This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.
Coleman Technologies Blog
What You Need to Know About the Massive Solarwinds Hack
How Did the Attack Happen?
In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:
In reality, it takes several different tools to make a network as secure as it needs to be.
Why a Firewall Isn’t Enough
A firewall serves only one purpose, and that’s to monitor traffic that goes in and out of your network for any security issues. However, it’s important to remember that there are threats that can bypass firewalls, and that there are other components of network security besides monitoring traffic.
Clearing the Ethical Hurdles of Employee Monitoring
Monitoring Employees Without Their Knowledge
We figured it would be most appropriate to discuss the no-go option first, which would be to start monitoring your employees without their knowledge or consent. As you would imagine, this is the shadier side of the monitoring spectrum, and is actually illegal in most cases. Unless you have reason to believe an employee is actively acting out and are investigating them, you are not allowed to use monitoring software to keep an eye on your team without telling them.
Alert: Update Windows Netlogon Remote Protocol Now, says Homeland Security
What’s the Exploit and Who Does It Affect?
The vulnerability in the CISA’s emergency directive affects all supported Windows Server operating systems. It’s been named Zerologon, and If left unpatched, it could allow an unauthenticated threat actor to gain access to a domain controller and completely compromise your network’s Active Directory services. The vulnerability gets its name because all the hacker has to do is send a series of Netlogon messages with the input fields filled with zeroes to gain access.
Spoiler Alert: Macs Do, in Fact, Get Malware
Not to be juvenile about it, but duh. A computer produced by Apple can just as easily be infected by malware and ransomware, just as they can also experience any of the other problems that a PC user would. Hardware failure, slowing with age, crashes, data loss—these and so many other issues can be seen in a Mac.
Today, it’s not enough to have an antivirus or firewall. You need solutions designed to actively protect your network and data from those that are actively trying to gain access to them. So while it may not be enough, making sure that your firewall and antivirus software are updated with the latest threat definitions, and that your other solutions like spam blocking and virtual private networks are being utilized properly, can set you up for success. Let’s look at four additional strategies that extend traditional cybersecurity into the modern age.
Today, there are literally billions of phishing emails sent each day. Inevitably, you are going to confront this problem, and depending on your staff’s preparedness (or intentions), you will either deal with them or they will likely deal with you.
The first thing that you should know is that you have to train up your staff about phishing and other issues surrounding your organization’s security. They have to understand social engineering tactics used by scammers to infiltrate networks, steal data, and deliver malware. If they are left in the dark about these issues, you will likely see a plethora of cybersecurity problems in your immediate future. It’s good to be lucky, but you’d rather be good.
First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.
Tip of the Week: Keep an Eye on Your IT While You Aren’t There
First, we’ll define what “infrastructure monitoring” refers to:
Understanding IT Infrastructure Monitoring
Infrastructure monitoring covers a few different considerations, all critically important to the continued productivity of your business. These considerations include things like the physical condition of your infrastructure’s hardware, how your operating systems are being utilized, how much of your network’s bandwidth is being consumed and how many errors are occurring, or the performance and availability of your applications.
What is Social Engineering?
Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack.
Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.
Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.
When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.
Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.
Business as Usual
When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business--where there are often a lot of moving parts--and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems.
Reaction to Fear
Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem.
Coleman Technologies Can Help Protect Your Business
If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at Coleman Technologies can help. Call us today at (604) 513-9428 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.
One crucial component of any successful cybersecurity practices is the active effort to eliminate risk wherever possible. Here, we’ve compiled five practices that will contribute to your business’ capability to recognize where its threats come from. While these aren’t exactly policies to help protect your data, they can help you collect the data you need to form these policies.
1. Inventory All of Your Assets
When you resolve to protect everything, as many business owners do, it helps to know what exactly “everything” includes. Maintaining a comprehensive inventory of all of your technology-- each wire, additional peripheral, and software title your business has acquired--makes managing your technology far simpler and more efficient.
