The Smartwatch
The smartwatch market as we know it today has existed for almost a decade, surprisingly enough, but the first smartwatch was developed in the late ‘90s. A smartwatch is seen today as more of a peripheral for a smartphone. They come in several different shapes, sizes, and styles, but they all tend to provide some kind of utility to the user. Here are some of the main benefits of using a smartwatch:

• Convenience: You can’t beat the convenience of checking your watch and getting access to all kinds of information, like notifications, calendar events, and so much more. Modern smartwatches also give users the ability to search for information, and the processing power of these devices gives smartwatch users the ability to perform several actions that a smartphone can accomplish.
• Functionality: The latest smartwatches have several features that give users lots of functionality. They can integrate with applications and take advantage of other practical functions, making them as useful as you want them to be. In this way, smartwatch manufacturers continue to push the boundaries of what’s possible with wearable technologies.
• Discretion: Discretion is probably the most important part of using a smartwatch, as it’s much easier and more discreet to use it than pulling out a smartphone. Most smartphones have the capability to push notifications to your smartwatch, including those from social networks, messages, weather, and so on. More than anything else, it at least keeps you from being rude and checking your smartphone in the middle of a conversation.

Security Issues
The primary issue that comes from wearable technology is that it connects to your mobile device through a Bluetooth connection. Since they also connection to Wi-Fi networks, they are being exposed to two potential ways of being breached. Businesses that prioritize security (read: all businesses should prioritize security) need to be particularly wary of wearables, especially in regard to a Bring Your Own Device policy.

The modern hacker will use any opportunity they can find to hack into a device, and since wearables are particularly vulnerable to this due to the modes of connection they contain, they provide additional access points that create issues for businesses. If a hacker can gain access through an application at the wearable level, it could potentially compromise even the connected device and any network it’s attached to.

Industry experts might agree that the lack of wearable security isn’t a major concern overall, but it’s still something that you should be addressing with your business’ mobile device policy. Here are some ideas to think about:

• If you are accidentally collecting electronic Protected Health Information (ePHI), you could be putting your organization at risk of breaching healthcare standards set by HIPAA. You should limit your employee’s fitness and wellness data collection on company-owned wearables and devices whenever possible.
• Be wary of what can happen if you fail to educate your employees about the importance of protecting wearables. Be sure to remind them that they aren’t just putting business data at risk, but also their own individual data. It’s imperative that your employees understand how to best protect these devices.
• Focus on the management of these devices, as there are no proper anti-malware solutions for IoT devices.

For assistance with planning out a wearable strategy for use with your Bring Your Own Device policy, be sure to reach out to us at (604) 513-9428.

Shadow IT
In a lot of ways, productivity is a lot like the thing it produces, money. People will do anything to get more of it. Businesses, have a plan; and, while they also want to maximize productivity and money, they typically don’t put their whole enterprise in jeopardy to get a little bit more of it. Shadow IT is the process in which an employee will download and use a piece of software that hasn’t been tested or passed by a company’s IT administrator to try and get a little more done.

Often times, the employee is just showing initiative, with no real knowledge that by downloading and utilizing a certain off-brand software that they have just put their whole business in danger. This wouldn’t be such a major deal if it was an isolated incident, but studies show that nearly 80 percent of all employees admit to utilizing software that wasn’t selected, tested, and released for use by their IT administrator. These apps may have vulnerabilities that would-be infiltrators can take advantage of. That is why it is important to utilize the software that has been vetted by the company, even if that means losing out on a bit of productivity.

Cryptojacking
There are well over 1,500 different cryptocurrencies, and in 2018 crytojacking, the strategy of using malware to use a target computer’s resources to mine for cryptocurrency was a major problem for businesses. Since this is a computationally complex task, it significantly reduces the computer’s effectiveness and longevity. As a result, cryptojacking has become en vogue for hackers and others looking to mine cryptocurrency without the investment necessary to do it.

Most studies show that the effect of cryptojacking could get way worse in 2019 since the value of cryptocurrency has fallen significantly over the past year. This means more machines mining for crypto are necessary, and thus more attacks. Users are just learning how these attacks are carried out and how to protect their business against them.

