show That, If Anything, Ransomware is On the Rise

Let’s go over just a few of these stats to really put the situation into perspective:

• In 2022, the average ransom was $812,380. This year, that average is $1.54 million.
• There’s been a 13% increase in ransomware attacks over the past five years.
• 27% of malware breaches involve ransomware.

Clearly, ransomware is here to stay. As a result, you need to be prepared to prevent it from interfering with your business.

How to Prevent Ransomware Infections in Your Business

In the vast majority of cases, ransomware is spread by taking advantage of the end user. Therefore, user training and testing is paramount.

Make sure that your team is aware of the threat of ransomware—what it is, how it works, and how to spot it. Teach them about phishing attacks, which are frequently used to spread ransomware, and general data security practices. Evaluate their readiness to avoid phishing and other cyberthreats regularly, and in addition to targeted training to resolve any identified shortcomings, make sure that all of your team members are maintaining their security practices with regular training and evaluations on the basics.

This is, admittedly, a lot…but it also isn’t something you have to tackle alone. We’re here to help. Reach out to us for assistance with your inclusive cybersecurity needs, as well as general IT maintenance and management, by calling (604) 513-9428 today.

Encryption is a powerful weapon against hackers that can prevent them from stealing your data and leveraging it against you. Encryption, in its most basic textbook definition, converts your readable data into an indecipherable jumble that can only be reassembled through the use of an encryption key. Small businesses absolutely must utilize encryption to protect customer information, financial records, and other important or sensitive business data. This ensures that it is as protected as possible against those that might do you harm.

One major benefit of encryption is that SMBs can protect customer data with powerful security mechanisms that are next to impossible for hackers to bypass. Some of the data that might be protected by encryption include names, addresses, credit card numbers, and Social Security numbers–all of which are at serious risk to data theft. Your customers want to know that you’re doing what you can to keep them safe, and you can improve your relationship with them by using encryption. This will establish your business as one that cares about the security and privacy of its clients, making you that much better in the eyes of new customers.

In regards to legal and regulatory compliance, encryption is a vital tool that helps to keep your business in line with the strict regulations that govern private and sensitive data. Some of the regulations that you might be liable for upholding are the Health Insurance Portability and Accountability Act (HIPAA) for healthcare and Payment Card Industry Data Security Standard (PCI DSS) for organizations that handle credit card transactions. Encryption helps businesses meet these standards without the risk of paying steep fines for violating them.

Additionally, encryption can help you protect against data breaches, which can be problematic for any business, small or large. With a data breach, you can expect to deal with financial losses as a result of compliance fines, loss of reputation, and downtime. Encrypting data allows your organization to keep itself safe by making it far more difficult for hackers to conduct a successful data breach. Even if they do manage to steal data, they will have significant trouble decrypting it. At the end of the day, hackers prefer low-hanging fruit, and the more difficult you make their jobs, the less likely they are to want to go through the trouble.

Ultimately, encryption is all about enhancing the overall data security of your business’ data across all of its platforms and devices. Employees who frequently find themselves working out of the office or on multiple different devices or endpoints should absolutely be equipped with encryption. If you implement encryption in this way, you can rest easy knowing that your data is secure as it is accessed on protected devices and networks.

Encryption serves to protect your business from some of the nastiest threats on the Internet, and even businesses with limited IT resources can take full advantage of it. It’s a great way to keep your business’ data secure and to shore up potential vulnerabilities.

Coleman Technologies can equip your business with the encryption it needs to stay secure. Learn more by calling us at (604) 513-9428.

Business Communications

With so much relying today on shared information and collaboration, the capability to communicate internally and externally is something that any business needs to have. Small businesses especially have greater access to the tools that can provide this capability, such as: 

• VoIP – A Voice over Internet Protocol solution is a great way for a business to acquire comprehensive phone services and features for a much more sustainable cost that the traditional means of telephone services.
• Messaging – Messaging can take many forms, from email to instant messages, and plays a vital role in keeping a business in touch with its various internal parts and with other entities outside of it.
• Cloud collaboration – Cloud technology can provide a variety of business utilities, including the collaborative benefits of sharing documents and cooperatively working on them in real-time.

