Coleman Technologies Blog

Let’s start with where we are now. History is best told on a timeline, so let’s start from the present. Cybercrime today is profiting over $1.5 trillion each year, and that figure continues to climb. Some have predicted that this figure will nearly quadruple by 2021. Security breaches are up by 67 percent over just the past five years.  

How is this figure climbing so quickly? Well, let’s examine the most popular form of cybercrime: phishing. The method that cybercriminals are using are able to deploy all types of malware, yet also has data-stealing abilities. Whether that data is your sensitive personal information, or login credentials to your bank account, phishing gives a cybercriminal direct access. The worst part for people who have fallen victim, is until something dramatic happens, they are clueless that they have even become a victim. Phishing attacks have led to billions of records being exposed, stolen, or corrupted each year.

Cybercrime has become a real concern for all business owners. So how did all of this start?

The Beginning 

This information Coleman Technologies is about to reveal may be hard to believe, but cybercrime was Bob’s fault. This trillion-dollar criminal trend is the result of a research project held by a man named Bob Thomas. Bob Thomas made the observation that a program is able to move across a computer network, leaving a trail behind. He then proceeded to write a code that was named “Creeper”. This code resulted in a program that was designed to travel between Tenex terminals on the ARPANET. The message that came across? “I’M THE CREEPER : CATCH ME IF YOU CAN”. 

The research project sparked the attention of email inventor Ray Tomlinson. Tomlinson altered this program into a self-replicating one. This resulted in the first computer worm. Immediately after this discovery, he wrote an additional code which was titled “Reaper”. This chased down the Creeper code, and deleted it; which resulted in what was effectively the first antivirus software. 

So how did Bob’s experiment start all of this? Well, in the 1980s Soviet hackers considered the applications of this experiment. Academics designed applications that could be used to infiltrate other networks. This ideology quickly spread, and in 1986 German hacker Marcus Hess hacked into an internet gateway which was hosted at the University of California at Berkeley. This hacked connection was then used to piggyback onto the ARPANET. He hacked into a total of 400 computers, including mainframes hosted at the pentagon. 

How did this turn into such a profitable “business”? Hess planned on selling the secrets found on these computers to the Soviet KGB. Before he was able to do so, he was caught by the group effort put forth by the FBI and the West German government. His conviction was the first of its kind -- cybercriminal activity sentencing. The abnormality of the case resulted in a 20-month suspended sentence. 

At the same time as this was occurring, computer viruses started to become a serious threat. With the exponential growth of the internet, there were more connections that viruses could infect. The virus started to become a real problem.

The Middle

In 1988, Robert Morris woke up and decided he wanted to see just how big the internet had become. Morris, a software engineering student at Cornell University, wrote a program designed to spread across various networks, work themselves into Unix terminals, and begin replicating. The software replicated so quickly that it actually slowed down the early Internet, which caused major carnage. This carnage become known as “the Morris Worm”. Morris’ worm resulted in the formation of the Computer Emergency Response Team, known as US-CERT today. Morris was the first person convicted under the Computer Fraud and Abuse Act (CFAA). This act was introduced with the intentions to protect against unauthorized access. 

After Morris’ worm was handled, viruses began being developed at an absurd rate. The antivirus industry, which started in 1987, began to grow as a result. By the time the Internet was an accessible user-product in the 1990s, dozens of solutions were available to prevent devices from being infected. These solutions scanned the binaries on a computer, and tested them against a database of known virus-code. There were major problems with this protection method, such as the abundance of false positives. They also had a tendency to use a lot of the systems’ resources to scan for these viruses. Remember how slow dial-up used to feel? Your anti-virus could have been the culprit. 

The mid-90’s to late-2000’s were a prospering time for the world of viruses. While the figure was estimated to be a few thousand known viruses in the mid 90’s, that figure was estimated to be around five million by 2007. These different malware strains were either worms, viruses, trojan horses, or other forms. By 2014, 500,000 different types of strains were being created daily. This time truly was the malware boom. 

Who was stopping this boom? Well, nobody. Cybersecurity professionals needed to make an effort. Antivirus solutions simply couldn’t keep up, and while they might detect malware, they had a hard time preventing it. Innovations in cybersecurity developed quickly. First, endpoint protection platforms (EPP) that didn’t just scan for known code, they also scanned for code similarities. This meant that unknown viruses could be detected.

The End?

With advanced malware defeating endpoint protection regularly, it was time to further innovate cybersecurity measures. The timeline innovators had was cut short with the deployment of WannaCry. WannaCry was, at this point, the most devastating piece of malware that existed. WannaCry even shook the world of the most capable security professionals. It encrypted the data on a computer and forced the computer owner to pay in Bitcoin to regain access to these files. This deployment sparked an explosive increase in the cybersecurity industry. It was time for cybersecurity to surpass the capabilities of cybercriminals, instead of being constantly behind.

The only way anyone was able to determine if they were being infiltrated was to have a transparent network. Administrators began using endpoint threat detection and response (EDR) services to monitor their networks. This solution is still cutting edge by today’s standards. While this isn’t the end for cybersecurity, EDR services are extremely capable of keeping malware out of your network. 

If you would like to learn more about cybersecurity, or are interested in keeping your business’ data safe, call Coleman Technologies today. Our professionals can be reached by calling (604) 513-9428.

As the threat landscape gets more concentrated with serious cyberthreats, new next-generation firewalls (NGFWs) have been developed to help stem the tide of negative outcomes that result from cyberattacks. An NGFW is an advanced network security device or software solution that combines traditional firewall capabilities with additional features and functionalities designed to provide enhanced protection and visibility into network traffic. NGFWs are designed to address the evolving and sophisticated nature of cyberthreats, including malware, intrusion attempts, and other malicious activities.