Ransomware
While there was a reported reduction in the number of ransomware cases in 2018, it still remains a major concern for any business looking to build a comprehensive network security strategy. Ransomware, of course, is a strain of malware that encrypts parts of or entire computing systems and then demands payment in cryptocurrency in a set amount of time for safe return of the files/access.

Hackers using ransomware have taken to targeting healthcare organizations’ networks for the breadth of the sensitive data they hold on them. They’ve also began to target operational technology systems, since, as with healthcare, costs of restoration of these systems (rather than payment) are prohibitive. This produces a little more urgency to get the problem resolved.

Unsecured Internet of Things
The Internet of Things keeps expanding, but so does the security threats to networks as a result of security-light devices. With more and more devices presenting security problems for businesses and individuals alike, it becomes important to ascertain exactly what devices are present on your network at any given time. Remember, even if a security-less IoT device is connected to a network-attached smartphone, it still offers up a major vulnerability.

While this is a major threat, there has been a push to improve the security of IoT devices as of late. With more security-minded companies developing useful smart products, these concerns will begin to take a back seat. But until that shift has been well documented, you’ll want to be diligent in the manner in which you utilize IoT devices.

Phishing
No business goes very long without getting some type of phishing email. In fact, it is estimated that 156 million phishing emails are sent every day, making it the most used practice by hackers everywhere. The way it works is that since most accounts are secure enough not to be guessed outright, hackers search for ways for people to help them gain access to the accounts they want to get in to. Nearly every successful cyber attack begins with a successful phishing scheme.

A specific example called business email compromise (BEC) which targets specific members of an organization is responsible for over $12 billion in losses across the globe. Once thought to be an email scam that could be mitigated with strong spam filters, today’s phishing scam is taking on a new shape by utilizing text messaging, instant messaging, phone calls, and even the seemingly-benign social media quiz to gain access to business networks.

2019 is lining up to be another stellar year for business technology, and as more tech is used, more threats come with them. If you would like any more information about how to prioritize network security, give our IT experts a call at (604) 513-9428 today.

Chances are, you’re all too familiar with exactly the kind of scam I’m describing. The one that makes the Do Not Call List sound like wishful thinking, that makes it look like someone from your area - or even your contacts list - is trying to reach you.

Chances are, you’ve answered one of these calls, only to hear silence, broken after you say “Hello?” As soon as you do, a (likely prerecorded) voice launches into its tirade, being a nuisance and bothering people.

Chances are, you may have even received angry phone calls from people you’ve never met, let alone called, claiming that your number has been the source of repeated calls just like these.

You aren’t alone.

Unfortunately, the scammers responsible are talented at skirting rules and regulations.
Calls like these have been harassing users for quite some time, simply because the scammers understand how to cheat and find loopholes. This is all despite the efforts of regulatory bodies like the FCC (the Federal Communications Commission).

In November of 2017, the FCC enabled telephone providers to block calls that were presumably fraudulent. This was based on many factors, like the calls coming from invalid numbers or numbers with no service provider attached.

However, the rules outlined in the 2017 Call Blocking Order weren’t enough to stop scam robocalls for long.

Now, we all have had to deal with the huge nuisance of neighbor spoofing. Neighbor spoofing has almost certainly affected you directly, and if you’ve been lucky enough to avoid it, it’s happened to someone you know.

But you may be asking, what is neighbor spoofing?
If your phone rang, and you have caller ID enabled, you’ve probably developed the habit of checking the number before you answer it - after all, a local number is probably safe to pick up.

Neighbor spoofing has made it so that assumption is no longer the case.

Instead of using a fake number to call their targets, scammers using neighbor spoofing will actually use someone’s real number to call someone relatively nearby - sometimes literally next door. If you’ve ever received an angry phone call from someone demanding an explanation for someone with your number repeatedly calling them and harassing them, your number just so happened to be the one that these cybercriminals spoofed.

There have even been reports of people receiving calls from their own number, claiming to be from the phone company as an attempt to “verify a hacked account.”