2. Push Cybersecurity Best Practices
Your staff, being the ones with their hands on your business technology, need to be trained on how to maintain its security. As it happens, this training should transcend just security and cover their cyber hygiene as well. The more they know about how to better secure their use of your technology and identify threats and issues, the more secure your business will be.
3. Address Shadow IT Head-On
Shadow IT is an insidious problem that many don’t even consider an issue. The phrase “shadow IT” basically serves as a blanket term for any software that an end user has downloaded without the knowledge and approval of the IT administrator. While there are many potential issues with shadow IT, the worst of them likely comes from the vulnerabilities that unapproved and unpatched software can bring into the network. By enforcing a policy of utilizing only the solutions that IT has vetted and approved, you can protect your business from one of the least expected threats there is: the employee who was just trying to do their job.
4. Ensure the Proper Tools are Implemented
Cybersecurity, on paper, isn’t such a difficult process. The issues come from the fact that everyone involved needs to understand the threats facing them and why the practices and tools they are expected to utilize are so crucial to security. Unfortunately, if the reasoning behind using antivirus and anti-malware, firewalls, spam blocking and content filtering (among other security tools) is never addressed, their use is more likely to be taken for granted, and ultimately neglected. Not only should these tools be in place, there needs to be an organizational commitment to using them… otherwise, threats are more likely to be an issue.
5. Keep IT Refreshed
As a general rule, the older your technology gets, the less effective it is at serving its intended purpose. This can be resolved by making a point of systematically and strategically patching, updating, and upgrading the technology you rely on to operate. More up-to-date solutions have better security and can better keep your assets safe, threats less of a consideration (but still one to be consideration).
Coleman Technologies can help you put these practices in place for the betterment of your business and its security. Reach out to our team for improved cybersecurity by calling (604) 513-9428 today.
Let’s start with where we are now. History is best told on a timeline, so let’s start from the present. Cybercrime today is profiting over $1.5 trillion each year, and that figure continues to climb. Some have predicted that this figure will nearly quadruple by 2021. Security breaches are up by 67 percent over just the past five years.
How is this figure climbing so quickly? Well, let’s examine the most popular form of cybercrime: phishing. The method that cybercriminals are using are able to deploy all types of malware, yet also has data-stealing abilities. Whether that data is your sensitive personal information, or login credentials to your bank account, phishing gives a cybercriminal direct access. The worst part for people who have fallen victim, is until something dramatic happens, they are clueless that they have even become a victim. Phishing attacks have led to billions of records being exposed, stolen, or corrupted each year.
Cybercrime has become a real concern for all business owners. So how did all of this start?
This information Coleman Technologies is about to reveal may be hard to believe, but cybercrime was Bob’s fault. This trillion-dollar criminal trend is the result of a research project held by a man named Bob Thomas. Bob Thomas made the observation that a program is able to move across a computer network, leaving a trail behind. He then proceeded to write a code that was named “Creeper”. This code resulted in a program that was designed to travel between Tenex terminals on the ARPANET. The message that came across? “I’M THE CREEPER : CATCH ME IF YOU CAN”.
The research project sparked the attention of email inventor Ray Tomlinson. Tomlinson altered this program into a self-replicating one. This resulted in the first computer worm. Immediately after this discovery, he wrote an additional code which was titled “Reaper”. This chased down the Creeper code, and deleted it; which resulted in what was effectively the first antivirus software.
So how did Bob’s experiment start all of this? Well, in the 1980s Soviet hackers considered the applications of this experiment. Academics designed applications that could be used to infiltrate other networks. This ideology quickly spread, and in 1986 German hacker Marcus Hess hacked into an internet gateway which was hosted at the University of California at Berkeley. This hacked connection was then used to piggyback onto the ARPANET. He hacked into a total of 400 computers, including mainframes hosted at the pentagon.
How did this turn into such a profitable “business”? Hess planned on selling the secrets found on these computers to the Soviet KGB. Before he was able to do so, he was caught by the group effort put forth by the FBI and the West German government. His conviction was the first of its kind -- cybercriminal activity sentencing. The abnormality of the case resulted in a 20-month suspended sentence.