Productivity

Most businesses would rank the ability to produce more in less time as their ultimate goal, making solutions that facilitate this extremely useful for them to adopt. If this is one of your priorities, consider the following:

• Cloud storage and applications – This benefit of the cloud allows your employees to access the documents, data, and other cloud-based tools from anywhere they can access the Internet, freeing them to be productive as they operate remotely.
• Remote access – If you have elected to maintain an on-site infrastructure, remote access tools can give your employees remote access to the hardware they need to stay productive. 
• Automation – Rather than relying on your employees to handle each step of your processes, automation enables your employees to focus on those aspects that require the human touch, while rote steps are handled much more efficiently by your solutions. As a result, more can be accomplished in less time.

Security

We’ve mentioned the operational aspects of how technology can assist your business, but perhaps one of the biggest benefits is how helpful IT can be in protecting your business from various threats. Here is just a small sample of what can be accomplished:

• Access management – Both your infrastructure and the data it holds are valuable, so the fact that the right IT solutions can prevent unauthorized parties from accessing either is a big benefit to any size of business’ continuity.
• Password management – While best practices dictate that users have a different password to protect each account, this advice is often undermined by the number of accounts that modern users have. Using a password management solution can help prevent this from impacting your business.
• Firewall and antivirus – While your users need to be able to spot potential threats, it is advisable that you support them by implementing firewall and antivirus to prevent most threats from reaching them at all.

Remember, this has just been a brief list. Coleman Technologies can help you put technology into place to help you overcome a great many more of your challenges. To learn more, call us at (604) 513-9428 today!

There is a scam going around that convinces organizations to pay for their Google Business Profile, and if you paid for this free service, you’ve fallen for the trick. Google is taking legal action against the scammers who have dragged their name through the mud, using Google’s notoriety to defraud businesses who just want to look competitive.

Let’s look at the announcement to determine what your business should keep in mind regarding these scammers.

Google Wants Consequences for the Scammers Who Charge Businesses for Business Profiles

The first thing you need to understand is that a Google Business Profile is free for business owners to claim and use to share information about their business with the public. This means that anyone who calls you to tell you to pay up for the profile is straight-up lying to you and attempting to scam you.

The problem has escalated to the point where Google needs to take action against these scams. The idea is that taking public legal action against the scammers will keep would-be scammers from acting while also increasing public awareness of these issues. Google’s blog post claims they were able to stop 12 million scammers from creating fake Business Profiles, and that there were 8 million attempts to fraudulently claim Business Profiles.

Again, Google charges nothing for Business Profiles. Such accounts are mutually beneficial; they give you a platform to show off information about your business, and Google can make their search engine better as a result. If you ever receive a phone call from someone claiming to be Google to sell you a profile, then you can rest assured it is most definitely a scam.

How You Can Identify Phishing Scams

Phishing scams can be tricky to identify, but with a little knowledge and training, you and your staff can be well-prepared to deal with any scams that might come your way.

• Look for urgency: Most scams will operate with a sense of urgency to get you to act before you have had a chance to think things through. Don’t fall for it; nothing is so important that it can’t wait 10 minutes while you verify the request.
• The devil is in the details: If you receive a call from someone who claims to be from Google, for example, you can always check the Google Business Profile page to view details on account creation. In this case, the page confirms that it is free, so you know you’re the target of a scam.
• Don’t take any risks: If you have reason to believe that a call or a message is a scam, don’t give yourself any room to make a mistake; just hang up or ignore the message until you can confirm that the message is legitimate or fake. If it’s not, then the person on the other end will surely have to respect your caution.

Let’s Make Your Business Security a Top Priority

If you are ready to take scams and cybersecurity seriously, Coleman Technologies can support you throughout the process. To learn more, contact us today at (604) 513-9428.

As a result of this increase in phishing attacks, endpoint security has grown much more focused, but the issue with phishing isn’t necessarily an issue with the strategies surrounding your technology--rather, it’s an issue relating to your organization’s users and their tendency for failure. Now, we know this sounds a little harsh, but it’s been proven time and again that employees need security training on how to handle credentials and other sensitive information. Let’s take a look at a couple different types of attacks you can be exposed to, and what you can do to keep your organization from becoming just another company that has suffered from a data breach.

