Coleman Technologies Blog

Mobile device security is critical for modern businesses, especially as they play a more prominent and significant role in daily operations. However, data loss is also a problem, regardless of the source… including if a device is wiped via a reset.

While Apple has offered a feature to prevent this for the past year or so, Android 15 now provides the same, referred to as Identity Check. Let’s explore how it works, and how to enable it for yourself.

First of all, we have to start by saying that (as of this writing) this feature is only present on Pixel devices and Samsung Galaxy devices running One UI7. While other device manufacturers may add it to their customized interfaces (and apparently plan to later this year, so they may have already as you are reading this), these instructions currently only apply if you have one of the above devices.

How Does Identity Check Work?

To protect your device, Identity Check blocks any Android account settings from being changed unless the user is in an approved location or can pass a biometric test. This block covers quite a bit, including:

• Adjusting the screen lock
• Adding a new fingerprint
• Adding a new Google account to the device
• Disabling Find My Device
• Accessing the Password Manager and the data therein
• Accessing developer tools and options

…and, of course…

• resetting the device.

How to Activate Identity Check

Activating Identity Check is simple:

• Access your Settings
• Navigate to Google account
• Select All services
• Find Theft Protection
• Enable Use Identity Check

While you’re there, you can also add trusted locations using Manage. Deactivating Identity Check requires you to either authenticate using your biometrics or log into your Google account.

Spoiler Alert: Macs Do, in Fact, Get Malware

Not to be juvenile about it, but duh. A computer produced by Apple can just as easily be infected by malware and ransomware, just as they can also experience any of the other problems that a PC user would. Hardware failure, slowing with age, crashes, data loss—these and so many other issues can be seen in a Mac.

So, where do we get the widespread opinion that Macs are somehow immune to the issues that Windows devices suffer from?

In short, advertising. Over the years, Apple has had some brilliant advertising campaigns behind it, from the classic “1984” ad that ran during Super Bowl XVIII to the brief clip of John Malkovich talking to Siri. One particular campaign, however, helped to really push the idea that Macs aren’t susceptible to computer viruses.

The “Hello, I’m a Mac” campaign starred John Hodgman as the beleaguered PC, constantly coming up short when compared to Justin Long’s Mac in a total of 66 spots. One of the most famous of these bits outlined how Macs didn’t have to worry about viruses—amongst many, many others over the four years that these ads ran.

In all fairness, these ads were truthful enough. Massive amounts of new viruses are created to attack the Windows system each year, many of them leaving Macs unimpacted. While in fairness, Macs do get viruses, there are far more variants out there that target PCs.

The question is, why?

There are Far More PCs Than Macs, for One

Back in 2018, there was only one Mac for every ten active PCs online. Therefore, if about 90 percent of computers run on Windows, it only makes sense that there would be more viruses focused on Windows.

PCs are the predominant choice for businesses and industries, schools and universities, and home users alike.

To be fair, there isn’t really anything inherently wrong with Macs. Apple’s laptops and desktops are very capable devices. The difference comes from third-party developers. Many business-oriented core applications just don’t have Mac versions, and Apple doesn’t have the low-tier hardware options that are available with the Windows platform. So, when your billing department and your video department have very different needs, there isn’t a reason for you to spend the amount that a high-end Mac costs when a mid-range PC would do the job.

At the end of the day, a Mac and a PC at the same price tier are going to be effectively the same. The big difference is your preference and what your business works best with. Of course, we also have to say that Macs can have some difficulty integrating with a network designed for the PC and the software that most businesses prefer to use.

Mac Users Aren’t Off the Hook

While the fewer number of viruses targeting them has made it seem as though a Mac is the more secure choice of computer, the environment is changing. Malwarebytes recently reported that Mac malware is outpacing PC malware for the first time. The report also states that, between 2018 and 2019, threats to Macs increased by 400 percent.

Of course, it should also go without saying that the type of computer one uses shouldn’t impact that person’s security awareness and hygiene. Macs and PCs alike need to have antivirus and other protections installed, secured by strong passwords by users who understand that risk has no brand loyalty.

At Coleman Technologies, we are very aware of the importance of your business’ security and can assist you in protecting your endpoints and educating your users. To learn more about what we can do, reach out to us by calling (604) 513-9428.

Nowadays, it is crucial that you make security a top priority. With the right approach, it not only saves you massive headaches, but also a considerable amount of capital—particularly if you leverage the appropriate solutions for SMBs. As a managed service provider, we can ensure that you implement the appropriate IT solutions to maximize the return on your security investment.

The best security solutions will make sure that you are exposed to minimal security risks as you go about the workday. Here are just a few security best practices and technologies that can save your business time, energy, and money.

Firewalls to Defend Your Network

Network security is incomplete without a robust firewall solution to protect your infrastructure. A firewall is a digital shield that safeguards your company’s network from external threats. It analyzes traffic into and out of your infrastructure. It keeps threats from sneaking through, thereby minimizing the opportunity for a data breach and potential financial loss from fines and damage control. Trust us when we say the best way to address a security breach is to be proactive about it and prevent it entirely.

Regular Security Audits to Leave No Stone Unturned

When you’re sick, you go to the doctor. When your car breaks down, you go to the mechanic. When your technology fails, you see your local managed service provider. These are all “reactive” approaches to maintenance, whether for your body, vehicle, or IT. When it comes to security, you want to take a proactive approach, though, and conduct security audits every so often to address potential issues before they become serious problems. Again, preventing problems from escalating saves you money, so it never hurts to be overly prepared.

Employee Education to Supplement Technology Solutions

What happens when a hacker cannot break through your technology solutions? Rather than brute forcing their way through to your infrastructure, they will take the path of least resistance by targeting your employees with phishing scams and other unethical tactics. You must provide routine security training to reduce the risk of human error. While it might take time out of their days, it will go a long way toward mitigating the risk of a data breach.