Key Features of NGFWs

• Application Awareness - These new firewalls can identify and control applications and services at the application layer. This allows them to make access decisions based on the specific applications or services being used, rather than just IP addresses and port numbers.
• Intrusion Prevention System - NGFWs often incorporate intrusion prevention capabilities, which help detect and prevent known and unknown threats by inspecting traffic for malicious patterns and signatures.
• User and Identity Awareness - These firewalls can associate network traffic with specific users or devices, enabling user-based policies and monitoring.
• Content Filtering - NGFWs can filter web content to block or allow specific types of websites, ensuring that organizations can enforce acceptable use policies and protect against malicious content.
• Advanced Threat Protection - Many NGFWs include features like antivirus, anti-malware, and sandboxing to detect and block advanced threats, including zero-day attacks.
• VPN Support - NGFWs often support Virtual Private Network (VPN) functionality, allowing secure remote access and site-to-site connectivity.
• Security Intelligence - Incorporating threat intelligence feeds and databases to keep up with emerging threats, NGFWs can update their security policies accordingly.
• Granular Control - Administrators can define granular policies for network traffic, specifying what is allowed and what is denied, based on various attributes such as application, user, content type, and more.
• Logging and Reporting - NGFWs offer robust logging and reporting capabilities to provide visibility into network activities, which can aid in incident response and compliance reporting.
• Scalability and Performance - NGFWs are designed to handle high volumes of traffic and offer scalable performance to accommodate the needs of large enterprises.

NGFWs are a crucial component of modern network security infrastructure, helping organizations protect their networks and data from a wide range of threats while maintaining control and visibility over network traffic. That is why it is so important to keep your firewalls, next-gen or not, updated with the latest threat definitions to ensure that you are getting the stated value out of it.

If you would like to learn more about outfitting your business with NGFWs, give the IT professionals at Coleman Technologies a call today at (604) 513-9428.

Most people are familiar with Santa Claus, the jolly gift-giver who delivers presents to all the children who have kept the Christmas spirit in their hearts all year. Lately, many people have also become aware of Krampus, Santa’s dark shadow who—as the legend goes—takes a similar trip to visit the naughty children and turn the worst into a midnight snack.

However, one has to wonder: what about all the adults who might also be naughty?

Let’s find out about what happens to them.

What If Someone’s Job Parameters Changed Over the Centuries?

Hannibal Rowe sat in his office on December 24th, alone and frustrated. 

Glancing at the clock, he rolled his eyes and sent the message his HR team had drafted up for him. It was nonsense about leaving work early to enjoy the holiday with their families… something along those lines, at least. He heard his team start celebrating and chatting about traditions and whatnot as they hustled to close out their days and get home.

Rowe didn’t move from his seat until long after the door had closed behind the last of his team as they left—it was Thomas, excited about being able to read his kids to sleep or whatever—and even then, he was in no hurry to get out of there for himself. He poked at his keyboard, read some emails, and was just getting to the point where even he was considering going home before hearing the telltale ding that said a customer had walked into the office.

Hannibal smirked. Those idiots lost out on what might have been a really valuable commission. He stood, ready to walk out and greet the visitor, only to see the visitor had already found their way to his office. That was surprising in itself, but the visitor’s appearance quickly overwhelmed that factor.

The visitor was huge, taking up most of the doorway, but he gave off the impression of being lighter than air. He was very sharply dressed, with a suit that must have been custom-made for him based on his size and the apparent quality of the materials. He was very pale, a fact that his dark suit only accentuated. His eyes, however, were the oddest that Rowe had ever seen.

His eyes seemed dead, devoid of any twinkle or sparkle. Even more odd, however, was the color. His irises were so dark that it looked like the pupil never seemed to end.

The visitor smiled, politely asking, “Hello. Am I correct in assuming that I’m speaking to Hannibal Rowe? That’s what the sign on the door said.”

Hannibal nodded, reaching out a hand. “Yes, sir, that’s me.”

The strange man smiled, accepting the handshake with a shockingly cold hand. “I’m so glad I caught you in time. When I saw the empty office, I thought someone forgot to lock the door on their way to their families.”

Hannibal couldn’t help but roll his eyes. The visitor’s smile grew as he took note of the reaction.

“Not a fan of Christmas?”

Hannibal shook his head.

“Honestly, it all seems pretty silly to me. What, the fact that some people put so much weight on one day means that I have to jump through hoops and deal with all their traditions for a whole month? Man, if I told you all the time I waste dealing with time off requests… it’s ridiculous.”

The visitor chuckled. “I see I’ve come to the right place.”

At that, the visitor raised one of his ice-cold hands and snapped his fingers. The door slammed behind him, the lock engaging loudly with a definitive clunk.

Hannibal staggered back at that, startled by the sound, and started shaking as he realized what just happened.

“What… how…?”

The visitor nodded.

“Why don’t you sit down for a moment, Hannibal?”

The visitor snapped again, and suddenly, Hannibal felt the familiar cushion of his office chair behind his legs. He collapsed into the seat, staring in horror at the figure before him.

“Who…?”

“That’s the question I was waiting for!” The visitor nodded enthusiastically. Snapping again, the visitor suddenly had a simple chair in front of him. He sat as well, his strange eyes never leaving Hannibal’s.

“To answer that, you may have heard of me, but I can’t blame you for not recognizing me in this shape. My name is Krampus.”

As he said the words, Hannibal could have sworn that the visitor had horns, but they vanished as quickly as they appeared. Krampus continued:

“Now, you may be thinking of all the stories that have been told about me, and that was once how I operated. However, times change, and I eventually realized that many naughty kids will grow up to be fine human beings if given the time and opportunity to mature a little bit.”

Krampus sighed, rubbing his temples where Hannibal realized his horns must be.

“I was more than okay with this, but it suddenly became very clear that adults—some of them, anyways—were so much worse than any child I had ever dealt with.

“So I decided to change my tactics. Why go after kids who had the potential to be better when I could just wait until they were all grown up and stuck in their ways? There are plenty of people who do turn out just fine, which I prefer. Then again, some good kids wind up being pretty crappy adults.”

Krampus looked at Hannibal meaningfully.