Deceptive Phishing
Deceptive phishing is one of the most common types of phishing scams, and it aims to fool unsuspecting users into handing over sensitive information. This happens when the hacker sends a message to users that impersonates an actual person or company that the organization has some sort of relationship with. These hackers use deceptive phishing to convince users to hand over information like passwords, usernames, account numbers, etc. Since official credentials are being used to access these accounts, it doesn’t immediately become a security concern.

For the most part, these deceptive phishing messages are either ignored by the users, caught by filtering technology, or disregarded when they’re accessed. Unfortunately, the handful that actually do fool the end user are worth the hundreds-of-thousands that are sent to others. To keep your business from making this fatal mistake, you need to focus on increasing awareness of what makes phishing attacks so much different from your average legitimate email.

Some of the telltale signs of phishing messages include misspelled words, problems with sentence structure, and suspicious attachments or URLs. Always hover your mouse over a link before clicking on it to determine its location, and never download an attachment unless you know who’s sending it. Another thing to look out for is any financial institution or vendor demanding payment or access to your account--there are other, more official methods of outreach for methods such as these; and no bank or similar institution will ever, ever ask you for passwords.

Spear Phishing
Spear phishing attacks are targeted attempts against a specific user. For example, someone who sees a message from a coworker might let their guard down, but this doesn’t necessarily mean the message is safe. It just means that some hacker managed to find a way to mimic the sender in a way that is extremely convincing. Spear phishing attacks will often know the target’s name, title, company, work phone number, and much more--all to seem as authentic as possible so the user will click on a malicious attachment or URL.

Even social media isn’t safe from this trend. LinkedIn, for example, is one of the most common places where spear phishing is leveraged. It might be used for connecting with other business professionals, but it’s not hard for a hacker to imitate a business professional. We aren’t saying that you need to avoid social media like the plague, only that you should approach it with some sensible caution.

Pharming
That being said, more people are learning about these attacks by the day, meaning that some hackers have ceased these types of attacks for fear of their efforts being for naught. Instead, they turn to a practice called pharming, which is using an organization’s DNS server to change the IP address associated with the website name. This gives them a way to direct users to malicious websites to steal their legitimate credentials.

To prevent this from happening, it’s very important that you tell your staff to be sure they are entering their credentials into a secured site. The best way to make sure this happens is to look for the “https” in the hyperlink, as well as a padlock icon next to the address. It also never hurts to have an antivirus solution on each endpoint within your organization.

Coleman Technologies can help your business stay as secure as possible. To learn more, reach out to us at (604) 513-9428.

Cybersecurity has to be a big deal for any business that uses IT, and today, who doesn’t? When your employees don’t follow cybersecurity rules, it can put your business in danger, like getting hacked or losing money. The first step is to figure out why employees aren’t following the rules. This could happen because they don’t know the rules, haven’t been trained enough, or think the rules are too hard or take too much time. 

Once you understand what the problem is—whether it’s about not knowing, finding the rules too complicated, or resisting changes—you can fix it more easily and in a way that makes sense to them.

Prioritize Training

After figuring out why, it’s important to give employees the right kind of cybersecurity training. They need to know why protecting the company’s data is important and how their actions can keep it safe. The training should include real examples to help them understand the possible risks of not following the rules. Also, make sure to update the training often so employees learn about new threats and how to stay safe.

Choose the Right Procedures

Keeping the security rules clear and simple is another way to help employees follow them. If the rules are too complicated, they might try to find shortcuts, which can make things less safe. For example, if passwords are too hard to remember, employees might write them down, which is dangerous. Instead, make things easier by using tools like password managers and security apps that help them follow the rules without much effort.

Build Accountability

Holding people accountable is also important. Employees need to know there are consequences if they don’t follow cybersecurity rules. This doesn’t mean punishing them, but setting up a system where mistakes are fixed. Make sure employees know how to report security problems and create a safe environment where they aren’t scared to ask for help. You can also check regularly if they’re following the rules and give rewards for doing a good job.

Employees Should Feel Responsible

Making sure everyone feels responsible for cybersecurity is key. Employees should see it as something that affects the whole company, not just the IT team. Encourage teamwork between different departments, have leaders set a good example, and pick team members who are really good at following cybersecurity rules to help others. When everyone, from the bosses down to employees, works together to keep the business safe, it’s easier to protect against threats.