Get Started Today with Proactive Security Solutions

All it takes to break your budget is one single data breach. Don’t let your business suffer even that! Take advantage of our managed services to give your business the security solutions it deserves. To learn more, call Coleman Technologies today at (604) 513-9428.

A business’ compliance with the regulations it operates under is a huge issue that many inside your organization won’t understand but has to draw some attention. Let’s look at some of the variables that go into compliance to outline just how important it is.

Regulatory Requirements

Governments and regulatory bodies create various laws and regulations to ensure the security, privacy, and ethical use of technology. Compliance with these regulations is absolutely mandatory, and failure to meet them can result in significant fines, legal penalties, and reputational damage.

Data Security and Privacy

As businesses collect and store sensitive data, ensuring the security and privacy of this information has to be a priority. Compliance frameworks, such as GDPR, HIPAA, and CCPA, set standards for protecting personal data and require organizations to implement robust security measures.

Risk Management

The process that goes into successful technology compliance helps organizations manage risks associated with cybersecurity threats. Building strategies that adhere to compliance standards can minimize the risk of incidents that could disrupt operations or harm customers.

Trust and Reputation

Doing everything you can to stay compliant demonstrates a commitment to ethical practices and protecting customer data, which builds trust with customers, partners, and stakeholders. Non-compliance, on the other hand, can lead to a loss of confidence and damage to the organization's reputation.

Operational Efficiency

Compliance frameworks often include best practices and guidelines that can improve the efficiency and effectiveness of technology operations. By following these standards, organizations can enhance their overall performance and reduce the likelihood of error.

To follow technology rules, you need to know the laws, use strong security, be proactive in managing risks, and follow ethical guidelines. For help with this, contact the IT experts at Coleman Technologies today at (604) 513-9428.

Would you feel safe staying at a hotel that, instead of unique locks, each door used the same key as all of the others? Probably not—because if someone got in, they could take whatever they wanted. That’s similar to how old-school cybersecurity worked. Once someone got into a company’s network, they could access almost everything, making it easy for hackers to steal information. But today, many businesses use a better security framework called zero-trust security. In today’s blog, we discuss what zero-trust security is and why it’s safer.

What Is Zero-Trust Security?

Zero-trust security is all about being extra careful. It means that nothing and no one inside a company’s network is trusted automatically. Instead, everything has to prove it has permission to be there, even if it’s already inside the network.

Returning to our hotel example, imagine that the hotel used a unique lock on each room's door instead of using a marginally better version of the honor system. Even if someone managed to find your floor, they still can’t get in the room unless they have your room’s access code. Zero-trust security works the same way by adding multiple layers of security to keep data safe.

How Does Zero-Trust Security Work?

For zero-trust security to work, companies need to focus on these seven things:

• Users - The company needs to know who is trying to get into its network and make sure each person only sees what they need for their job. For instance, people in sales wouldn’t have access to financial records, and engineers wouldn’t be able to see private HR documents.
• Devices - Every computer, tablet, and phone connecting to the network needs to be safe. Companies make sure devices have the latest updates and security settings, and they check to see if each device is allowed to connect.
• Networks - Different parts of the network are locked down, so only people who need to use them can access them. Firewalls and other tools help block out anyone who shouldn’t be there.
• Applications - Companies keep all the software they use up-to-date and secure. This ensures no one uses unsafe programs that could let hackers in.
• Data - Data is super valuable, so companies protect it with encryption (which turns data into code) and other strong security tools to keep it safe from people who shouldn’t see it.
• Automation - Computers can help by watching the network for unusual behavior, like a hacker trying to get in. This helps companies stop threats faster than if a person had to notice on their own.
• Analytics - By tracking everything happening on the network, companies can spot warning signs early and stop problems before they become big issues.

Why Zero-Trust Security Matters

Zero-trust security is all about being cautious and making sure every user and device proves it’s allowed to be on the network. By checking everything—even what’s already inside—companies can ensure their information stays safe.

Want to know more about keeping your business secure? Give the IT professionals at Coleman Technologies a call today at (604) 513-9428 to learn more.

Facebook remains one of the most visited places on the Internet. Meta (the parent company to Facebook) also features WhatsApp and Instagram on their roster and has faced numerous security and privacy failings over the years. In this week’s blog, we’ll take a brief look at some of the most noteworthy.

Cambridge Analytica

One of the most notable incidents was the Cambridge Analytica scandal in 2018. The political consulting firm harvested the data of millions of Facebook users without their consent, using it to influence voter behavior, including in the 2016 Presidential election and the decision by the English people to leave the European Union. This breach exposed how third-party apps could exploit Facebook's data-sharing policies, leading to widespread criticism and a significant loss of trust among users. The scandal prompted regulatory scrutiny and highlighted the need for stricter data protection measures.

Ignoring Data Privacy

In addition to the Cambridge Analytica scandal, Facebook has been criticized for its handling of user data. Reports have surfaced of the platform storing passwords in plain text, exposing users to potential hacks. Furthermore, Facebook's practice of collecting extensive user data, including location information and browsing history, has raised concerns about user privacy. This data collection is often done without explicit user consent, leading to accusations that Facebook prioritizes profit over user privacy. Ultimately, Meta settled a class action suit for over $700 million.

Cyberattacks and Data Breaches

Facebook has also faced challenges in securing its platform from cyberattacks. In 2018, the company disclosed a breach that affected 50 million accounts, where attackers exploited a vulnerability in Facebook’s code. In 2019, over 500 million people had their Facebook data found on publicly accessible servers. Later that year, 300 million users had their Facebook information hacked and made available on the Dark Web. These breaches allowed hackers to access user accounts and potentially obtain personal information. Despite Facebook's efforts to improve its security infrastructure, such incidents demonstrate the ongoing vulnerabilities that can be exploited by malicious actors. Finally, the U.S. Federal Trade Commission levied a $5 billion fine and set forth new privacy restrictions for their products. 