“Wait, I’m crappy?” Despite the situation, Hannibal could hardly believe what he was hearing.

Krampus laughed, a true hearty laugh. He had to wipe away a tear before answering.

“Of course you are! Here it is, Christmas Eve, and you would have your team working well into the night if you didn’t know it would create a ton of trouble for you. I might be a little sensitive to the fact that it’s Christmas, but your team members are doing their best with the tools you’ve given them.”

“So, what now?”

Krampus sighed. “Well, here’s the issue. I need to know that you’ve learned a lesson, without punishing your team for their hard work. So here’s what we’re going to do:

“You’re going to suffer a cyberattack. You, personally. None of your staff will be impacted, and it will be clear that you were the one at fault, so nobody else can be blamed. I’m telling you this because you aren’t going to remember any of our conversation tonight, of course.”

Hannibal gulped. It would almost be better if Krampus still did things the old-fashioned way.

“But wait, we work with Coleman Technologies. They usually stop all this stuff from happening, right?”

“Oh, absolutely… but there’s only so much they can do to stop people from making mistakes.”

Hannibal blinked and suddenly found himself looking at an empty room. He blinked again, and all memory of his conversation with Krampus was gone. He turned back to his computer and opened his email again, finding a new message…

All of us here at Coleman Technologies want to wish you a very happy holiday, ideally one free of the impact that Krampus could have on it. If you want to make sure that your business is safer and more efficient for the new year, make it your resolution to give us a call at (604) 513-9428.

Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.

Imagine for a moment just how much sensitive data your business stores on its network. You have payroll records, including bank account numbers and routing numbers, personally identifiable information, contact information, and all of the details about your relations with your clients, as well. It doesn’t really matter what industry your business is in. All businesses should take security seriously. Here are some reasons why your organization should prioritize security.

Security is Proactive, Not Reactive

Imagine that your workday is disrupted by a security discrepancy that puts your entire infrastructure at risk, all because someone clicked on the wrong link in an email and downloaded an infected attachment. You now have to contend with the countless issues related to that threat. You can dodge these issues by protecting your business ahead of time so that they don’t affect you in the slightest. Imagine that same scenario, but with an adequate spam or phishing blocker. All of a sudden, that security solution paid for itself simply by preventing the downtime that clicking on such a link would cause.

Security Protects Your Business’ Future

If you were in the market for a new good or service, would you want to work with a company that doesn’t take your security and privacy seriously? This is one big reason why you need to protect your infrastructure; it protects the longevity of your organization. Businesses that let security fall to the wayside often lose clients because they don’t want to work with a business that is unreliable. When a business cannot obtain new clients due to word of mouth and online reviews soiling their reputation, that business is doomed to fail.

Security Keeps Your Bottom Line in Check

Businesses that fall victim to security threats or data breaches might become subject to fines as a result of exposing the wrong data to hackers. These fines, put in place by regulatory bodies, are preventative measures to encourage businesses to do the right thing and protect their infrastructures in a way that is consumer-friendly. These fines can be quite expensive, too, depending on the industry and the infraction. Cover all your bases now so you don’t have to pay up later down the road.

Coleman Technologies can help your business implement security solutions that work for you. We can help you implement the strategies and tools you can use to keep your business safe both now and well into the future. To learn more, call us today at (604) 513-9428.

The User Experience and How Security Fits

Let’s face it, the majority of Internet consumers have no idea about data security until something terrible happens. Until they get malware, or get their identity stolen, or their accounts hacked, they assume that there is enough built-in security to facilitate any behavior online. This is not ideal, obviously, but there are a small number of people, around 29 percent, that have enough security awareness to avoid certain websites. 

This actually represents an increase in security awareness, and retailers that are now seeing their sales drop due to security concerns are feeling pressure to improve their security, especially considering that this year online retail sales are expected to climb by nearly 30 percent over 2019.

It is a balancing act. While on one hand, consumers demand a certain level of security while shopping online, they also demand superior usability. A streamlined user experience typically gets in the way of comprehensive security. Think about it this way: a third of users will just delete an application if they experience challenges in usability, including login problems. Therefore, businesses need to weigh what type of authentication measures they use. 

Major Privacy Concerns are Troublesome for Consumers

Another issue that is plaguing online retailers, is how their data is used, stored, and managed. Most consumers are at least cognizant of how important it is to keep their personal and financial information protected and are quick to move past retailers that they deem don’t at least consider their privacy. In fact, 70 percent of consumers view their ability to deny developers of certain apps and websites the right to resell their information as a key consideration of whether or not to use that particular site/app. This goes against user practices, however, as nearly three-quarters of consumers will give over some information for a discount. Some consumers will provide a whole profile for as little as five percent off their purchase.

With this in mind, it is left to the business to figure out how to get the information they seek, while also paying attention to consumer’s growing distrust of online data collection. It’s a tough situation for both parties. Many businesses will try to provide discounts on a user’s birthday, but that is only possible if they actively work to collect that information. Some retailers routinely do business this way, but many are starting to find new ways to get more engagement from their customers. 

Every Business Needs to Be Secure

Every single business can use data to their advantage, but with more people concerned about their online privacy than ever before, it is important to have the security protocols in place to allow them trust enough to do business with you. If you are looking for some help with your business’ security, or would like to learn more about the options available to help you find the happy medium between helping your customers protect their privacy, call the IT security professionals at Coleman Technologies today at (604) 513-9428.

Tesla’s Near-Sabotage

In August 2020, a Russian businessman was indicted on charges of conspiracy to intentionally cause damage to a protected computer after he attempted to recruit a current Tesla employee to install malicious software on the automaker’s Gigafactory network. 

According to court documents, the hacker, 27-year-old Egor Igorevich Kriuchkov, contacted an unnamed Tesla employee who he had previously come into contact with in 2016. Using Facebook-owned messaging app WhatsApp, Kriuchkov set a meeting with the employee on August 3, 2020. At this meeting Kriuchkov offered the employee money to help him steal data from the company with the use of malware. 