At the same time as this was occurring, computer viruses started to become a serious threat. With the exponential growth of the internet, there were more connections that viruses could infect. The virus started to become a real problem.
In 1988, Robert Morris woke up and decided he wanted to see just how big the internet had become. Morris, a software engineering student at Cornell University, wrote a program designed to spread across various networks, work themselves into Unix terminals, and begin replicating. The software replicated so quickly that it actually slowed down the early Internet, which caused major carnage. This carnage become known as “the Morris Worm”. Morris’ worm resulted in the formation of the Computer Emergency Response Team, known as US-CERT today. Morris was the first person convicted under the Computer Fraud and Abuse Act (CFAA). This act was introduced with the intentions to protect against unauthorized access.
After Morris’ worm was handled, viruses began being developed at an absurd rate. The antivirus industry, which started in 1987, began to grow as a result. By the time the Internet was an accessible user-product in the 1990s, dozens of solutions were available to prevent devices from being infected. These solutions scanned the binaries on a computer, and tested them against a database of known virus-code. There were major problems with this protection method, such as the abundance of false positives. They also had a tendency to use a lot of the systems’ resources to scan for these viruses. Remember how slow dial-up used to feel? Your anti-virus could have been the culprit.
The mid-90’s to late-2000’s were a prospering time for the world of viruses. While the figure was estimated to be a few thousand known viruses in the mid 90’s, that figure was estimated to be around five million by 2007. These different malware strains were either worms, viruses, trojan horses, or other forms. By 2014, 500,000 different types of strains were being created daily. This time truly was the malware boom.
Who was stopping this boom? Well, nobody. Cybersecurity professionals needed to make an effort. Antivirus solutions simply couldn’t keep up, and while they might detect malware, they had a hard time preventing it. Innovations in cybersecurity developed quickly. First, endpoint protection platforms (EPP) that didn’t just scan for known code, they also scanned for code similarities. This meant that unknown viruses could be detected.
With advanced malware defeating endpoint protection regularly, it was time to further innovate cybersecurity measures. The timeline innovators had was cut short with the deployment of WannaCry. WannaCry was, at this point, the most devastating piece of malware that existed. WannaCry even shook the world of the most capable security professionals. It encrypted the data on a computer and forced the computer owner to pay in Bitcoin to regain access to these files. This deployment sparked an explosive increase in the cybersecurity industry. It was time for cybersecurity to surpass the capabilities of cybercriminals, instead of being constantly behind.
The only way anyone was able to determine if they were being infiltrated was to have a transparent network. Administrators began using endpoint threat detection and response (EDR) services to monitor their networks. This solution is still cutting edge by today’s standards. While this isn’t the end for cybersecurity, EDR services are extremely capable of keeping malware out of your network.
If you would like to learn more about cybersecurity, or are interested in keeping your business’ data safe, call Coleman Technologies today. Our professionals can be reached by calling (604) 513-9428.
Any data you collect, you must protect. You might not think your business is big enough (or noteworthy enough) to be targeted by hackers, but the truth is, those are the reasons you are a target. It is estimated that by 2020, more than 24 billion devices will be connected to the Internet, so it is imperative that you follow simple, yet crucial, steps to ensure your data and information are kept safe.
Here are some variables you--and the other people on your network--need to be aware of.
Phishing attacks are some of the most prevalent attacks being made in 2019. Basically, users will send you an email that seems to be from a user the recipient might know. If a user interacts with that email by clicking on a link or downloading an attachment, the phishing scam is a success. A successful phishing scam is a huge problem for your business.
You will want to train your staff on how to spot and avoid phishing attacks. Phishing attacks have been developed to be subtle and admittedly easy to miss. There are, however, several tell-tale signs that an email is legitimate. Hackers know that the weakest link in any business or organization is the employees. Do your employees know how to recognize an out of place email? It is crucial that you take the time to train your employees the art of phishing identification.
