Coleman Technologies Blog

Have you ever suspected that a hacker could silently observe your email interactions with your clients and your staff? If you manage your own email infrastructure, we want to highlight the importance of email encryption. Encryption keeps your business’ email communications secure and compliant so you can worry less about security and privacy to focus more on running your business.

Can you tell the difference between your colleagues and a scammer with access to their email account? This is essentially what a business email compromise attack involves—a scammer initiates a phishing scheme using an internal mode of communication. These scams are also observed in schools, making them dangerous in the education sector.

Email is a great communication tool. However, certain things are just unsafe to communicate via email.

Let’s go through a list of such things. Better safe than sorry, after all.

Do you have trouble keeping up with your email inbox? You’re not alone; business professionals all over the world struggle to get to the fabled “inbox zero.” If you want to change the way you manage your inbox for the better, you should consider the RAD method. It might just change your life.

The proposed ideas here come from Nick Sonnenberg, founder and CEO of Leverage.

All businesses use email to communicate, but too many organizations haven’t jumped on the encrypted email bandwagon yet. Encryption is incredibly helpful to keep networks and infrastructure secure, and it can do the same for your email solution. In fact, it is likely required to ensure the secure transfer of critical and sensitive information.

All it takes is one oversight to potentially undo any benefits your cybersecurity protections and other best practices may deliver. For instance, even if you have things like multifactor authentication in place, a phishing scam or even some malware varieties could potentially give an attacker access to your email… and all the data your messages contain, just sitting in your inbox.

We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.

There are few technology solutions that have been as transformative and important for businesses as email. Unfortunately, however, it’s remarkably easy for a hacker to gain access to an email account to cause all kinds of chaos for a business. Let’s consider ways you can protect your business’ email accounts and, by extension, the rest of your organization’s infrastructure.

In business, good communication is essential. If you do it right, you can streamline actions that can save your business a lot of money and build incredible efficiencies that can bring your vision to reality. Poor communication, on the other hand, can hinder a business’ ability to prosper. In order for your staff to be able to communicate effectively, they need the tools to do so. Here are three tools that most businesses should have in place to help drive business forward.

Email groups are remarkably useful. Instead of sending a copy of an email to each individual recipient, you can effectively create a simple forum post that everyone can participate in—a feature that certainly helps when collaboration is a priority. Let’s go over how you can quickly and easily create a group in Gmail.

Phishing has become one of the great problems for technology users in the 21st century. The ironic part of the whole thing is that it has taken a good old-fashioned social engineering scam to make today’s robust information systems less secure. Phishing is the predominant way that hackers and scammers gain access to the systems they target. Today, we’re going to spell out what to train your employees on to help them identify phishing attacks. 

The holidays are fast approaching and that means people are going to miss work for one reason or another. If you can get away from the office for a little bit, you’ll want to set up an out-of-office message to ensure that others know you will get back to them when you get back to the office. Here’s how you can set up an autoresponder for an out-of-office message in Microsoft Outlook.

How Ransomware Works

Imagine for a second the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, a particularly ugly malware that could cost you everything. 

Make Your Inbox Do the Work for You

You’ve got better things to do than organizing and prioritizing your emails manually. Granted, you’ll still need to respond to important emails, but most email clients have everything you need to set up a system that automatically parses and sorts emails based on a whole slew of different factors. It will take a little time, and likely a few rounds of adjustments to get your inbox to work the way you want it to, but we’re going to show you the tools that will help get you there.

There are multiple add-ons and browser extensions available to help boost your email templates with more dynamic options, but today, we’ll be focusing on the baked-in capabilities that Gmail comes with.

Give Your Team Members Some Responsibilities

An in-person meeting and a meeting through a conferencing solution can admittedly have two very different feelings to the participants. The kind of participation that comes somewhat naturally in an in-person meeting can suddenly feel entirely foreign, the visual context cues that would normally drive the conversation stripped away using technology. As a result, awkward pauses and missed line items abound. This can easily lead to people increasingly talking out of turn, while others will remain silent. One way to help mitigate this is by distributing an agenda with assigned segments beforehand. That way, each team member will be responsible for some facet of the meeting, with the bonus of being able to prepare ahead of time to increase the meeting’s benefit.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

What is a CRM?

Short for Customer Relationship Management, your CRM is the tool that helps you track the relationships you have with the people you offer your services to, assisting you in developing these contacts into faithful clientele. As a bonus, these solutions generally come with integrations that give you access to even greater capabilities and resources.

#1: Interact with it less.

As we established from the very start, email can very rapidly shift from an asset to a considerable time commitment, often multiple times throughout the workday. If possible, avoid getting drawn in by reducing the total amount of time you spend in your mailbox. There are a few ways to accomplish this:

First, it will help to briefly review how each attack works.

How Ransomware Works

Imagine if you tried to log into your computer, only to be presented with a message that your entire computer had been encrypted, and that (unless money is transferred to the perpetrator, often through cryptocurrency, within a period of time) the contents of your device will be wiped. This is precisely the experience of someone victimized by a ransomware attack.

How Phishing Works

Remember those old scams, where the target would receive an email from some nobility or long-lost relative that asked for a sizable loan or investment (all to be paid back with interest, of course)? These are phishing scams, known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. As time has passed, these schemes have become much more effective - and harder to spot.

These Attacks Can Easily Cooperate 

Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. Let’s run through a fairly typical scenario that someone using both may subject you to, and how you can spot these kinds of joint efforts.

Let’s say you open your business email to find a message that appears to come from the Microsoft Support team - which, unnoticed by you, actually reads “Micrrosoft Support” in one or two places. According to the email, there’s a hugely serious security issue affecting systems across the board, which is why Microsoft is supposedly sending out these emails, with the necessary fix bundled in as an attachment.

Trouble is, this isn’t actually a fix to an issue - it’s actually an executable file that installs ransomware when you try to apply the “security fix” and creates a huge problem.

This is exactly why these two distinct attacks combine so well… by incorporating phishing strategies into the distribution of their ransomware, a cybercriminal has the ability to boost how successfully their ransomware can infect the users that are targeted.

How to Spot Phishing to Avoid Ransomware

There are assorted warning signs that a message is a phishing attempt that you should always keep an eye out for in order to protect your business. For example:

• Details are off - In keeping with our above example, how likely do you think it is that “Micrrosoft” would send out an email in which they misspelled their own name? While this is admittedly happening less in phishing emails, the same goes for the small things that are easily overlooked. Was the email in question sent from “user at example.com”? Or, was it actually sent from “user at exarnple.com?” Tricks like this are common ways that cybercriminals will try to pull the wool over a user’s eyes.
• There’s excessive urgency - To keep users from paying too much attention to the minutiae of the email - like the “off” details we just discussed - many cybercriminals will write their phishing messages to instill a sense of urgent panic. If an email starts to make you panic, collect yourself and look at it more objectively.
• There’s a link or an attachment - As the preferred means of delivering a ransomware payload or other issue, attachments or links to websites present no small amount of risk, especially if they are received unexpectedly. If at all possible, avoid accessing these without reaching out to the sender to confirm their legitimacy through another method of communication.

There are many other steps you need to take to protect your business from these insidious threats - from keeping a comprehensive backup to user training to applying spam filtering to your email. Coleman Technologies can help you implement them - give us a call at (604) 513-9428 to get started.