The attack was to work as follows: they would simulate a Distributed Denial of Service (DDoS) attack and with access provided by the employee, Kriuchkov and his associates would infiltrate the network and steal data, at which point, the hacking team would demand a ransom for the stolen data. 

Court documents suggest that when Kriuchkov attempted to follow up with the employee to smooth out the details, they weren’t alone in the meeting. The employee had reached out to the Federal Bureau of Investigation. The FBI surveyed the meeting, where Kriuchkov repeated the particulars of his proposed scam and admitted that his hacking collective had stolen from other companies, with the help of sitting employees. The employee also received assurances that one of his/her coworkers could be blamed for the breach. 

Ultimately, the FBI collected enough evidence against Kriuchkov to make an arrest. He now faces up to five years in prison.

This outlines just how important your employees are to your business’ data protection and cybersecurity initiatives. 

How to Minimize Insider Threats

Education is a big deal. If you want someone to do something proficiently, they’ll need training. Here are a few suggestions on how to make cybersecurity a priority to your staff. 

Build Your Company Culture Around Cybersecurity

To ensure that you have the best chance to ward off insider threats, make cybersecurity a priority. In doing so, you will unify your team’s efforts to help protect your business.

Educate Your Staff on Emerging Threats

Cybersecurity is a big issue. It’s not as if one thing will protect your network and infrastructure from all the threats it faces. To get help from your employees, you will need to commit to educating them on the threats they could encounter in their day-to-day routines. 

Train Your Staff About Cybercrime

Sure, it is helpful to train your staff on the cybersecurity best practices, but without context chances are it won’t stick. By telling them what could happen as a result of negligence, you can get their attention. The more they understand how their actions could cause major problems for your company, the more they will be diligent to ensure to do the right things.

If you would like some help figuring out your company’s security training platform, or if you need to talk to one of our consultants about getting some security tools designed specifically for your company, we can help. Call us today at (604) 513-9428.

Antivirus is a staple security solution for businesses and everyday PC users, but have you ever considered how it works? By thinking through some of the details, you might gain a greater understanding of how antivirus works, what it does, and why you need to keep it updated. Today, we’re going to discuss just that, starting from square one.

First, the Threats

Antivirus is designed to detect threats on your company’s network, but how exactly does it do that?

It’s all based on threat definitions, an idea that is known as signature-based detection. Antivirus software typically has a long running list of viruses and other types of threats called a signature database against which your computer cross-checks. When you download a file or program, the antivirus software will see if it can find a match, and if it does, it blocks the file from being opened.

Since threats are constantly evolving, you need to ensure you’re using up-to-date threat definitions, otherwise your antivirus won’t be able to identify threats it doesn’t know to search for.

Next, the Search for Suspicious Behavior

Since not all threats are found in the aforementioned signature database, the antivirus software has to use different metrics to discover potential threats on your network.

Antivirus software can detect suspicious behavior to see if an application or program is acting the way it should. It might catch a program changing settings behind the scenes, for example. Once the antivirus software has identified potential suspicious behavior, it can take steps to block it.

You can think of it like a security system that catches criminal activity in the act, then uses the evidence to issue a “sentence.”

Finally, Quarantining and Removal

Cyberthreats are dangerous, and they need to be addressed as such.

Antivirus tools will lock threats into a quarantine where they can be safely handled by your security team. While in quarantine, it cannot cause you any more harm. From here, a security professional like our team at Coleman Technologies can remove the threat from your infrastructure without any risk of further damage.

Of course, it’s not always a clean removal in this way, and some threats are more resilient and sticky than others, but rest assured that an antivirus is one of the best ways to keep your business safe while conducting business online.

Want Real-Time Protection Today?

We’re sure you’re already using an antivirus tool, but is it the right one for your business? We can equip your business with an enterprise-grade antivirus solution that will keep it safe for the long haul. Learn more by calling Coleman Technologies at (604) 513-9428 today.

Wish One: Security Awareness
Some IT professionals feel like their job never ends, particularly in the realm of cybersecurity. They might feel that training employees to be aware of their actions is an uphill battle that just never stops. Increasing awareness of security is one of the key roles that an IT department plays for your organization, and if you can make their lives easier by shifting any of this responsibility from them, they’ll greatly thank you for it.

Wish Two: More of the Cloud
The cloud is a great way for organizations to get more out of their technology as it allows them to access services that might be exceptionally time-consuming to manage in-house. Saving this time is something that your IT department would relish, as they likely have their hands full with their current responsibilities. The cloud alleviates many of these pains, as it improves operations by enabling your business’ employees to access solutions on any device they want. The cloud gives your organization the opportunity to eliminate waste and deliver assets in a much more convenient and accessible way.

Wish Three: Improved Working Relationships
IT often has to deal with much more than just keeping your business running; it also involves communicating with other workers in your office. To put it in simple terms, the IT department is going to be on the receiving end of all your employees’ frustrations. You can give your IT the gift of a policy in which they must hear IT out. This gives them the ability to learn a little bit about the process, and it could potentially save several contacts with the IT department, meaning more time for them to spend on other initiatives. An outside perspective is helpful for helping people understand each other.

Does your business need the gift of managed IT? Coleman Technologies can help. To learn more, reach out to us at (604) 513-9428.

Cybercrime and cybersecurity threats targeting businesses have increased consistently over the last several years, so it makes sense that it won’t slow down in 2025. Let’s take a look at a few insights so you know what to be ready for.

Cybercrime is a Business that is Driven by Money

Cybercriminals target small businesses because it’s profitable to do so. They know smaller businesses might not have the same level of protection as a much larger company, but they certainly have access to valuable data, and would be willing to pay a ransom to keep their data.

That means cybercriminals treat their own work like a business, and they are constantly researching and sharing new ways to exploit small businesses to get the most return.

Attacks Will Use Multiple Approaches

We’ve been seeing this a lot over the last year—cybersecurity attacks might include multiple stages with backup plans to infiltrate your network. It might start with a phishing attack, but if that fails, the cybercriminal might resort to using social engineering attacks over social media or the phone.

