When we say that some businesses are using Windows 7, what we really mean is that with a remarkable market share that still sits around 23 percent, a lot of businesses have chosen not to upgrade to Windows 10, Microsoft’s latest OS. In fact, as of January, when Microsoft officially did away with support for Windows 7, nearly half (47 percent) of SMBs were still utilizing it. It’s not a good scene. Let’s take a look at why so many haven’t moved off of Windows 7.
For such an… eventful… year, it started off with little anticipation of the events to come. Businesses had ample time to plan their 2020 technology budgets, but most (if not all) of these budgets were postponed (if not thrown out the proverbial window) with the spread of COVID-19.
Consider the capabilities of our mobile devices today, as compared to those that were considered high-end before Apple premiered the iPhone in 2007 (Not to discredit all the classic PDA/smartphones that came before the iPhone, like the Palm Trio, the Blackberry, and the line of super cool HTC Windows phones, but general consensus feels that the big shift in mobile computing really started with Apple). The difference is staggering. While those devices that are affectionately referred to as “dumb phones” certainly can contain sensitive data, it is effectively nothing compared to what a smartphone can access.
Not to be juvenile about it, but duh. A computer produced by Apple can just as easily be infected by malware and ransomware, just as they can also experience any of the other problems that a PC user would. Hardware failure, slowing with age, crashes, data loss—these and so many other issues can be seen in a Mac.
Today, it’s not enough to have an antivirus or firewall. You need solutions designed to actively protect your network and data from those that are actively trying to gain access to them. So while it may not be enough, making sure that your firewall and antivirus software are updated with the latest threat definitions, and that your other solutions like spam blocking and virtual private networks are being utilized properly, can set you up for success. Let’s look at four additional strategies that extend traditional cybersecurity into the modern age.
With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:
A security audit is intended to determine how effectively your business’ security is doing its job. Covering hardware specifications, your infrastructure as a whole, your network policies, the software you’re using, even how your employees behave, a good security audit will give you a complete picture of the protections and safeguards you have in place.
For a company to get your data, all they really have to do is ask you for it. Think about what happens each time you make a purchase online, or even create an account—you’re handing over your contact information, and usually pairing it to one of your financial resources.
Obviously, you’re subconsciously entrusting them with this information, assuming that they will keep it sufficiently protected and secure.
To put it bluntly, diversion. With so much attention rightly given to COVID-19 right now, there are many who are remaining in their homes as much as possible to try and prevent the pathogen from propagating. This approach makes the Internet even more important to so many people. Not only are many businesses operating remotely, many rely on support services and other online functions for their in-house processes. Otherwise, people who cannot work remotely are seeking ways to pass the time, turning to social media and other online services for that.
Today, there are literally billions of phishing emails sent each day. Inevitably, you are going to confront this problem, and depending on your staff’s preparedness (or intentions), you will either deal with them or they will likely deal with you.
The first thing that you should know is that you have to train up your staff about phishing and other issues surrounding your organization’s security. They have to understand social engineering tactics used by scammers to infiltrate networks, steal data, and deliver malware. If they are left in the dark about these issues, you will likely see a plethora of cybersecurity problems in your immediate future. It’s good to be lucky, but you’d rather be good.
Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:
With so much relying today on shared information and collaboration, the capability to communicate internally and externally is something that any business needs to have. Small businesses especially have greater access to the tools that can provide this capability, such as:
To help, we’ll be going over a few best practices that you and your team can implement to improve the security of your remote work when using a wireless connection.
Whether at home or in the office, everyone who works within your business needs to subscribe to good password standards. For instance:
You would think that since millions of phishing attacks are ignored, set to spam, and actively mitigated each month, that there wouldn’t be such a desperate effort to educate people about the signs of phishing attacks, but the fact remains that it only takes one successful phishing attack to compromise an entire workstation, network, or computing infrastructure.
Today, everyone that works for your company will need to be able to spot and report a phishing attack. Doing so can sometimes be extremely difficult if the spammer does his/her homework. Consider using and teaching these tips to keep your business from being a victim of a phishing attack.
With many “non-essential” businesses scrambling to find strategies that will keep revenue coming through the door, setting up a remote workforce has become most businesses' best hope. Unfortunately, with such little notice to dot the Is and cross the Ts, businesses are taking on more risk than many of them are comfortable with. That trepidation is not fruitless, either. In times of crisis, hackers have a tendency to prey on the unprepared. The fact is that workers that are operating where they are not comfortable--or where they’re too comfortable--can mean disaster for their employers.