If your business needs help creating and maintaining a robust cybersecurity culture, the IT experts at Coleman Technologies can definitely help. Give us a call today at (604) 513-9428 to learn more.

Here’s what we know:

Capital One has admitted that the personally identifiable information (PII) of over 100 million American and Canadian credit applicants’ information has been exposed. The company did admit that no credit card account numbers or authentication credentials were compromised in the hack. They also go on to mention that in 99 percent of the files, social security numbers were not compromised. The largest category of information that was accessed were individual and small business credit applications that span from 2005 to 2019.

The perpetrator, Paige Thompson of Seattle, Washington, was a former software developer for Amazon Web Services (AWS), which took advantage of a firewall misconfiguration to gain access to the information, AWS confirmed Monday. The flaw came as a result of a setup error and not a flaw within the massively popular AWS.

The breach happened on March 22 to 23, 2019. Thompson was apprehended as a result of being reported to Capital One for storing incriminating evidence on her Github and Slack accounts. Capital One contacted the FBI on July 19, 2019 and after a short investigation, Thompson was arrested and indicted by the Western District of Washington.

The CEO of Capital One, Richard Fairbank released the following statement:

“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

For a full report of the event, visit: https://www.capitalone.com/facts2019/

Capital One has said that it will inform you if you have been a victim of this massive attack, but if like many of us, too much is at stake to wait for the company to reach out to you, you can take some immediate steps to safeguard your personal information.

• Check your accounts - Account monitoring and fraud detection should be a major part of any action you take to secure personal information.
• Change passwords - One great way to at least feel more secure after a major hack like this is to immediately change your passwords.
• Freeze your credit report - One option you can take to protect yourself is to freeze your credit report, this won’t let any credit reporting services check your credit, meaning if someone were to try to take money out in your name that the banks wouldn’t be able to authorize credit.
• Avoid scams - A big part of keeping any data secure is to not give unauthorized parties access to it. That means avoiding phishing attacks and other scams.
• Continued vigilance - Vigilance over your account information, your personally identifiable information, and your overall financial health is more important than ever. As mentioned above, credit monitoring and fraud detection services give users tools to combat unauthorized access.

Keeping yourself and your business secure online is more difficult than ever. To learn more about data security, subscribe to our blog.

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.

Chances are, you’re all too familiar with exactly the kind of scam I’m describing. The one that makes the Do Not Call List sound like wishful thinking, that makes it look like someone from your area - or even your contacts list - is trying to reach you.

Chances are, you’ve answered one of these calls, only to hear silence, broken after you say “Hello?” As soon as you do, a (likely prerecorded) voice launches into its tirade, being a nuisance and bothering people.

Chances are, you may have even received angry phone calls from people you’ve never met, let alone called, claiming that your number has been the source of repeated calls just like these.

You aren’t alone.

Unfortunately, the scammers responsible are talented at skirting rules and regulations.
Calls like these have been harassing users for quite some time, simply because the scammers understand how to cheat and find loopholes. This is all despite the efforts of regulatory bodies like the FCC (the Federal Communications Commission).

In November of 2017, the FCC enabled telephone providers to block calls that were presumably fraudulent. This was based on many factors, like the calls coming from invalid numbers or numbers with no service provider attached.

However, the rules outlined in the 2017 Call Blocking Order weren’t enough to stop scam robocalls for long.

Now, we all have had to deal with the huge nuisance of neighbor spoofing. Neighbor spoofing has almost certainly affected you directly, and if you’ve been lucky enough to avoid it, it’s happened to someone you know.

But you may be asking, what is neighbor spoofing?
If your phone rang, and you have caller ID enabled, you’ve probably developed the habit of checking the number before you answer it - after all, a local number is probably safe to pick up.

Neighbor spoofing has made it so that assumption is no longer the case.

Instead of using a fake number to call their targets, scammers using neighbor spoofing will actually use someone’s real number to call someone relatively nearby - sometimes literally next door. If you’ve ever received an angry phone call from someone demanding an explanation for someone with your number repeatedly calling them and harassing them, your number just so happened to be the one that these cybercriminals spoofed.

There have even been reports of people receiving calls from their own number, claiming to be from the phone company as an attempt to “verify a hacked account.”