AI is Empowering Cybercriminals

AI is a pretty powerful tool for the average office worker, so it’s absolutely going to be leveraged by the bad guys. AI attacks make cybersecurity threats more personalized, faster, and harder to detect. Criminals can use AI to automate large-scale attacks and adjust their attack vectors more rapidly, making it much harder to defend yourself.

The Biggest Threat is the Unknown

When it comes to cybersecurity, the most devastating type of threat is the one you aren’t prepared for. New types of threats crop up all the time, and they tend to do the most widespread damage before the rest of the world is able to counter them. With the trends we’ve been seeing, and the insights above, cybersecurity is a critical part of doing business and needs to be taken seriously by every single organization.

Let’s Protect Your Business from Cybersecurity Threats

Let’s work together to make 2025 a great year for your business. We can help prevent cyberthreats, equip your business with the tools it needs to be safe, and monitor and maintain your IT to keep things running smoothly. To get started, give us a call at (604) 513-9428.

You would think that since millions of phishing attacks are ignored, set to spam, and actively mitigated each month, that there wouldn’t be such a desperate effort to educate people about the signs of phishing attacks, but the fact remains that it only takes one successful phishing attack to compromise an entire workstation, network, or computing infrastructure. 

Today, everyone that works for your company will need to be able to spot and report a phishing attack. Doing so can sometimes be extremely difficult if the spammer does his/her homework. Consider using and teaching these tips to keep your business from being a victim of a phishing attack.

1. The Email Gives You Anxiety

One of the first things you need to know about phishing emails is that they almost always push you to take impulsive action. That’s why so many people fall for them each year. They often seem like they are from a legitimate source and are written to deliver fear. If the contents of an email give you an uneasy feeling, and they seem a little out of scope for the sender, chances are it is a scam and should be reported.

2. It’s Zipped Up

Hackers will often send attachments with their phishing attacks. If you are sent a .zip file, and you don’t immediately recognize the sender, do not click on it. In fact, it’s best practice that any email sent with an attachment, if you don’t know exactly what it is, should be verified before being opened. 

3. URLs and Addresses are Fraudulent

If you can’t tell by the tone of the content, one telltale sign that you are dealing with a phishing attack is to look at the URLs of the links or the actual email address the message comes from. Hackers will often resort to small changes and redirects to get a recipient into a compromised position. If you hover your cursor over any link, you can see the URL it directs to in the status bar. If it is not a URL you immediately know, you should verify from the sender.

4. The Message is Sloppy

Today’s company is more cognizant of their brand and message than any time in history. If you receive an email that is filled with grammatical errors, misspelled words, and poorly defined sentences, you will want to avoid clicking on anything. Marketers today are trained to make an email as personal as they can. If your email has an impersonal message, chances are it wasn’t sent from a marketer and should be reported.

This may not be a comprehensive list, but by following these tips you will be better prepared to deal with a phishing message. The IT professionals at Coleman Technologies do a lot to drive forward security as an integral part of any IT management policy. To learn more about phishing, call our knowledgeable professionals at Coleman Technologies today at (604) 513-9428.

Digital security cameras have revolutionized surveillance, supplanting their analog counterparts due to their myriad advantages. Let’s outline three key benefits of deploying digital security cameras.

Exceptional Video and Image Clarity

Digital security cameras are renowned for their capability to capture high-definition video and images, setting them apart. This heightened clarity proves invaluable for recognizing people, objects, or events in recorded footage. The augmented resolution and image quality offer intricate details, facilitating the identification of faces, license plates, and other critical information. This not only aids in incident investigations but also acts as a potent deterrent for potential intruders and wrongdoers, who know their actions are being meticulously documented in vivid detail.

Remote Monitoring and Accessibility

A hallmark feature of digital security cameras is their capacity for remote monitoring and accessibility. Today’s cameras empower users to view live video feeds and access recorded content from anywhere with an Internet connection. This feature proves indispensable for both homeowners and businesses, enabling real-time monitoring, instant alerts, and the ability to check on property security, even when physically absent. Whether you're traveling or merely away from your workplace, you can utilize your smartphone, tablet, or computer to keep a vigilant eye on the premises under camera surveillance.

Scalability and Versatility

Digital security cameras exhibit remarkable scalability and versatility, rendering them suitable for a diverse range of applications and environments. They can seamlessly integrate into existing surveillance systems or be expanded to meet evolving security requirements. This adaptability renders them ideal for a broad spectrum of installations, spanning from modest residential setups to expansive commercial configurations. Additionally, digital cameras are available in various styles and feature sets, permitting users to select the optimal camera type to align with their precise security needs.

The advantages of digital security cameras are more than the enhanced video quality they provide. They bring the convenience of remote monitoring, adaptability, and scalability, resulting in more effective and flexible security strategies. For more information about how Coleman Technologies can assist you in selecting the right digital security cameras for your business, give us a call today at (604) 513-9428.

Email is a great communication tool. However, certain things are just unsafe to communicate via email.

Let’s go through a list of such things. Better safe than sorry, after all.

What Should Never Appear in Your Inbox?

Passwords/Other Authentication Credentials

The advice is simple enough: don’t share credentials you use through email. While email is relatively safe, and you can delete messages on your end, you cannot ensure that the message is appropriately deleted and the recipient adequately protects the data. Plus, emails can be hijacked if either account is compromised, and you won’t know if that is the case until it’s too late.

Payment Card Numbers and Financial Details

Similarly, you should avoid sharing any payment or card details via email. It doesn’t matter how diligent you are about keeping your email cleansed of sensitive information… it is all about how diligent the person on the other end is. Unfortunately, you can’t assume they’ll respect your data security as they should.

Documents Under Attorney-Client Privilege

Are you starting to see a pattern here?

Privileged information should never be sent via email simply because—again—you have no way of guaranteeing that someone without privilege will not view it. These kinds of documents need to be handled much more carefully than to send them through any email platform.