Poor Privacy Practices

The platform's privacy policies have been a subject of controversy as well. Facebook's terms and conditions are often criticized for being lengthy and complex, making it difficult for users to understand how their data is being used. The company's approach to privacy settings has also been problematic, with frequent changes that can confuse users and lead to inadvertent sharing of personal information. This lack of transparency and control over privacy settings has contributed to user distrust.

Fake News and Manipulation

Finally, Facebook's role in disseminating misinformation and harmful content has raised ethical and privacy concerns. The platform's algorithms often promote sensationalist and polarizing content to maximize user engagement, which can have negative societal impacts. Moreover, the use of targeted advertising based on user data can lead to manipulation and exploitation. These issues underscore the broader implications of Facebook's security and privacy failings, affecting not only individual users but also society at large.

Most of the people you know use some type of Meta social media product, and after a myriad of privacy concerns, you need to have a plan for how to protect yourself. Stop back next week for part two, where we will tell you some things you can do to do just that.

Let’s go over how you can review how much of your data these Chrome extensions can access, and how you can adjust these permissions more to your liking.

Fair warning: This will naturally require you to change a few settings, so don’t be afraid to reach out to your IT provider to confirm these changes are okay to make and for assistance in doing so.

What Permissions Have Extensions Been Granted?

Here’s the thing—the extensions that you have installed into the Chrome browser, much like the applications that can be installed on a mobile device, will require some of your browsing data in order to function. Many extensions and applications, however, take claim of far greater permissions than their functionality requires in practice. In fact, a recent analysis of extension permissions shows that over a third of all extensions do this!

Here are a few steps that allow you to evaluate your Chrome extension permissions and help you to avoid granting them too much access in the future.

Step One: Evaluate Your Current Permissions

First, you will want to find out how many of your installed extensions currently ask for too much. To do so, you’ll need to type chrome:extensions into the address bar and go through the Details of each extension that appears on the page.

There, you’ll find a line annotated with Site access. There are various access levels that an extension can have once it is installed, including no access at all. What this means is that your web activity isn’t accessible by the extension at all. The other levels include:

• On click – This means that an extension can access and alter data in your active tab when you click on the extension’s shortcut.
• On specific sites – This means that only certain websites allow the extension to access and alter what is presented in the browser.
• On all sites – This means that there are no restrictions on an extension, allowing it to access and alter data at any time.

Certain types of extensions may need this kind of access, while others will not. It is up to you to determine what access is appropriate for each to need, based on what they use to operate.

Step Two: Adjusting Your Current Permissions

If an extension doesn’t need the level of permissions that it demands, do everything you can to address this by adjusting its settings. If the extension allows this, these permissions can be adjusted by simply selecting your preferred option under Site access. Whenever possible, following a principle of least privilege is the safest bet for your data.

Step Three: Keep Permissions in Mind Moving Forward

Once your extensions’ access permissions are in check, you don’t want to just fall back into your old habits with any new extensions you add. Remember, these extensions prompt you with a brief dialog box explaining its default accessibility settings… pay attention to them. Whenever you activate an extension moving forward you need to be sure to keep these permissions in mind. It may be the difference between installing an extension or finding another option.

Coleman Technologies can help you manage all your business technology through our proactive managed services and support. To find out more about our services, reach out to our team by calling (604) 513-9428.

SMBs tend to rely on their longstanding clients to bring in the majority of their revenue, so what happens when clients suddenly cannot trust your business’ reputation? Look no further than if you were to suffer from a cyberattack for an answer. It turns out that being careless with your clients’ data is one of the best ways to sink your reputation.

January 2023 Saw 53% of Surveyed Firms Experience a Cyberattack

This is up from the previous year’s 48%. This number comes from a global readiness survey administered by Hiscox, a specialty insurance company with offices in the United States, the European Union, and Asia.

The Hiscox Cyber Readiness Report 2023 offers other interesting information that businesses can learn from, including what businesses in Belgium have done and what can be learned from them. It’s well worth the time to read through the report, let alone the executive summary.

Of course, we want to make this information as accessible as possible, so if you take nothing else away from the report, at least consider this: the above 53%, and that businesses with less than ten employees were hit more often… accounting for 36% of all attacks.

Clearly, there is a problem here that you need to be concerned about.

Your Clients and Customers Wouldn’t Appreciate Your Business Suffering a Hack

Really, it’s all about broken trust; you shouldn’t expect your customers to take kindly to such an affront to their data security.

There are a few exceptions to this rule. If you leave your customers’ data susceptible to an attack, chances are you will experience a significant challenge recovering from it, in more ways than one. According to information compiled by Varonis in 2022:

• 65% of victims lost trust in the organization that was breached
• 80% of consumers reported that a business would lose them as a customer if their data were compromised
• 85% would tell others about the experience they had, 33.5% taking to social media to do so
• 52% of consumers claimed that security was among, if not the, most important consideration when making a buying decision

The Solution is Simple: Protect Your Business

Ultimately, the best way to protect your business and its reputation is to protect its data. If you want to ensure you keep your business’ data safe, be sure to contact Coleman Technologies at (604) 513-9428.

The past few years have seen some of history’s greatest data breaches. For instance, the most notorious of these attacks, the Equifax breach, Yahoo, and Marriott-Starwood, resulted in a combined total of 3.5 billion accounts breached.

This means, statistically speaking, you would have a pretty good chance of picking a data breach victim of the past few years by randomly selecting two human beings from the entirety of planet Earth’s population.

Crunching the numbers, there has been an increase of security breaches of 67 percent since 2014.

What Does this Mean? Is Anything Secure Anymore?