Neighbor spoofing is also a very effective method for scammers because it can bamboozle the automated protections already in place to stop scam calls, just like it fools the targeted phone’s user. This also keeps the Do Not Call list from affecting these scammers’ attempts (as if it ever stopped them before).

Additionally, many apps may add some unwanted complications, even if they are effective.
There are mobile applications available that are intended to stop robocalls from ringing your smartphone in the first place. One such application, the aptly-named RoboKiller, does this in two ways. First, RoboKiller references a list of numbers identified as spam, and blocks these calls completely. Second, it uses a patented analysis of the call’s audio fingerprint to compare it to those of other spam calls. Regardless of the number it appears to come from, RoboKiller can identify if it is a match to a known attempt.

You’ll only know that you were targeted after you read the notification that RoboKiller provides.

Meanwhile, RoboKiller responds to the scammer with a time-wasting prerecorded message. You can then review the calls that RoboKiller blocked by opening the app on your phone. There, you can listen to a recording of blocked calls to determine which calls were spam, and which were legitimate attempts to reach you. From there, you can whitelist a number by pressing the Allow button.

Users of RoboKiller can also add numbers to their list of permitted callers to allow them to come through. RoboKiller is a subscription-based application that charges $2.99 each month ($24.99 for an annual subscription), which may be seen as a relatively low cost if you’ve received enough of these calls.

As RoboKiller states on their website, “With RoboKiller, you don’t stop neighbor spoofing. You take action in the fight against the robocall epidemic.”

However, this approach isn’t without some worries.

For one, consider the cost of admission for this app. Yes, $2.99 may seem like a bargain if you have a smartphone, but what about all the people who still don’t? Furthermore, many mobile users today are of older generations, and may not understand how to work the application (or again, may not have a device that is compatible with the app). Yet, these worries may not be necessary for long.

Both the government and the telecom industry have had enough.
It wasn’t long after the 2017 Call Blocking Order was released that the attorneys general from a full 40 states came together to form the Robocall Technologies Working Group. This is a bipartisan commission intent on collaborating with service providers to learn about robocalling technology with the ultimate goal of stopping it.

On October 8th, the attorneys general of 35 of those states signed a letter to the FCC stating that the efforts of law enforcement had not and would not be sufficient to stop abusive scam attempts and robocalls. In this letter, the attorneys state some chilling facts:

• 30.5 billion illegal robocalls were made in 2017 alone, up from the estimated 2016 total of 29.3 billion.
• Estimates have placed the total calls made by the end of 2018 to be somewhere near 40 billion.
• Phone scams allowed cybercriminals to steal an estimated $9.5 billion in 2017.
• August of this year saw 1.8 billion scam attempts in the 4 billion illegal robocalls made that month.

Facts like these only highlight the pervasiveness of these scams, and how important it truly is to eliminate them as much as possible. In fact, the Federal Communications Commission has gone on the record to demand that mobile providers figure out a standardized system to help prevent these calls from reaching mobile users, echoing the demands made by the attorneys general.

This system would rely on call authentication to ensure that only legitimate calls would make it though, and that spoofed calls would be caught by requiring all calls be verified as coming from the correct source.

Not only did Commissioner Ajit Pai release a statement to the press demanding that this system be created, he sent a letter to 14 telecom CEOs, including AT&T’s John Donovan, Charter’s Tom Rutledge, Verizon’s Hans Vesterburg, T-Mobile’s John Legere, Comcast’s Brian Roberts, and Google’s Sundar Pichai.

Pai demanded that these changes be ready to deploy in one year, giving telecoms a ticking clock to establish what they call the SHAKEN/STIR framework (Secure Handling of Asserted information using toKENs/Secure Telephone Identity Revisited). This move was met with the approval of the attorneys general, who went on to encourage the FCC “to implement additional reforms, as necessary, to respond to technological advances that make illegal robocalls and illegal spoofing such a difficult problem to solve.”

As the attorneys general said: “Only by working together, and utilizing every tool at our disposal, can we hope to eradicate this noxious intrusion on consumers’ lives.” Fortunately, this will also benefit the businesses that have been affected.