Social Security Numbers

Considering how much official business a Social Security number is used for, it has been drummed into most of our heads how important it is to keep it secure. However, many people won’t think twice before sending this critical number in an email… a communication method that isn’t secure enough for all the same reasons we’ve already discussed. Unfortunately, this is too often overlooked, and an email’s security is overestimated.

Financial Account Numbers

This is extremely similar to the payment card situation we already addressed, except that access to a financial account would allow someone to take the funds and disappear with their ill-gotten prize. Therefore, sharing any financial information—such as account numbers—via email is also a bad idea, and any messages that contain it should be encrypted first.

Protected Health Information

Protected health information is extremely personal and private, not just because it reveals an individual’s most intimate details but also because these details can be used to a cybercriminal’s advantage in numerous ways… not to mention interfere with medical care.

State ID Numbers

This one—a state employer ID or state EIN—is used to help identify businesses for tax purposes and other governmental interactions. As such, it is extremely important for your business to protect, as scammers could use it to pose as a business representative and cause no shortage of headaches and confusion. This number could allow a cybercriminal to steal any tax returns due to your business, order goods as your business and stick you with the bill, or apply for unwanted loans that you would be on the hook for.

Long story short: don’t send these numbers in an email.

Driver’s License Numbers

If a cybercriminal were to gain possession of a driver's license number via one of your emails, they would have a key factor in perpetrating various crimes, posing as whoever’s license they had a number for. As such, a scammer could use this stolen identity to do a variety of things, from opening new financial accounts to filing for assorted benefits to claiming prescription medications to running more scams in your name (and everything in between). Again, the risks are not worth it.

Passport Numbers

Much like the aforementioned driver’s license number, a passport number in the wrong hands can accomplish many of the same scams and criminal activities. Lines of credit, government benefits, and more can all be claimed using a passport number as identification. As such, it is important to protect this number, and sharing or storing it in an email is not the way to do so.

It is Important to Be Vigilant When Composing an Email

Don’t let a fundamental mode of business communication be what makes your business vulnerable. Coleman Technologies can help you keep your business email secure. Give us a call at (604) 513-9428 to learn more.

The Now:
It’s the holiday season, which means that many will find that themselves traveling, either to visit family and friends or to seek out more agreeable climates. However, business being what it is, many will also still be trying to get work done during their travels.

Thanks to the incredible capabilities of the mobile devices we have today, this is made much easier. A business that leverages cloud solutions offers mobile users an exceptional amount of maneuverability, and the popularity of Bring Your Own Device policies have made it so that the resources needed to accomplish work goals are never too far away. Yet, this access is a catch-22, as it also means that data can be easily lost, far from the business’ location and the protections it should have in place.

Resultantly, there are a multitude of ways that a cybercriminal can come into possession of your data, either personal or professional. Fortunately, there are some ways to help prevent this from happening as well.

• Public Wi-Fi is Too Public: When out in public, you’ll want to avoid connecting to public Wi-Fi networks when shopping or accessing sensitive information. We all know that hunting for the best deals is made much easier when you can look up prices online, but you’ll want to use your data instead. Public signals make hackers’ jobs that much easier with their typically insufficient security standards.
• Charity Good, Charity Scams Bad: These phishing variants can come in via all avenues, but very commonly take the form of calls and text messages. A scammer pretends to be working for some charity, but in actuality, just wants your money and data for themselves. If you receive what you believe to be a charity scam attempt, you’d be wise to do some research into who is asking for it before handing over your data, payment information or otherwise.
• Charge Carefully: Whether you’re at the airport during a layover and trying to eke a few more minutes out of your device, or you’re deal-hunting online as you’re wandering the mall, you need to make sure you’re being smart about how you’re keeping your device charged. Many attackers will hide attacks in charging stations, waiting to strike whomever connects.

The Then:
Of course, these hacks and threats aren’t going to end after the holiday season is over. Moving into 2019, the above threats are still going to be just as large of a problem, along with many other threats. Much of this will be in part due to our reliance on mobile devices.

Hackers will still be able to intercept data exchanged on an unsecure network, more devices will become outdated and insecure (you may want to peek at some of those holiday deals for an upgrade), and yes, more people will enable these threats through uninformed decisions. You need to make sure that your business isn’t influenced by threats like these.

Coleman Technologies can help. Get your business a holiday gift by calling (604) 513-9428 and speaking to us about our managed IT services.

Even the solutions designed to keep businesses and organizations safe are vulnerable to the threat of a cyberattack, as when it all boils down, these tools are still software solutions, no matter how secure they might be. The company in question today—Barracuda—is a huge name in the cybersecurity industry, and it has become the victim of a zero-day exploit. Let’s go over how you can prevent your business from experiencing the same thing.

A Vulnerability Was Discovered in Barracuda’s Email Gateway Security

A vulnerability was discovered in Barracuda’s mail Gateway Security application only after it was exploited. This is the part of the email security system that scans email attachments, so it’s an important one. The breach was discovered on May 19th, and patches were swiftly deployed to resolve the vulnerability.

The official statement from the company is as follows:

“Barracuda recently became aware of a security incident impacting our Email Security Gateway appliance (ESG). The incident resulted from a previously unknown vulnerability in our ESG. A security patch to address the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. Based on our investigation to date, we've identified unauthorized access affecting a small subset of appliances. As a mitigating measure, all appliances received a second patch on May 21, 2023, addressing the indicators of potential compromise identified to date. We have reached out to the specific customers whose appliances are believed to be impacted at this time. If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause.”

Explaining Zero-Day Exploits

Zero-day exploits are those that were previously unknown to security researchers, only having been discovered after they are actively being targeted by a threat. The severity of these exploits can vary, but they are extremely difficult to detect, as they often go undiscovered and undetected for quite a long time. After all, you can’t protect against something that you don’t know exists. Eventually, these vulnerabilities can become serious problems and logistical nightmares for security companies and businesses alike.