Passwords are the standard in which most people use to keep files secure and to authenticate access to devices, platforms, programs, etc. Understanding what makes a strong password can go a long way toward securing your IT resources. Some best practices include:
- Creating strong, unique passphrases
- Changing passwords frequently
- Using Upper and Lowercase letters, numbers, and symbols
Multi-factor authentication, often rolled out as two-factor authentication, puts an additional step between you, and potential threats to your network or data. You use a password to unlock a 2FA/MFA platform that requires you to get a randomly-generated code from a third-party device to gain access. Since you need a third-party device/account to open the application, account, or device protected by 2FA/MFA, that account is more than twice as secure.
Applications and Software Updates
In order to say ahead of security attacks, the software you use cannot have vulnerabilities. As a result, patching and updating software is essential to comprehensive security. If you are going to remain secure you will want to be sure to stay up-to-date on your updates.
How Do I Know If My Systems are Safe?
So, you want to know if you are safe from a cyberattack? To put it lightly: nobody is. By associating security preparedness with cybersecurity and routinely taking proactive, preventative measures to enhance your security position, you reduce the chance that your organization will have to suffer from downtime, data loss, and reputation damage that a data breach would bring your company.
If you would like more tips; or, if you would like to talk to one of our experts about network security, call us today at (604) 513-9428.
Leverage Authentication Measures
One of the first steps to securing your network against threats is to create strong authentication procedures. Most of the devices with permission to access your network will already have an authentication system in place, based on a password. If the passwords used are strong enough, this can actually mitigate most threats - but you still have to worry about the ones that this doesn’t discourage. Leveraging something called multi-factor, or two-factor, authentication can help minimize the chance of something slipping past your security.
Two-factor authentication works in a relatively straightforward way. As with most login systems, a username and password are entered - but instead of being granted access, the user is asked for another credential. This is usually a randomly-generated code that a specialized authentication app will generate. Mobile devices are popular to use with 2FA, as their convenient nature makes them more likely to be available when needed. In order for a user to leverage their mobile device, the 2FA system administrator has to authorize it.
Tip: Make sure that you don’t let your password best practices slip, even if leveraging 2FA. Your passwords still need to be sufficiently complex. If you are one of those who find remembering different passwords difficult, consider using a password management system in conjunction with your 2FA.
Protecting Your Business’ Computing Environment
Whether you use a Local Area Network or a Wide Area Network, the security practices that you need to deploy are fairly predictable. Once you’ve seen to your authentication needs, you need to combine three approaches to security into one all-encompassing strategy: your software-based security, your physical security measures, and your security awareness and best practice training.
There are many examples of how software can help keep your business’ network secure. From firewalls to content filtering to antivirus to spam detection, each of these tools protect your business data from a different kind of threat. You may even want to consider adding encryption to your email solution to make it a lot less likely that the contents of your messages will be intercepted.
Tip: If you aren’t sure which solutions are the right ones to implement, think about how your data moves about your business. The more insight you have into how your data operates, the more effectively you will be able to plan its protections.
Physical Security Measures
Somewhat ironically, we seem to have become so focused on our digital security that it can sometimes seem like we forget that there are very real reasons to protect our physical locations and infrastructure, as well. Consider the damage a bitter ex-employee could do in moments, should they manage to get into your server room. It has become fashionable to leverage biometric authorization measures to protect your server room - and there’s a lot to be said about a good, old-fashioned surveillance system, complete with alarms and cameras (as well as some updates to make this system considerably less old-fashioned).
Tip: Bring in a consulting professional to help you determine your physical security needs. Not only does this save you time by eliminating work you would otherwise have to do for yourself, it ensures that your system will be designed by an experienced professional that knows what will work best in different situations.
Security Awareness and Best Practice Training
Would you be surprised to hear that your employees are likely your biggest vulnerability? Of all of the pieces that make up your network security, the people who use your technology are the leading cause of security issues. With the number of ways that your business could be attacked, your staff needs to be educated on how to identify them and avoid them.
Tip: Both businesses and individuals have experienced difficulties with phishing and it adversely affecting them, so it makes sense to begin your training there. Not only is it a common issue, it is conceptually very simple to grasp, so it is a good starting point before moving on to increasingly complex concerns. The more your staff knows about how they can resist attacks, the more likely they’ll be able to do so if the needs arises.