With any luck, we’ll only have to deal with the robocalling nuisance a little while longer. For assistance in keeping other scams from interrupting your business and putting it at risk, reach out to Coleman Technologies. We have the experience to stop the other threats you would otherwise deal with on a daily basis. Call (604) 513-9428 today.

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

• The U.S. Department of State
• The U.S. Department of the Treasury
• The U.S. Department of Homeland Security
• The U.S. Department of Energy
• The U.S. National Telecommunications and Information Administration
• The National Institutes of Health, of the U.S. Department of Health
• The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Coleman Technologies to get an assessment and a consultation. Call us today at (604) 513-9428 to get started protecting your network, infrastructure, and data.

You don’t want to get spammed; nobody does. Unfortunately, it happens to EVERYONE, and it’s just getting worse. All this unwelcome correspondence happens over the phone, through email, and especially on social media. In today’s blog, we’ll talk a little bit about how social media puts users at risk and what you can do to keep that risk from becoming a problem for you. 

How Social Media Invites Risk

Think about how integrated today’s companies are with the way you navigate online. Do you use the “sign in with ___” feature when you access other apps? Do you have near-constant notifications dinging because you have every email, every update in an application, and every message you get sending you one? Do you spend an unhealthy amount of time scrolling through shorts and reels and whatever? 

No matter what type of user you are, today’s technology has got our attention. Unfortunately, it also has gained the attention of scammers. Let’s take a look at four ways to avoid being scammed on social media.

Nothing Is Too Good To Be True, Except on Social Media

You’ve probably seen those ads: "Get thousands of dollars with this secret trick!" Yeah… no. If something sounds too good to be true, it probably is. Scammers use flashy deals to lure people in, but once you click, they might steal your personal info or install malware on your device. Always double-check offers and only trust verified sources.

Avoid Clicking on Random Links

Scammers love sending shady links in DMs, comments, and even fake emails pretending to be from brands you trust. If you don’t know the person sending it—or if the message feels a little off—don’t click. Even if it’s from a friend, their account might be hacked. When in doubt, ask them directly before opening anything. Always verify if there is any question.

People Are Often Not What They Seem

Scammers create fake accounts pretending to be celebrities, brands, or even people you know. If a friend suddenly messages you asking for money, take a step back and verify first. And if a celeb slides into your DMs saying they need you to help them with an urgent matter, just block and report. Always check for blue verification badges on official accounts and look out for weird usernames with extra numbers or letters.

Try to Keep Private Information Private

People who overshare on social media play right into the hands of scammers. Posting your full name, birthday, or even where you work makes it easier for scammers to impersonate you or hack your accounts. Also, be careful with those viral quizzes that ask for personal information. These quizzes are often phishing for answers to security questions. Keep your info locked down and update your privacy settings regularly.

Unfortunately for everyone, scammers aren’t going anywhere, but you can stay one step ahead. If you ever feel like something’s off, trust your gut. Block, report, and move on. Stay smart, stay safe, and enjoy social media, without the scams.

For more great technology-related best practices, tips, and tricks, return to our blog soon. 

When it comes to valuable data, hackers will go out of their way to try and steal it, placing businesses in dangerous situations. In particular, healthcare data is attractive to hackers, and considering how lucrative the prospect of healthcare data is, companies need to take extra precautions to protect it. But what is it about healthcare data that makes it so attractive, anyway? Let’s dig into the consequences of potential attacks on healthcare data.

It Sells for a Lot on the Black Market

You’d be shocked to see the value of data on the black market, particularly personal health information and medical records, insurance details, and prescription information. Hackers know that there is a high demand for this data, so they have no problem trying to take advantage of the market.

Personal Profiles Aid in Further Attacks

If a hacker can steal a personal profile from a healthcare provider, they gain access to all kinds of information, like medical history, genetic data, lifestyle choices, and more. This information gives hackers all they need to launch customized attacks against individuals based on their profile.

Identity Theft is a Possibility

Identity theft and financial fraud can often be a direct result of healthcare attacks. Once hackers have stolen records, they can impersonate individuals or obtain other medical information and prescription medications, as well as commit insurance fraud. Victims suffer in a variety of ways, including financial loss, damaged credit, and inability to receive medical treatment.