What Can Be Done to Stop Them

The worst part of dealing with a zero-day vulnerability is not knowing if one exists, as well as not knowing how long they have existed for. In the case of this exploit, it doesn’t appear to be too long, but any vulnerability in Barracuda’s ESG system is going to cause quite a stir. Businesses use a lot of software throughout the course of their operations, and the same issue could happen for any application on your network. You need to have a strategy in place to handle potential threats as they arise or become known, and it starts with making sure that patches are tested and deployed as soon as they are available.

Coleman Technologies can help your business deploy patches and updates in a quick and efficient manner using our remote patch deployment solutions. We can keep your software secure and safe from all threats, and if zero-day exploits do arise, we’ll do what we can to deploy fixes and assess damages. To learn more, call us at (604) 513-9428 today.

It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.

Predictions Place the Global Annual Cost of Cybercrime this Year at $8 Trillion

With an estimated 400 million or so small and medium-sized businesses around the world, that breaks down into $20,000 of damage to each. Of course, in the real world, cybercrime isn’t divided up so equally. Many companies will be impacted less, and others will be impacted a lot, lot more. Speaking of which…

By 2025, Cybercrime is Set to Reach $10.5 Trillion

That’s quite a jump, especially when you update the impact to each of the 400 million SMBs around the world. Instead of about $20,000 damage each, this figure equates to $26,250… which, again, would not be evenly distributed.

This makes it all the more clear that cybersecurity not only needs to be seen as a priority for the world’s SMBs (including those around British Columbia) now, but also and even more so in the future.

Phishing Attacks Were Blamed for 80% of Cybercrime in the Tech Sector

Phishing—or the use of fabricated communications to illicitly gain access to a resource—is a huge threat nowadays, simply because of its use as a kind of delivery system for other forms of attack. When four out of five attacks involve phishing in some way, you can’t afford not to be prepared to spot and stop it.

Hopefully, These Statistics Start to Illustrate the Importance of Cybersecurity

If you’d like to learn more about your business’ potential protections and what we can do to ensure them, make sure you give Coleman Technologies a call at (604) 513-9428.

Remote work has seen unprecedented adoption in the past few years. While we’re all for the benefits that this trend brings, it is critical that any business that embraces remote or hybrid work does so securely.

Let’s discuss a few measures that your business can and should implement to achieve this security.

How to Secure Your Remote Operations

Let’s review some of the most key safeguards that anyone working remotely should have in place.

Use a Virtual Private Network

Which sounds like the more secure option to you: your organization’s protected and monitored network infrastructure, or your second-favorite coffee shop’s GENERIC-5G network, with password coffeebeans247 scrawled on a chalkboard for its patrons to use?

If you answered the latter, please give us a call right now, because we need to have a serious talk about cybersecurity. 

Of course a properly maintained network is going to be more secure, but what happens if you need to get some work done while you’re waiting on and/or sipping your macchiato? The smart answer is to use a VPN, which encrypts your connection and shields its contents from spying eyes, while allowing your team members to safely access the materials you’ve saved on your network.

The use of a VPN should be enforced wherever a remote worker happens to be operating from, whether that’s at home, away on a business trip, or if taking a working lunch at a cafe.

Only Use Approved, Secure Devices and Software

On a related note, it is important that wherever your team members might be operating from, they are using the right tools to do so. Unapproved technology being used for business purposes without IT’s knowledge or approval—given the ominous designation of shadow IT—brings a variety of issues with it. Not only do you not have any form of control over the device or the data stored on it, there are compliance issues to be considered. 

The same goes for software. If your team members aren’t using the software that you’ve designated they use, instead seeking out alternatives online and downloading potentially dangerous data packets, you are vulnerable to some serious issues and compliance concerns.

This makes it paramount that you provide your team with access and support for the exact tools you want them to use.

Maintain Your Equipment and Software

It’s also critical that the tools your team members are using are kept in proper working order, as this will not only make them more efficient, but more secure as well.

Your remote workers will need to have devices that are remotely monitored for threats and other issues, helping ensure that they remain secure even while they aren’t in the office under your watchful eye. The same goes for the software that gives these devices some direction—threats are actively being developed to undermine it, so it is important that you are just as diligent in keeping these devices up to date. We can use the same remote monitoring and maintenance software we use to manage your in-office devices to ensure your remote team is properly equipped.

Establish Basic Security Standards

We’ll never stop talking about how important it is for businesses to maintain their cybersecurity protections, and this importance is in no way diminished by remote work practices. More than ever, you need to ensure that your team is maintaining the cybersecurity standards you expect them to. Reinforce that they’re to abide by best practices—keeping an eye out for phishing, using secure passwords with multi-factor authentication, and others—and hold them to that expectation.

We’re Here to Help Businesses Operate Effectively and Securely, Regardless of Where Their Team Members are Working.

Give us a call at (604) 513-9428 to learn more about how we can assist you in making the most of your business’ technology.

Safeguarding your online accounts is an important part of maintaining network security. With the increasing number of cyber threats, relying on strong, unique passwords is no longer optional—it's a necessity. Remembering complex passwords for numerous accounts can be challenging, however. This is where password managers come in handy, offering a secure and convenient solution to managing your credentials.

The Password Predicament

Let's face it: everyone has multiple online accounts, from social media platforms to banking websites, each requiring a unique login and password combination. Many people, therefore, tend to create and depend on simple, easy-to-remember passwords or even reuse the same password across multiple accounts. Unfortunately, this is how people get hacked. 

Cybercriminals employ techniques to exploit weak passwords, such as brute force attacks and phishing schemes. Once they access one account, they can potentially compromise others, leading to identity theft and other serious consequences.