Remote Solutions Via the Cloud
Modern organizations need to contend with potential threats to their network infrastructures, as businesses always have in some form. The difference is that issues can now come in on the mobile devices owned by their staff, and company resources can be routinely accessed from outside the business’ area network.
This has helped contribute greatly to the growth of cloud computing technologies - although the relative cost savings don’t hurt either. Using the cloud, your staff can access their work data and applications from a remote location, while the resources stored in the cloud are kept secure by the platform’s baked-in security and privacy.
Mobile devices have also been a disruptor to business-as-usual, which means that businesses need to plan on leveraging them if they don’t want them becoming a distraction. Designing a Bring Your Own Device policy and enforcing it through mobile device management solutions is an effective and secure way of reaching a compromise and minimizing the time wasted by mobile devices in the workplace.
Tip: Remember that cloud services are inherently scalable, so you don’t need to worry about overreaching your capabilities. However, you also don’t want to waste capital that doesn’t need to be spent. Auditing your resources is an effective way to identify and eliminate redundant costs leeching from your budget.
Network security can be complicated, but it is an absolutely crucial element to your technology strategy if you want to have any success. Coleman Technologies can help take care of the technical side of things for you, and help teach better habits to your staff. To learn more, keep reading our tips, and reach out to us at (604) 513-9428.
Think Before You Click: Spotting a Phishing Attempt
Give Me the Short Answer - What’s Phishing?
Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.
The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.
Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.
How to Spot a Phishing Attack
Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.
Still, there are some practices you and your staff should use:
Always Use Strong, Unique Passwords
This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.
Check the From Email Address in the Header
You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.
Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.
Don’t Just Open Attachments
This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!
Look Before You Click
If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.
For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:
- Paypal.com - This is safe. That’s PayPal’s domain name.
- Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
- Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
- Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
- Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
- Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
- Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!
Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.
Training and Testing Go a Long Way!
Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Coleman Technologies. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.
Staff Education Goes a Long Way in Preventing Security Issues
Unfortunately, most attacks still come in through email, and can slip by your users. Even the most complex cybersecurity platforms used by massive corporations and governments can be foiled by a simple phishing attack, and your end-users are your last line of defense.
How Can an Employee Fall Victim?
Phishing attacks are designed to look real. An email might come in looking like a valid message from Paypal, a bank, a vendor, or even from another employee or client. Hackers use several tricks to make the email look real, such as spoofing the address or designing the content of the email to look legitimate.
Unfortunately, if the user clicks on the link in the email or downloads the attachment, they could open themselves and your company up to whatever threats contained within.
Commonly, this leads to stolen sensitive information, or installs malware on the device, or grants the hacker the ability to log into the user’s bank account.
While having strong IT security can reduce the amount of these phishing attacks that come in, a percentage can be tricky enough to bypass your firewalls and content filters, exposing your staff to situations that could your whole endeavor in
Educate Your Employees
It’s important to teach employees how to catch a phishing attack. We recommend sharing the following steps with your staff, or even printing them out and posting them around the office:
- Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from Paypal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
- paypal.com - Safe
- paypal.com/activatecard - Safe
- business.paypal.com - Safe
- business.paypal.com/retail - Safe
- paypal.com.activatecard.net - Suspicious! (notice the dot immediately after Paypal’s domain name)
- paypal.com.activatecard.net/secure - Suspicious!
- paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
- Check the email in the header. An email from Amazon wouldn’t come in as . Do a quick Google search for the email address to see if it is legitimate.
- Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
- Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious.
Another great tactic is to have regular phishing simulations. This is where we create a series of fake phishing emails (don’t worry, it’s safe), and randomly send it to your staff. When someone falls for the attack, we send them educational information to help them prevent being tricked by a real one.
We’ve found this to be very effective, without taking a lot of time out of an employees already busy day.
Are you interested in helping to protect your staff from falling victim to phishing attacks? Give us a call at (604) 513-9428.