Interestingly, there is a plus side to these enormous data breaches happening in the public eye, thanks to a few key points:

• It brings attention to these kinds of crimes - Thanks to disasters like the Equifax breach, more Canadians are aware of the impact of cybercrime. This kind of awareness is crucial to encouraging improved security.
• There is too much data for cybercriminals to practically use. This one can be chalked up to statistics… the more data that a given cache has, the less of a chance that your data is pulled up in an attack.

To clarify, we aren’t trying to sugarcoat the severity of a data breach, but having said that, the past few years’ cybersecurity threats have really given us all an example to consider. With new compliances, regulations, and other mandates being put into play, businesses are certainly considering these threats.

What About Small Businesses?

There is a tendency to overlook small businesses when discussing data breaches. After all, the ones that have struck large targets (like Yahoo, Target, eBay, Sony, and many others) almost always get a headline, along with the attacks that focus on municipalities, like the ones that targeted Wasaga Beach, Ontario and Midland, Ontario with ransomware.

What aren’t heard about so much, unfortunately, are the attacks that lead to much smaller companies shutting their doors for good… a side effect of the limited number of victims per attack, and the relatively casual approach that many have towards security. Unfortunately, a Verizon survey shows just how misguided the assumption that a smaller business size will protect it from threats, when 43 percent of businesses breached would be classified as small.

Security Needs to Be a Priority

Fortunately, there are ways that you can reinforce your business’ cybersecurity, especially with the help of Coleman Technologies and our experienced cybersecurity professionals. Call (604) 513-9428 to get in touch with us, so we can help evaluate and fulfill your business’ needs.

With many “non-essential” businesses scrambling to find strategies that will keep revenue coming through the door, setting up a remote workforce has become most businesses' best hope. Unfortunately, with such little notice to dot the Is and cross the Ts, businesses are taking on more risk than many of them are comfortable with. That trepidation is not fruitless, either. In times of crisis, hackers have a tendency to prey on the unprepared. The fact is that workers that are operating where they are not comfortable--or where they’re too comfortable--can mean disaster for their employers.

Security Threats for Remote Workers

Even if it normally is, security isn’t exactly the top priority for businesses faced with this situation. Businesses need to mitigate net-negative cash flow positions. This means they need their staff to continue working. This is stretching business’ cybersecurity strategies thin. Exacerbating things is that with so many people focused on the COVID-19 pandemic, hackers can use it as bait. 

Cybersecurity professionals and other researchers have seen an increase in ransomware attacks, trojans, and spyware as a result of this situation. They’ve also seen COVID-19 being referenced in millions of phishing attacks. Many problems that businesses face in regards to cybersecurity can be directly attributed to the remote worker. Workers at home are typically using their home PC or laptop that has all their personal accounts on it. An infected personal PC is a big problem when you are using the same PC to access work related materials. 

Additionally, hackers are now seeing a lot more success by targeting businesses directly now that security is playing second fiddle.

That is a problem since cyberattacks can decimate your business, tarnish your reputation, and end any positive momentum your business has built up. Since most businesses weren’t prepared in the least for these stay-at-home orders, the ones that are under direct scrutiny from federal, state, and industry mandates are even more exposed.

How to Protect Your Business

While any measures you take at this point to better secure your employees working remotely will be more reactive than they are proactive, it is still important to do so. We suggest that you enact the following measures to begin:

• Cloud solutions - Rather than introducing an entrance into your business with a remote access solution, using the cloud’s capabilities enables productivity through a much simpler and more secure means than opening a gateway into your business’ infrastructure. As the cloud permits you to store your data and/or host your applications, your employees can be sure to have the resources they need to safely work from home.
  
  
• Company devices - If you provide your team with the device they should use through their day-to-day, your business can continue to operate with the knowledge that all updates and security patches can be maintained. Despite the upfront costs of procuring the technology you will need, making this investment can provide returns to both productivity and security.
  
  
• Employee training - Perhaps most crucially, your employees need to respect how much responsibility will rest on their shoulders in terms of maintaining cybersecurity as they work from home. Making sure they know the recommended best practices for maintaining security, as well as other preventative skills like spotting phishing attacks, will allow you to trust them more to keep your business safe from threats.

While the COVID-19 pandemic will eventually end, smart security practices both in and out of the office never should. To learn more about how we can help keep your business safe, reach out to Coleman Technologies at (604) 513-9428.

One of the best things about the move towards streaming in media is that since people love watching real-life stories, studios have committed to creating documentary content that provides interesting perspectives. Many people don’t have a comprehensive understanding of technology, especially as it relates to real-world situations, so dramatized documentaries can be a good source of information. Today, we’re going to go through three riveting technology documentaries that are available on streaming services.

The Social Dilemma (2020)
Social media is one of the most important technologies developed over the past couple of decades. As with any transformative technology, the practices developed early on by developers to monetize seemingly “free” services have a major impact on users and the monstrous social media space as a whole. A saying that is repeated several times throughout the movie is, “If you’re not paying for the product, you are the product.”

The filmmakers use one-on-one interviews as well as actors who play roles that are supposed to represent an average family and their use of social media. This gives the viewer multiple perspectives to understand the documentary's central theme: that social media is a new market with a much different business plan than any other that has come before it: what is called surveillance capitalism. 

The documentary does an amazing job of explaining how social media negatively affects personal value, society, and other issues without the billions of users on these platforms even knowing that they are being manipulated at every turn. The Social Dilemma was directed by Jeff Orlowski and is available for streaming on Netflix. 

The Great Hack (2019)
The Great Hack isn’t about hackers, per se. It’s about the case of Cambridge Analytica, a company set up to mine data and manipulate people into changing how they look at the world. Centered around a pair of whistleblowers, the documentary tells the story about how the company unethically obtained a load of Facebook data to provide powerful clients the information they required to manipulate public policy.

The scandal was at the heart of the 2016 U.S. Presidential election and the British exit from the European Union (Brexit). The Great Hack sheds light on the ethical implications of data privacy breaches and the dangers of unchecked data manipulation through interviews with former employees, whistleblowers, journalists, and academics. The film raises important questions about the power of technology companies, the role of social media in shaping public opinion, and the need for greater transparency and regulation of these massive technology companies. 