These statistics outline that by allowing employees to work from home, your company will see some very tangible benefits. Like any human resources strategy, however, you’ll need to keep a few considerations firmly in mind to get the most out of it.
When you are working with your remote employees, it is important that you don’t focus exclusively on your in-house staff. Maintaining communication with every one of your staff is necessary for your operations to continue, so if anything, you need to encourage your in-house workers to regularly check in with your remote employees and involve them in their processes. You should also avoid the temptation to hold off on meetings. Again, don’t act like anything has changed as a result of your employees working from home. If you have regular meetings at a given time, continue them, and simply use the technology available today to include your remote staff members.
Even though you aren’t in the office, you still need to follow the same security protocols and the processes you would need to follow if you were working in the office. In fact, these processes become even more important, as your home network is likely less secure than the one in the workplace. Here are some tips:
It is important to remember that, if you want to avoid managing an entire private cloud infrastructure in-house, you will more than likely be signing up for a public cloud service. With this setup, you are entrusting your business’ data to an external cloud provider who will manage and protect it on your behalf. This is a great option that many businesses use to great success, but there are a few downsides that you need to take into consideration.
In a society where getting over on other people is the quickest way to the top, people are constantly looking to take advantage of others. We create security systems for this purpose. Since every person’s identity is unique it is often used for authentication into these secure systems. Nowadays, with the advancement of biometric technology, many organizations are pushing the envelope and using unique physical identifiers as authorization methods, and it is causing problems with the security/privacy equilibrium most people favor.
Biometrics are being used everywhere from the digital security of mobile devices all the way to border security and identification. Biometrics include:
...And more.
These technologies are used to effectively identify and authenticate people simply by pairing the information with existing database information. With this technology being more accessible due to falling prices, it is now being rolled out all over the world for a multitude of purposes. Across the world you can find biometrics being integrated into systems. The US FBI has a massive fingerprint database they use to help identify people. China’s Social Credit system is run on facial recognition. Businesses, like your bank, may be using your voice to authenticate who you are over the phone. With so much data being captured, and with the seemingly endless ways this technology can be used to secure almost anything, it turns out that it really isn’t securing much of anything.
The immense scale of biometric data systems makes securing this extremely personal information nearly impossible. The question has to be asked: can a system be a human identification system and also work as an authentication system? It turns out that with all the challenges people use biometric security systems for, the only thing that it is truly good for is identifying who a person is. That’s not to say that systems can’t work in small doses, but a main problem with these systems is that the information captured--the data that is being used for the security of these physical and virtual systems--has to be saved somewhere. Moreover, with organizations mining data left and right, this very private and extremely sensitive data ends up as just another piece of data captured by corporate entities looking to turn it into a quick buck.
If that doesn’t scare you, consider that organizations and governments possessing this data and losing it to hackers, who much like these massive corporate entities, will be using it to gain a monetary advantage. Losing your identity to a hacker is a traumatic experience, but with these biometric systems, it takes on a whole new meaning. Even scarier yet is that artificial intelligence has been proven to compromise biometric indicators, leaving biometrically-protected systems accessible without physical authentication.
We touched on this a little above, but the lack of privacy that a biometric reliant system would provide the individual would be frightening. You see, the biometric security system isn’t designed to allow for invasions of privacy, but because this technology is just in its infancy, and organizations are using it in ways that it may not be designed for, the minute a person puts his/her information into a biometric system, privacy is out. The production of the data, the way it is stored, the way it is compared to database data raise big concerns for the individual and his/her privacy.
Additionally, with changes to physiology, these biometric systems have to have some deviation built in. This poses a lot of questions about what is secure and what isn’t. These systems are definitely state-of-the-art, but if you compare the effectiveness of the security to the systems that we’ve been using (Passwords, PIN, Two-factor authentication), it’s hard to say that these advanced biometric systems are any better at keeping data or infrastructure secure.
Biometrics are definitely here to stay, but before you implement a biometric security system into your business, call the professionals at Coleman Technologies to discuss the benefits and detriments of doing so; and, the strategies where biometrics will excel. Call us at (604) 513-9428 today.