Password security doesn’t have to have a nuisance. Here are some of the easiest best practices to follow when building a password.
- The longer the password, the better: Long passwords are better for security than short passwords, but only if the password contains a varied-enough string of characters. You should aim for at least 16 characters.
- Special characters, numbers, and symbols are great for security: A strong password will contain both forms of letters, numbers, and symbols.
- Alphanumerics are ideal: If you’re trying to improve security, use alphanumeric passcodes. Try replacing a lower-case “i” with an exclamation point, or an “a” with the “@” symbol.
- Passphrases work wonders: If you find passwords are hard to remember, a passphrase might help. Use a short phrase that is easier to remember, but difficult to guess. A good example is, “[email protected]$2much” instead of “ILoveWafflesTooMuch.”
- Password variety is key: It might seem counter-intuitive to use multiple passwords that are difficult to remember, but it’s much more secure to use different passwords for each of your accounts. If the same password is used for each account, all it takes is one breach to expose multiple accounts to risk.
Of course, best practices are more than just what you practice; it also includes what you don’t practice. Here are some pointers.
- Avoid words like “password”: Some of the most common passwords out there include “password” and “notapassword.” You should avoid using these whenever possible, as they are often the first ones to be cracked.
- Avoid key strings like “qwerty”: Strings of characters with consecutive keys, like “qwerty” and “12345678,” should be avoided at all costs.
- Don’t include sensitive information: You wouldn’t believe how easy it is to find sensitive or personal information about an individual--especially if you are the target of a hacker. To make sure a hacker can’t use any information contained in your password against you, avoid using anything like this in your password altogether.
Coleman Technologies can equip your business with a password manager to improve network security and better manage account passwords. To learn more, reach out to us at (604) 513-9428.
Before we go into depth about network and cybersecurity, we’d like to point out just why they are so important. You invest a lot of time and money into making your business what it is. You pay a lot of money for hardware, software, services, and time to give your business a chance to succeed. The act of protecting your business, its staff, vendors, and clients is one that should be taken seriously, because if any are compromised, your business is in trouble.
The Protection of Business Computing
Today’s business uses a computing infrastructure that is much larger and complex than most and includes considerations outside the physical confines of the network. Cloud services have become a very popular product for businesses and individuals alike. Cloud services are hosted in some other place, and by companies that have taken great diligence at securing their solution. For obvious reasons, you can’t guarantee that your cloud-hosted data is 100% secure, but logic suggests that a company offering computing services over the Internet would be in serious trouble if they were to have their security compromised.
These services all have dedicated access control systems that are designed to only let authorized users in. Some organizations also require their staff to utilize two-factor authentication to secure the solutions further.
This brings us to the perimeter of the network. Regardless of a company’s ineptitude with cybersecurity, there is typically some form of firewall that stands between the Internet and the company’s network. If the firewall is properly maintained with threat definitions, it will stop a good amount of unwanted traffic. It’s just not enough. With the immense amount of attack vectors threats are coming from nowadays, a stand-alone firewall is like a single sheet of flypaper in front of a window.
Going the Extra Mile
In order to keep their business’ data and infrastructure safe, many organizations have begun to utilize Intrusion Prevention Systems (IPS). These systems include Intrusion Detection Systems (IDS), software that attempts to block determined threats, and logs network traffic so that IT professionals can go in and see the current state of the network.
For years, this would have been enough technology to keep most threats out. Nowadays, however, it’s really just getting started being vigilant. If you consider your network to be like an onion, you need to understand that each layer needs to have its own set of security protocols that typically come in the form of a dedicated access control system and a firewall. This way, every “layer” is protected from its perimeter, to the applications, to the databases that hold all your data. This tiered access control system is designed specifically for your needs and is in place to do one thing: protect your assets.
It also works to protect your business against the biggest digital threat on the Internet: phishing attacks.
A phishing attack is where someone outside your network tries to infiltrate it by passing off some form of correspondence as legitimate. It’s all a fraud. Verizon, who does an annual study of cybersecurity, found that around 90 percent of all network attacks are the result of successful phishing attacks. Unfortunately, there is no piece of software out there that will make phishing attacks completely benign. That is why training is so important.