The Great Hack was directed by Karim Amer and Jehane Noujaim and is available for streaming on Netflix. 

Deep Web (2015)
The Internet is much larger than the typical person experiences. Alex Winter, one of the great documentary filmmakers of contemporary cinema, explores the deep web in his 2015 film of the same name. The film features many issues, including the ethical use of technology, the dissolution of the Silk Road, a notorious illicit marketplace found on the deep web, and Bitcoin, the infamous cryptocurrency so often used in cybercrime.

The film explores the events leading up to the trial of Ross Ulbricht, the originator of the Silk Road, through the lens of his capture, the trial, and the immediate aftermath. In doing so, it serves as a historical account of what would soon be a common enough occurrence to be a part of the zeitgeist.

Deep Web was directed by Alex Winter and is available for streaming on Amazon Prime.

This is just a taste of the many documentaries discussing today’s technology and its intricacies in daily life. We encourage you to view these titles and continue exploring to learn more.

While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful all the time. There are too many threats and too many variables to consider, and zero-day exploits are often discovered well after they are actively being exploited by threats. How can you keep zero-day exploits from impacting your business?

What Exactly Is a Zero-Day Exploit?

To put it simply, zero-day exploits are flaws in systems that are discovered only after they have been targeted by a threat. The severity of the attacks can vary wildly, ranging from discrete and covert hacks that go undetected for some time, to in-your-face hacks that don’t care about being discovered by the user. In the case of the former, zero-day exploits can go undocumented for so long that it becomes an even greater threat and logistical nightmare for security researchers and developers.

Why Are They So Dangerous?

The main reason why zero-day exploits are so devastating is that they are undocumented and therefore hard to predict or take action to prevent. This unknown factor means that people often don’t know they exist until the flaw is being leveraged by hackers, making it even more crucial that developers act with haste to patch the flaw.

The problem here is that issuing patches to these types of issues takes time—time which is of the essence. As long as the threat is actively being exploited, users remain at risk until the patch has been issued, and after the lid has been blown off the vulnerability, you can bet that hackers will do all they can to take advantage of the exploit before it is fixed.

What Can You Do About Them?

Zero-day flaws are inherently dangerous because security researchers and professionals have precious little time to address them. That said, you do have some options available to you to protect your infrastructure as best you can, at least until the patch has been issued.

First, you want to consider a comprehensive security solution designed specifically for enterprise-grade security. Coleman Technologies can help you implement such a system to mitigate most security threats. At the same time, you’ll want to ensure your team has the training they need to identify potential threats and the reporting structure for how they can let IT know if something is amiss. We also recommend that you actively monitor your systems to detect abnormalities before they cause irreparable damage. All in all, you want a proactive strategy rather than a reactive strategy for your IT.

Coleman Technologies can help you put this plan into practice. To learn more about what we can do for your organization, call us today at (604) 513-9428.

We will always reinforce how critical it is for everyone in any workplace to have a grasp of cybersecurity best practices, regardless of their role or responsibilities. However, based on a survey conducted by UK-based cybersecurity firm Ramsac, this baseline is not being met by a long shot.

Why do we say this? Simple: this survey revealed that one in three adults failed a cybersecurity test designed for 11-year-olds.

Let that sink in for a moment.

Let’s consider what this suggests about the state of modern business cybersecurity.

Ramsac’s Results Speak Volumes

The survey that Ramsac administered was simple enough: before an IT website could be accessed, a user—in this case, decision-makers in their organizations and fields—needed to answer five basic cybersecurity questions.

Again, these were questions designed for 11-year-olds to answer successfully.

What the Results Revealed

There were some troubling trends brought to light in the responses.

Malware seemed to trip up the most people, with 15 percent answering incorrectly. Phishing bamboozled 13 percent of respondents, and 21 percent did not know how to protect themselves against these scams (which, as a reminder, are among the most common attacks out there). General cybersecurity awareness was slightly better, with just under seven percent missing these questions.

How to Increase Your Business’ Security

While there are tons of tools and technologies to help boost your protection, you can make a big difference relatively quickly in a few simple ways.

Apply Updates

Updates are frequently created to resolve existing security issues. Keeping your technology updated will help keep you safer from vulnerabilities.

Team Training

One of your biggest security challenges will always be the people you have working for and with you. Training them and evaluating their preparedness to detect threats will help reduce the issues you ultimately face.

Endorse Communication

Encourage your team to speak up if they have any questions or concerns, particularly when security may be impacted. Asking the right questions at the right moment could be the difference between security and a breach.

Cybersecurity is Everyone’s Responsibility

We can help you protect your business from threats of all kinds, implementing many of the above tools to your advantage. Learn more by calling (604) 513-9428.

Password changes, multi-factor authentication, and countless changes in policy and procedure can make daily workflows more and more complicated. Cybersecurity can truly be a pain—a necessary pain, granted—but a pain nevertheless, and one that can gradually lead to burnout if you aren’t careful. Let’s go over how to mitigate the likelihood of it.

Understanding Security Fatigue

Let’s put yourself in the shoes of one of your employees for a moment—although, if we’re really being honest, the following scenario could easily apply to anyone in your organization, including you.

How often have you sighed when asked to create yet another new password, or groaned when a multifactor authentication prompt pops up, when all you’re trying to do is your job? Does news of the next security training make you roll your eyes?

You aren’t alone. Not by a long shot.

The truth is, modern cybersecurity—for all its importance—is a balancing act. While the human element is consistently one of the weakest elements of the average business’ security, the numerous policies, procedures, and protections intended to help mitigate the vulnerabilities your team members contribute to can backfire.