Imagine trying to access your computer (or your network as a whole), only to find yourself locked out and presented with a demand for payment in exchange for your files to be decrypted. This is precisely the scenario that ransomware puts its victims into, usually with a deadline to pay up under threat of the destruction of the encrypted files. If you’ve heard about Cryptolocker, WannaCry, or Petya, they are what we are referring to.
In 2019, a business was infected with ransomware once every 15 seconds, racking up a total of $11.5 million in total losses. Spam and phishing attacks were responsible for infecting 66 percent of affected companies, and in 2017, almost half of companies surveyed were affected by ransomware.
Denial of Service (DoS) attacks, and their more-popular offshoot, Distributed Denial of Service attacks are the most common form of cyberattack. Using automation, an attacker has resources batter a target with the aim of taking it down. The rise in Internet of Things-enabled devices now allows an attacker to take over these devices and turn them against a single webpage. Naturally, this takes the website down.
The biggest DDoS attack on record happened on March 5, 2018, but was fortunately unsuccessful in taking down the targeted ISP… despite clocking in at 1.7 TB/s. On average, one of these attacks costs somewhere between $20K-to-$40K each hour, or in other terms, just under the average American worker’s annual salary. In the UK, businesses lost £1 billion to cybercrime in 2019.
A Man-in-the-Middle attack compromises any communications between a business and their contact. Any and all data can be interfered with, allowing cybercriminals to have their way with personal data, business correspondence, or financial data that is transmitted. It can be intercepted, altered, or redirected, potentially causing more problems than can be counted. The worst part: because Man-in-the-Middle attacks are relatively easy to carry out, they are rising in popularity on a daily basis. They are most commonly used to extract information, whether personal or professional, that otherwise wouldn’t be available. This includes things like login credentials, banking information, or payment card data.
Okay, that wasn’t the worst part. The worst part is that the majority of servers are still vulnerable. As in, 2016 saw 95 percent of HTTPS servers still at risk.
Believe it or not, phishing attacks are ranked as the biggest threat to businesses out there today. Phishing is a kind of social engineering where an attacker will reach out to the victim through some format, from email to instant messaging and beyond, in order to gain access to a secure system by fooling their victim into erroneously trusting them. While phishing emails have been around the block a few times, today’s attacks have grown to be quite sophisticated.
Many statistics surrounding phishing emails demonstrate how effective this relatively simple attack has proved to be. Phishing is involved in 93 percent of all social engineering attacks, and was directly responsible for 70 percent of government network breaches. In the last 12 months, 64 percent of organizations had first-hand experience with phishing, notably, 82 percent of manufacturers. The aforementioned ransomware relies on phishing for 21 percent of its delivery. As recently as 2016, 30 percent of phishing messages were opened.
Abbreviating a structure query language injection, an SQL injection attack does what it says on the box - it injects malicious code into a target’s SQL servers and feeds the database information back to the attackers. While this is another “golden oldie” of an attack, web-based applications that call for database access have given new life to SQL injection attacks and allowed attackers to extract very valuable info.
It should then come as no surprise that 65 percent of all web application attacks are performed through SQL injections. So, if your organization draws information from a database for an application, you could easily be victimized to a significant degree. Even gamers need to be concerned, as 12 billion out of 55 billion detected SQL attacks that Akamai security experts found were leveled at the gaming community.
If only these other attacks meant that attackers didn’t have time to try anything else, but unfortunately, that isn’t the case. Malware attacks still rank among both the worst, and most common, attacks against businesses. Of course, there are many types to consider, including:
There are many ways for malware to be introduced into a system. Again, phishing messages can be responsible, but many attackers will use something called “droppers.” Droppers are specialized programs that will install a virus after bypassing cybersecurity solutions. Since there is nothing inherently malicious about the dropper, protections usually don’t flag them.
Fortunately, there are ways to protect your business’ resources, network, and infrastructure from the millions of different versions of these attacks - and you need them, as your business is actively targeted by these attacks. To learn more about putting these protections into place, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.
News & Updates
Contact us
Learn more about what Coleman Technologies can do for your business.
Coleman Technologies Inc.
20178 96 Avenue, C400
Langley, British Columbia V1M 0B2
Operations Center
6600 Chase Oaks Blvd, Suite 100 Plano
TX 75023