Blackmail and Extortion Can Scare Victims Into Acting

With sensitive personal records such as healthcare data, individuals often find themselves on the receiving end of blackmail attempts or extortion. They might threaten to reveal conditions or other personal information regarding treatments. For public figures or others in sensitive professions, this can be damaging.

Medical Research and Progress Could Grind to a Halt

Medical research requires that data be accurate, and if hackers steal or alter information in healthcare records, medical research grinds to a halt. This puts any attempt at developing new treatments, understanding disease patterns, or improving public health in jeopardy. 

Hackers Take Advantage of Weaker Security Systems

Healthcare organizations often have weaker security measures in place, putting them at greater risk of being attacked. These organizations are often more focused on providing better patient care, meaning their investment priorities are elsewhere, leading to more potential for security vulnerabilities in the process.

There is So Much Data to Steal

Consider how many patients a hospital might see over the course of a year. Now consider that the hospital will retain those records for an extremely long time. This shocking amount of data makes hospitals and other healthcare providers targets that have a lot to lose as a result.

Of course, it’s not just healthcare data that’s at risk of theft, destruction, or worse—all data is vulnerable to this type of treatment if it’s not managed appropriately. Let Coleman Technologies help you address this with our managed IT services. Learn more by calling us today at (604) 513-9428.

Like many of the past few years, this year has witnessed a significant surge in high-profile ransomware attacks. If you haven't already strategized how to safeguard your business from these threats, now is the time to act. Fortunately, you can take several proactive measures to mitigate the impact of ransomware attacks, and it all starts with preparation.

Effective preparation begins with a deep understanding of your technology infrastructure. By comprehensively knowing the ins and outs of your network and the interconnections between various business units, you gain a crucial advantage over potential hackers. For example, creating segmented areas within your network can limit the damage hackers can inflict, confining their impact to specific business units rather than compromising the entire infrastructure.

Maintaining strong access controls is essential to prevent ransomware and other threats from causing widespread damage. Monitoring an entire network simultaneously can be challenging for IT departments, but designing systems that impede hackers' movement enhances your ability to isolate and address issues swiftly.

Information is extremely important in the battle against ransomware and other threats. Understanding and improving your pre-attack informational advantage when formulating your cybersecurity strategy is a critical action that every business has to take. While keeping hackers out entirely is ideal, recent attacks have shown this isn't always feasible. Preparation is key to staying ahead of threats.

It's important to note that these principles apply to ransomware and various other threats that may jeopardize your infrastructure. While ransomware garners significant attention, proactive measures such as multi-factor authentication, unified threat management, and robust access control solutions can mitigate various threats.

We're here to assist if your business wants to fortify its network infrastructure against ransomware and other threats. Our expertise in implementing preventive measures (like those above) can provide peace of mind. With us managing your cybersecurity strategy, you can confidently focus on your daily operations, knowing you're well-equipped to handle any potential infrastructure challenges.

To discover how Coleman Technologies can bolster your business' defenses, contact us today at (604) 513-9428.

How Hygienic are Your Passwords?

With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:

• Personal details, like your name or birthday
• Names of friends, family, or most infamously, your pets
• Commonly used words (like “password” or a favorite sports team)
• Simple keyboard patterns (like “12345” or “qwerty”)
• Repeated login credentials (like username: David1973, password: David1973)
• Making their passwords as short as possible

Now, before you zip away and try to figure out new passwords for all of the accounts that have these kinds of passwords protecting them, let’s take a few more moments to figure out how to actually come up with ones that will be secure.

To begin, let’s consider some “best practices” that should no longer be described as “best.”

Some Less-than-Best Practices

According to NIST (also known as the National Institute of Standards and Technology), the following practices aren’t all that effective any longer when it comes to secure password creation.