For instance, how would you feel if it consistently became more and more challenging for you to complete the same tasks you had always been responsible and accountable for, without the tasks themselves changing at all? Pretty frustrated, I’d assume, and motivated to do whatever you could to streamline these challenges…going so far as to cut corners or overlook whatever requirements you could get away with neglecting.

This is the phenomenon known as security fatigue—where there is so much emphasis put on security and the safeguards intended to ensure it, that your team becomes disinterested and behaves less securely as a result.

Some Signs that Security Fatigue Has Set In

You’ll want to be on your guard so you can spot some of the warning signs in both your own behaviors and those of your team members. For instance:

• Have you or your team members grown more lax with your password practices?
• Are you or your team members prone to connect to insecure networks without the added protection of a virtual private network, even when accessing sensitive accounts and data?
• Do you and your team keep an eye out for signs of phishing, or are most messages taken at face value?
• Are work devices commonly used for personal activity?
• Is IT kept apprised of incidents and issues promptly, or are such things only reported when the circumstances are severe?
• Do you or your team members frequently use workarounds to bypass your security?
• Are work devices kept appropriately up-to-date, or have updates been somewhat neglected?

If any of these sound familiar, you may have a bit of onset security fatigue.

How to Correct Security Fatigue

Fortunately, there are a few ways that you can counteract this phenomenon in your business. While we in no way are attempting to minimize the importance of security of all kinds for modern businesses, it is important to also keep in mind that too much apparent security can easily hurt your team’s productivity. Therefore, by helping to take as much off your team members’ plates as possible, through things like automatic patches, remote management, and password management systems, you can better strike a balance between productivity and security without short-changing either.

Coleman Technologies is here to help you do just that. Let us shoulder your cybersecurity needs so your team can focus more on your productivity, without worrying that you’re left vulnerable as a result. Give us a call at (604) 513-9428 to learn more about what we’ll do, and how you could benefit.

Over the past few years, huge scamming operations have operated in Southeast Asia, and now they are spreading. These scams—known as pig butchering scams—cause serious harm, as in an estimated $75 billion worldwide in 2023.

With these sorts of operations spreading, let’s go over what pig butchering is. 

What is Pig Butchering?

Traditionally, farmers process their swine to make them ideal for the market. Pig butchering scams do the same. Much like farmers fatten up their droves, these pig butchering operations will nurture a single target over time, building what appears to be a long-distance, intimate relationship with the target. Once the target is well and truly hooked, the scammer requests that they send cryptocurrency to help them get out of a jam.

The victim does so, and suddenly, a meaningful relationship is torn from their life as the scammer vanishes, off to swindle their next victim.

These attacks can leave their victims crushed, and it doesn’t help that the people running these scams are often enslaved themselves, abducted and forced to steal in exchange for freedom that likely will never come.

These operations have since spread from Southeast Asia to across the world. Dubai has become almost an epicenter for these activities in the past few years, with its massive international migrant population serving as a buffet of targets for the people running the scams to manipulate and effectively imprison.

Similarly, these scams have started stretching across Africa, as gangs operating in Nigeria and other countries have begun adopting these tactics as well. With a history of similar scams associated with that region and prefabricated pig butchering kits available for sale, it has become incredibly simple for these scams to spread.

These scam centers have also been spotted in Georgia, Peru, Sri Lanka, El Salvador, and the Isle of Man, meaning the chance of you being targeted only increases as time passes.

How You and Your Team Should Avoid Pig Butchering

While pig butchering scams generally target individuals, you want your team members to be as cybersecure as possible. After all, who’s to say that an online paramour wouldn’t try to convince them to steal your financial accounts?

Make sure your team knows about attacks like phishing and spoofing and how easy it is for scammers to mine the internet for photos and even videos to fool them… especially with AI now on the table. Your team must know and practice safeguards against these threats and the many others that are out there today.

This is a big part of how you need to prepare your business to contend with cyberattacks as well, and we can help. Contact us at (604) 513-9428 to learn more about what we can do to help protect your business.

Let’s discuss what this signifies, and how this may shape how users authenticate themselves in the future.

Defining CAPTCHA

Short for Completely Automated Public Turing Test to tell Computers and Humans Apart, CAPTCHA has long been the standard tool used by Google to prevent automated spam from polluting the Internet by requiring (in theory) a human being to interact with content in some way before allowing access or a task to successfully be completed.

Back in the early 2000s, CAPTCHA was effective against spambots, being able to bamboozle them by simply requiring images of text to be identified.

The Growing Issues with CAPTCHA

However, once Google gained ownership of CAPTCHA and used it to help digitize Google Books, the text needed to be increasingly distorted to continue to fool optical character recognition. Adding to this was the fact that human beings solving these CAPTCHAs gave optical character recognition the information needed to improve its skills.

This is the downside to CAPTCHA that its creators foresaw from the beginning: at some point, machines would ultimately overtake human capabilities when it came to identifying these images. Furthermore, these tests also need to be universally applicable, working wherever someone is located despite any cultural biases and differences that a user might have.

Since then, CAPTCHA has been replaced by NoCAPTCHA ReCAPTCHA (the one where your user behavior is used to judge your humanity) in 94 percent of websites that use CAPTCHA. Further research and development is in progress to reinforce the security of these tools.

However, automated bots can already bypass CAPTCHA more effectively than most humans can. In fact, in 2014, a machine learning algorithm was made to compete with users to solve distorted text CAPTCHAs and managed to bypass the security measure 99.8 percent of the time, as compared to the humans’ 33 percent. There are also various CAPTCHA-solving programs and services available for use that can effectively access vast amounts of pages for little cost.