Training Your Staff
Training your staff about phishing (and cybersecurity in general) has to be a priority. You’ve spent a lot of capital and time building what you have, and the thought of losing it because you bullheadedly forged ahead without getting your staff trained up properly could be thought of as shortsighted.
A phishing attack is now the preferred method of hacking. Since security systems have evolved to be hard to crack, hackers now look to use your staff’s legitimate credentials to gain access to your network, applications, and databases. By training your staff about phishing, specifically what to look for, how to react when they come across phishing attacks, and what the consequences of a phishing attack can mean for your company, you should be in a better position to protect your network, infrastructure, and data against the onslaught of outside phishing threats.
To learn more about how to secure your network, train your staff, and acquire the technology you need to protect your business, reach out to Coleman Technologies today at (604) 513-9428.
Birth of the Internet
The first Internet was born on college campuses. It was built by intellectuals, for academics, without the massive list of considerations that now accompany software development. It spread quickly, of course, and somewhere, pretty early on, it was decided that by being able to support commerce, the Internet could become one of the west’s greatest inventions.
This came to fruition in 1984 when the first catalogue was launched on the Internet. This was followed by the first e-store (at books.com) in 1992, and the first software to be sold online (Ipswitch IMail Server) in 1994. Amazon and eBay launched the following year and the Internet has never been the same.
By then, the academic uses for the Internet had multiplied, as well. By the time Amazon launched, many colleges and universities were offering students access to the Internet as an important part of their continuing education. Boy, was it ever.
Today, you’ll be hard pressed to find a classroom (outside of the poorest school districts in the country) where every classroom isn’t Internet-ready.
College Internet Needs and Cybersecurity
This stands true in university and college circles, as well. Campuses today are almost completely connected. You’ll be hard pressed to find a place on a modern campus that, as long as you have security credentials to do so, you can’t gain access to an Internet connection. In a lot of ways, it is the demand for access that makes network security a major pain point for the modern college. Firstly, having to protect computing networks from a continuously variable amount of mobile devices is difficult. Secondly, the same attacks that plague businesses, are also hindering IT administrator efforts at colleges.
Colleges themselves aren’t doing anyone any favors. According to a 2018 report, none of the top 10 computer science degrees in the United States require a cybersecurity course to graduate. Of the top 50 computer science programs listed by Business Insider only three require some type of cybersecurity course. Moreover, only one school out of 122 reviewed by Business Insider requires the completion of three or more cybersecurity courses, the University of Alabama. Regardless of the metric, it’s clear that learning cybersecurity is not a priority for any school.
Are There Cybersecurity Problems Specific to Colleges?
The short answer is no. That’s why it's so important to get people thinking about cybersecurity any way they can. No industry can afford to have the skills gap between people that hack and the people looking to stop them grow any wider. This is why, no matter what you do (or plan on doing) for a living it’s important to understand what your responsibilities are and how to get them into a place that can help your organization ward off these threats from outside (and sometimes inside) your network.
Many colleges have turned to companies like Cyber Degrees to help them not only educate the people utilizing the college’s networks to why cybersecurity awareness is important, but also help people understand that with the rise of cybercrime and hacking-induced malware, that cybersecurity has become a major growth industry with many facets. In 2015, the Bureau of Labor Statistics found there were more than 200,000 unfilled cybersecurity jobs in the U.S. With curriculums not prioritizing cybersecurity, and with threats growing rapidly, imagine how many are unfilled today. As demand rises for competent individuals to fill a multitude of jobs in the computer-security industry, colleges need to do a better job prioritizing cybersecurity training.
For the business looking into protecting itself, look no further than the cybersecurity professionals at Coleman Technologies. Our knowledgeable technicians work with today’s business technology day-in and day-out and know all the industry’s best practices on how to keep you and your staff working productively, while limiting your exposure to risk. Call us today at (604) 513-9428 to learn more.