Enter the Password Manager

Password managers offer a robust solution to the password predicament by generating, storing, and populating complex passwords for all of your accounts. Here's how they work:

• Password generation - A password manager can generate strong, random passwords consisting of a mix of letters, numbers, and symbols, making them highly resistant to hacking attempts.
• Secure storage - Your passwords are encrypted and stored in a secure vault, accessible only through a master password or biometric authentication. This means you only need to remember one strong password to access all your other credentials.
• Auto-fill functionality - Password managers seamlessly integrate with your web browser and mobile apps, automatically filling in your login details when you visit a website or launch an application.
• Syncing on multiple devices - Modern password managers sync your passwords across multiple devices, ensuring you have access to your credentials whenever and wherever you need them.

Benefits of Using a Password Manager

Password managers have a series of benefits that they present to users. 

• Enhanced security - Password managers significantly reduce the risk of unauthorized access to accounts by generating and storing complex passwords.
• Convenience - With auto-fill functionality, you no longer need to remember or manually type out your passwords, saving you time and frustration.
• Improved password hygiene - Password managers encourage the use of unique passwords for each account, eliminating the temptation to reuse passwords or use weak variations.
• Peace of mind - Knowing that your online accounts are protected by strong, unique passwords provides peace of mind, allowing you to browse the internet confidently.

If you would like help choosing an effective password management platform for your business, give the knowledgeable IT consultants at Coleman Technologies a call today at (604) 513-9428. 

Today, it’s not enough to have an antivirus or firewall. You need solutions designed to actively protect your network and data from those that are actively trying to gain access to them. So while it may not be enough, making sure that your firewall and antivirus software are updated with the latest threat definitions, and that your other solutions like spam blocking and virtual private networks are being utilized properly, can set you up for success. Let’s look at four additional strategies that extend traditional cybersecurity into the modern age. 

Network Monitoring

Network monitoring is a solid strategy that will allow you to keep tabs on what is happening on your network. Today, there are remote monitoring tools that feature cutting-edge automated features designed to ensure that if something is funky on your network, or with your infrastructure, that you know about it before it becomes a major problem. Your IT support team should be outfitted with these tools as active monitoring may be the only strategy that can truly keep your network and infrastructure secure. 

Mobile Device and Endpoint Management

More businesses were relying on remote workers anyway, but with the COVID-19 pandemic that number has risen by several hundred percent. Mobile device management allows an organization to control the access each mobile user has to company resources, which applications employees can access on the network, while also providing control over the flow of mobile data. Securing endpoint access can go a long way toward protecting organizational computing resources from possible threats that users may have on their remote computers.

Security Training and Management

Today’s biggest threats often come into a network from user mistakes or negligence. In order to mitigate these instances, ensuring that your staff is properly trained is more important than ever. Not only will you want to provide them with the information needed to secure your network, you will also want to test them to ensure they are capable and willing to follow the company-outlined protocol on how to deal with threats. 

Threat Management and Detection

Despite your increased reliance on your staff to ensure that nefarious people don’t gain access to your network, there are still tools designed to identify threats and mitigate their existence. From firewalls to antivirus to powerful new threat management tools, if protecting your network from outside threats is a priority, making investments in solutions designed to eliminate threats is prudent. 

Coleman Technologies is the British Columbia experts in IT security. Call our expert technicians today at (604) 513-9428 to learn more about what you should be doing to secure your network and infrastructure.

Outdated software is an issue that all businesses have to deal with. The fact that so many organizations don’t routinely update their software solutions is pretty telling. For one, many businesses simply don’t have the resources at their disposal to make sure maintenance is performed on a regular basis. Granted, unless a business has taken substantial steps toward upgrading away from software that has reached its end of support date, they will have to suffer the consequences.

What Does “End of Life” Mean?

End of Life, also known as End of Support, is a term that is used to identify software that is not updated or patched after a specific period of time has passed. Certain Microsoft products can utilize the Extended Security Update, but only for a maximum of three years, meaning it’s more efficient and cost-effective to upgrade away from your old systems before they reach the end of support date.

What You Need to Do

How would your business be affected by a potential security breach? Since you won’t be receiving security patches or updates, you’ll need to consider this possibility. Following a major security breach, you’ll be forced to upgrade your systems anyway, so not only will you have those costs, but you’ll have to deal with the fallout of a data breach. It’s never too early to start taking preventative measures and think about the future of your infrastructure, as well as who will be responsible for the management, maintenance, and upgrading of your business technology.

Before Windows SQL Server 2008’s End of Support date arrives, consult this list of upcoming end of support dates and take the necessary steps to upgrade your technology. It’s better to do so now than wait until it’s too late.

We Can Help

Worrying about your business’s IT infrastructure is something that you simply don’t have time for. A managed service provider like Coleman Technologies can help you achieve affordable and accessible technology support, including the updates and patches needed to maintain network security. We can even help monitor your infrastructure for potential End of Support software that will soon be outdated. To learn more, reach out to us at (604) 513-9428.

Strategy #1 - Know the Value of Your Assets

By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses. 

Strategy #2 - Stay Proactive

One of the best ways to protect your network and infrastructure from security threats is to be proactive in your efforts to protect them. You’ll want to develop a response plan that is created with the worst-case scenario in mind. That way as soon as there is a cyberattack, you will know how to react and what strategies to take to mitigate the problem. 

Strategy #3 - Train Your People

One thing is certain, a well-trained staff will do more to protect your network and data than any other solution. The “all-hands-on-deck” strategy to cybersecurity will minimize the frequency and severity of cyberthreats by nearly 50 percent, so ensuring that all of your people know how to spot abnormalities (especially phishing attacks) can save your business a lot of time and money. 

Strategy #4 - Keep Innovating

One thing is certain, cybersecurity is as much about staying out in front in terms of tools and strategies as it is about being hyper-aware of potential problems. Sure, knowing how to react to a data breach or successful phishing attack is important, but the more that you understand how these hackers are coming at your business, and putting tools and strategies in place to thwart those attacks, the more secure your data and resources are going to be going forward.

Cybersecurity is a long game and if you want the best team in British Columbia helping you come up with strategies and outfitting your business with the tools it needs to keep hackers at bay, give Coleman Technologies a call today at (604) 513-9428.