What is Being Done to Resecure CAPTCHA

There are many different approaches under consideration to improve the practical efficacy of CAPTCHA—making it simpler for human beings and more difficult for machines as originally intended. To accomplish this, a few different tactics have been explored, some more plausible than others:

• Rather than identifying text or images, users would be asked to classify images of faces, based on expression, gender, and ethnicity (probably not the best option, in today’s contentious environment).
• CAPTCHAs based on trivia and regionalized nursery rhymes, with these culturally based questions designed to overcome bots and overseas hackers alike.
• Image identification that uses cartoons, hidden-image illusions, and other relatively subjective content to outfox automated CAPTCHA-cracking tools.
• CAPTCHA tools that test users by having them perform basic game-like tasks, with instructions given in symbols or contextual hints.
• Device cameras and augmented reality being used as a form of physical authentication.

Finally, a lot of consideration is being put to authentication measures that examine a user’s online behaviors and actions to determine whether there’s a real human being at the controls, or if a clever piece of software is trying to gain access—whether the mouse moves, for instance, or how precise it is as it does. Google itself is starting to examine traffic patterns to test “users” on a case-by-case basis.

There’s even a chance that these kinds of Turing tests will only be passable in the future by selecting an incorrect answer.

Regardless of how, it is only going to become more important to secure your accounts and the information they contain as time passes. Coleman Technologies is here to help you secure your business and its data. Learn more about how we can protect your business with the right IT solutions by calling (604) 513-9428 today.

Scammers look to take advantage of someone else for their own gain, but there are some scammers out there who are trying to scam the scammers to teach them a lesson. One such individual is “Kitboga,” a content creator who calls themselves a “scam baiter.”

Kitboga’s Story is Rooted in Familial Concern

In 2017, Kitboga, or Kit for short, learned about a chatbot that could waste a scam artist's time, expose them online, and showcase the dangers that they represent to particularly vulnerable populations, like the elderly. Kit channeled his expertise in computer software engineering and his concern for his grandparents into developing ways to combat these crimes.

After doing this independently for some time, Kit established a presence on the Twitch live streaming platform to combat scammers in real time. Kit specializes in “scam baiting” content, where he keeps scammers on the line as long as possible and tries to manipulate them into his own traps.

Kit’s strategy is simple: waste as much of their time as possible, while also collecting enough information to potentially report them to authorities like banks, law enforcement, or even the FBI and Secret Service (although it should be noted that neither agency has confirmed involvement or cooperation with the streamer).

Kitboga Scams the Scammers and Educates His Audience

Kit’s streams serve more than just to make fools out of scammers. He is also trying to educate his audience on how these cyberthreats function. These threats will often try to have their victim install malware or spyware, and some ask for people to send them a gift card with the intention of scamming them. He has even seen pig butchering scams, where the scammer will build up trust and then strike when the victim least expects it.

Kit’s far from alone here, too; he has built up a small team to help him in these efforts.

As you can imagine, Kit’s efforts have given his audience significant knowledge of how to spot scams throughout their daily lives. He has even created an AI-powered “honeypot” which lures in scammers, then traps them in constant verification requests for “stolen” (i.e. made up) Bitcoin accounts. Furthermore, he has released his own scam protection software service that helps to keep users safe from scammers whose time cannot be wasted.

If you’re interested in learning more about Kit’s work, you can listen to this fascinating and terrifying conversation with him and Jim Browning on Boston’s NPR station. It’s a great listen, as long as you’re okay with some explicit language.

Don’t Try This At Home

We know it might be fun to try this out for yourself, but know that some scam baiters can incur fines and experience other issues during their work. It’s definitely not something that the average user should ever attempt.

You do have some recourse, though:

4 Tips to Prevent Scams

Remain Calm

Scammers will try to scare you into action, so think things through in the moment. If you receive a message with claims like you owing money in unpaid taxes or you’re facing potential criminal charges, think through how reasonable these claims are before you act.

Avoid Cryptocurrency

If you’re going to make purchases online, use a credit card. Transactions can be canceled in the case of credit card fraud. Plus, credit cards are also insured. 

Never Send Money to Strangers

This should go without saying, but you should never transfer money or give personal information to strangers on the Internet.

Don’t Return Calls

Sometimes scammers will try to pose as a trustworthy entity within the user’s community, like a bank or a customer service number. Don’t call them back at this number; instead, use information publicly available on their website to contact the legitimate entity.

Let Us Help You Out

Naturally, cyberthreat scams like those that Kitboga faces are commonplace, and your business should be prepared to combat them. We recommend you contact us at Coleman Technologies for business-grade solutions. To learn more, call us at (604) 513-9428.

Windows Defender is Microsoft’s own antivirus solution, and it comes bundled with Windows, so it’s confusing to think that a business would need to pay for it, right? Well, there are actually two separate products called Defender, with a big difference between them.

Sometimes, the most challenging part of picking solutions for your business is deciphering their often-obscure naming conventions. We’ll admit, Microsoft’s naming conventions for some of their products are a little confusing, so let’s try to make sense of one of their products, Microsoft Defender.

Of course, confusion is the last thing you want for your network security, which is what we’re getting into with today’s article. Consider the difference between Windows Defender and Microsoft Defender for Business as a perfect representation of this.

Explaining Windows Defender

Windows Defender is an antivirus software that comes with your Windows 11 operating system. It’s also preinstalled on Windows 10 PCs. It’s so under the radar that most users likely don’t even know it’s there. Microsoft has started to refer to this tool as Microsoft Defender, just so you are aware.

Of course, you get what you pay for with network security tools, but even the quality of free cybersecurity software has varying levels of “bad” to consider. We’re happy to report that Windows/Microsoft Defender is at least usable from the average user’s perspective. It’s better than not having any protection at all and definitely better than some other free tools that bombard you with advertisements and subscriptions.

Windows Defender is perfectly good enough for the average user who doesn’t use their computer for business purposes. It’s fine for a college student’s laptop to do their homework on, and it’s fine for most people who use their computer for simple tasks like watching videos and sending emails. 