• Alphanumeric Switching: So, we all (should) know that something like “password” isn’t nearly secure enough to be used as a password. As a result, many users would use “p455wO2d” instead, changing letters to numerals and occasionally playing fast and loose with their capitalization. While this isn’t always a bad strategy, using such a common password still makes it far less secure than it needs to be.
• Length Requirements: It’s likely that you have encountered this as well, as a program has kicked back your chosen password while announcing that “it is too short/long for its eight-to-ten character limit.” According to NIST, these antiquated requirements literally short-change security, as longer passwords or passphrases are more difficult to crack but easier to remember than the short jumbles of random characters.
• Banning Cut and Paste: For some reason, many username and password fields don’t allow content to be cut and pasted into them, almost as if the prospect of typing out someone’s account details will stop a hacker in their tracks. This also makes the use of password managers, a hugely useful tool in maintaining good password practices, less available. So long as they are used properly, password managers should always be encouraged, as they enable a user to store and use multiple passwords while only really remembering one.
• Password Hints: We’ve all been asked to set hints for our passwords before, just in case we forget them. You know the ones: “Where did you graduate from high school?” or “What was your first pet’s name?” The trouble with these questions is simple: our online habits make this kind of information easy enough to find online, especially with social media encouraging us to share pictures of our pets, or announcing that we’re attending the “Educational Institution’s Class of Whatever Year’s Something-th Reunion.” Instead of relying on these hints, combine multiple forms of authentication to both offer additional means of confirming your identity and better secure your account.
• Frequent Password Changes: Considering how many passwords we're all supposed to remember, it only makes sense that users would fight back against frequent password updates by only changing a single detail about it and calling it changed. For instance, let’s return to David1973 for a moment. If this user were forced to change his password too often, it is likely that he would resort to simply adding an easy-to-remember (and guess) detail. Maybe this is the fifth time that David1973 has been told to change his password, so while his password started as “David1973,” it progressed to “2David1973” to “3David1973” and so on to “5David1973.” Of course, we aren’t arguing that passwords should never be changed, but make sure that these changes aren’t actually counterproductive.

How to Create a Secure Password

Rather than using a password, per se, we recommend that you instead use a passphrase. Let’s use a quote by author Elbert Hubbard as our example: “Positive anything is better than negative nothing.” 

Of course, this is a mouthful to type, in a manner of speaking, so it might make sense to use some alphanumeric switching to help abbreviate it into a complex phrase that is still easy to remember.

Doing so, “positiveanythingisbetterthannegativenothing” becomes “p0$!tiV3NE+hg>-tiV3_+hg”.

Then, if you use this password as the master access code for a password manager, the rest of your passwords/passphrases could foreseeably be randomly generated, increasing your overall security even further. To make your password manager even more secure, you should really devise your own complex phrase, rather than steal one from an author.

You never know, some enterprising cybercriminal might be a big fan of Hubbard’s works, too.

For more advice and assistance to help you make your passwords and accounts as secure as possible, reach out to Coleman Technologies by calling (604) 513-9428 today!

iPhone users should be aware that, should you encounter a pop-up that reads “Your Apple iPhone is severely damaged”, you don’t need to be concerned—beyond the concern you’d have for any other threat, that is. This pop-up is just a recent iteration of a common phishing scam that aims to fool people into downloading apps that enable hackers to access personal information.

When you think about it, this is kind of a brilliant strategy for a hacker to use. People tend to panic when they see a message like that…and that panic creates an opportunity for the hacker to embrace. What’s your response when your phone has an issue? Almost certainly negative, and more than likely, somewhat thoughtless, and this is what an attacker is counting on as they do it.

Fortunately, avoiding this threat is as simple as closing the pop-up immediately, avoiding the provided link. This link would only initiate the download of malicious software and applications, or bring the user to a form meant to harvest personal information.

This scam has quite the reach, for one specific reason: iPhones are very popular.

iOS, the operating system that powers Apple’s mobile devices, is widely known as being the most secure of the major mobile operating systems out there. This is largely due to the marketing efforts of Apple, and has become less and less true with more people actively targeting iOS with their code. Overall, however, iPhones have retained their reputation for top-notch security.

This scam leans into this reputation, as it effectively phishes the device’s user, generating fear and urgency that can be leveraged to manipulate the user into acting rashly. As a result, the attacker’s motivations can be accomplished.

Fortunately, simply closing Safari without interacting with the ad prevents this threat from doing any damage. After all, you are also avoiding the risk of accidentally downloading unwanted and malicious applications that could bring operational problems with them.

So, if you use an iPhone as millions of people do, make sure you keep an eye out for these kinds of scams. Mobile devices are hugely popular, so attacks against them are bound to only become more common.

Here at Coleman Technologies, we’re committed to helping you and your business become more secure through both education and proactive services. Find out more by calling us at (604) 513-9428.