But it’s not ideal otherwise. Windows Defender doesn’t do much to stop phishing attacks or ransomware; it also doesn’t cover other web browsers, like Firefox or Chrome, sticking you with Edge if you want to take advantage of the most protection possible. That said, Windows Defender has a firewall that can block malicious URLs and run malware scans. It’s a fine solution for free but not the best you can do. Why not?

The reason is simple: it’s not designed for businesses.

Microsoft Defender for Business

Microsoft Defender is meant for use by consumers, whereas Microsoft Defender for Business is designed for businesses. It can support organizations of up to 300 users, after which Microsoft has higher-end enterprise solutions like Defender for Endpoint, Defender XDR, and Microsoft 365 for Enterprise.

As you might expect, Defender for Business has more power to it than your average consumer version. It works on various platforms, including Windows, Mac, Android, and iOS/iPadOS. You can also protect Windows or Linux servers.

Microsoft Defender for Business has central controls for admins to adjust security as needed. With these controls, an admin can ensure that all systems are properly protected, run scans, or change settings for the entire network.

Unsurprisingly, this solution is more all-encompassing than the consumer version, so if you’re dead-set on Defender, we recommend going for the business-grade version. It works to protect your organization from cybersecurity attacks, including malware and viruses that home users need to worry about, while also covering the more advanced threats that target businesses. It also covers remote employees, which is a huge benefit in today’s ever-flexible work environment.

Microsoft Defender for Business offers the comprehensive protection you expect from a business-grade solution, whereas the consumer-grade product does not.

Don’t Use Consumer-Grade Products for Your Business

The big takeaway we have for you here is that businesses should not use consumer-grade products. They do not offer the same level of service, scope, and security necessary for business-level operations. This statement applies to all business-grade products, whether you’re looking at a security solution or a productivity suite.

Coleman Technologies can help you make the right decisions regarding the security of your network. Learn more by calling us today at (604) 513-9428.

Applying Software Patches
It should be clear that software patches are designed to fix security problems and improve the functionality of the software, but some organizations simply don’t have time to implement them manually, or they simply don’t understand the purpose for them. Part of the problem is that sometimes the developers aren’t necessarily clear that patches are available, while other times those within your organization may not even know how to administer them. Regardless of the reason, there are usually problems on a network that will go unattended for extended periods of time.

Most hackers only want to take advantage of the issues they can detect. Thus, there could be countless threats out there designed to target countless unpatched vulnerabilities on your network that not even the hackers can know about. It makes sense for a hacker to use just one exploit to target a handful of vulnerabilities. Therefore, it’s important to make sure that all software that you use is updated and patched.

Additionally, your systems shouldn’t be running unused programs. The more software you have, the more ways hackers can take advantage of your organization’s network vulnerabilities. Moreover, you might even be wasting revenue on renewing software licenses that you don’t even need, so it’s best perform a network audit from time to time to get the worthless software off your infrastructure.

Dodging Social Engineering Attempts
Social engineering is broadly categorized as any method that takes advantage of unprepared users or those who are ignorant of solid network security practices. Examples include a phone call or email message claiming that the network has been breached by a foreign entity and that “tech support” needs to remote into the computer and resolve the issue. There are other, more subtle methods as well, such as targeted spear phishing attacks that go after specific users with personal information that convince them that the hacker is someone in authority.

These types of attacks vary in sophistication, but they can range anywhere from an employee receiving a message claiming that they’ve won a prize, to the intruder physically following your employees into the office and stealing sensitive data manually. In instances like these, a little bit of employee training can go a long way. Teach them to look for anything suspicious, and inform them that vigilance is incredibly important in the workplace.

These two security improvements barely scratch the surface of what your organization should be focusing on for network security. If you want to fully protect your business to the best of your ability, give us a call at (604) 513-9428.

What is Smishing?

When cybercriminals use phishing scams, they aren’t using advanced technologies to crack their target’s digital defenses. Instead, they hack users by exploiting the assumptions, bad habits, and ignorance of the target to get them to release sensitive information.

Attackers circumvent cybersecurity measures by sending messages purporting to be from an authority figure or trusted contact, thereby convincing the user to undermine their protection. A notorious example of phishing is the email from the persecuted royal family, known as the "Nigerian Prince scam."

Smishing simply applies this principle to SMS instead of the usual email.

You could simply receive an SMS from a number that claims to be a financial institution or service provider, or even if you are doing business with that institution.

This message could contain details that confirm that the sender is who they purport to be, or it could go unnoticed because it is not the kind of message that most people expect to be phished through. More recently, many of these attacks have been sent under the ruse of being from authorities trying to share information about the COVID-19 pandemic.

There is a possibility that a link may be included in the message asking you to log in, but the problem is that this will lead you back to a fraudulent login page where the user’s actual login data is collected. It may prompt you to download a document that hides a variety of malicious programs, and suddenly the attacker has access to all your personal information, such as your phone number, email address, credit card numbers, bank account credentials and other sensitive information.

It's as simple as that.

Now, think for a moment about how much sensitive data you're likely to keep on your phones and what data a hacker might extract from them.

Spotting a Smishing Message

To prevent this from affecting your business, your entire team must be able to detect phishing attempts as soon as they are sent via SMS.

• Just as with suspected phishing emails, opening a suspected smishing message is extremely risky. If the sender is not familiar to you, do not open the message and definitely do not access any links included.
• If you cannot verify the legitimacy of the message, do not release sensitive information. If you receive a text message from Facebook informing you of a problem with your account, access Facebook separately to confirm before you resolve it.
• Some mobile devices can block texts, just like email clients can filter messages. So, make sure you block phone numbers that are suspected of phishing and apply settings that might be helpful.

As a final tip, you need to make sure your entire organization keeps an eye on security during the workday and that they know how to identify and respond to threats.

Of course, it does not hurt to apply certain preventative measures to your network, such as anti-virus, firewall protections, and others. We can help! Coleman Technologies can support your team in its IT requirements for security, productivity, and mobility. Find out about our services by contacting (604) 513-9428.