Neighbor spoofing is also a very effective method for scammers because it can bamboozle the automated protections already in place to stop scam calls, just like it fools the targeted phone’s user. This also keeps the Do Not Call list from affecting these scammers’ attempts (as if it ever stopped them before).

Additionally, many apps may add some unwanted complications, even if they are effective.
There are mobile applications available that are intended to stop robocalls from ringing your smartphone in the first place. One such application, the aptly-named RoboKiller, does this in two ways. First, RoboKiller references a list of numbers identified as spam, and blocks these calls completely. Second, it uses a patented analysis of the call’s audio fingerprint to compare it to those of other spam calls. Regardless of the number it appears to come from, RoboKiller can identify if it is a match to a known attempt.

You’ll only know that you were targeted after you read the notification that RoboKiller provides.

Meanwhile, RoboKiller responds to the scammer with a time-wasting prerecorded message. You can then review the calls that RoboKiller blocked by opening the app on your phone. There, you can listen to a recording of blocked calls to determine which calls were spam, and which were legitimate attempts to reach you. From there, you can whitelist a number by pressing the Allow button.

Users of RoboKiller can also add numbers to their list of permitted callers to allow them to come through. RoboKiller is a subscription-based application that charges $2.99 each month ($24.99 for an annual subscription), which may be seen as a relatively low cost if you’ve received enough of these calls.

As RoboKiller states on their website, “With RoboKiller, you don’t stop neighbor spoofing. You take action in the fight against the robocall epidemic.”

However, this approach isn’t without some worries.

For one, consider the cost of admission for this app. Yes, $2.99 may seem like a bargain if you have a smartphone, but what about all the people who still don’t? Furthermore, many mobile users today are of older generations, and may not understand how to work the application (or again, may not have a device that is compatible with the app). Yet, these worries may not be necessary for long.

Both the government and the telecom industry have had enough.
It wasn’t long after the 2017 Call Blocking Order was released that the attorneys general from a full 40 states came together to form the Robocall Technologies Working Group. This is a bipartisan commission intent on collaborating with service providers to learn about robocalling technology with the ultimate goal of stopping it.

On October 8th, the attorneys general of 35 of those states signed a letter to the FCC stating that the efforts of law enforcement had not and would not be sufficient to stop abusive scam attempts and robocalls. In this letter, the attorneys state some chilling facts:

• 30.5 billion illegal robocalls were made in 2017 alone, up from the estimated 2016 total of 29.3 billion.
• Estimates have placed the total calls made by the end of 2018 to be somewhere near 40 billion.
• Phone scams allowed cybercriminals to steal an estimated $9.5 billion in 2017.
• August of this year saw 1.8 billion scam attempts in the 4 billion illegal robocalls made that month.

Facts like these only highlight the pervasiveness of these scams, and how important it truly is to eliminate them as much as possible. In fact, the Federal Communications Commission has gone on the record to demand that mobile providers figure out a standardized system to help prevent these calls from reaching mobile users, echoing the demands made by the attorneys general.

This system would rely on call authentication to ensure that only legitimate calls would make it though, and that spoofed calls would be caught by requiring all calls be verified as coming from the correct source.

Not only did Commissioner Ajit Pai release a statement to the press demanding that this system be created, he sent a letter to 14 telecom CEOs, including AT&T’s John Donovan, Charter’s Tom Rutledge, Verizon’s Hans Vesterburg, T-Mobile’s John Legere, Comcast’s Brian Roberts, and Google’s Sundar Pichai.

Pai demanded that these changes be ready to deploy in one year, giving telecoms a ticking clock to establish what they call the SHAKEN/STIR framework (Secure Handling of Asserted information using toKENs/Secure Telephone Identity Revisited). This move was met with the approval of the attorneys general, who went on to encourage the FCC “to implement additional reforms, as necessary, to respond to technological advances that make illegal robocalls and illegal spoofing such a difficult problem to solve.”

As the attorneys general said: “Only by working together, and utilizing every tool at our disposal, can we hope to eradicate this noxious intrusion on consumers’ lives.” Fortunately, this will also benefit the businesses that have been affected.

With any luck, we’ll only have to deal with the robocalling nuisance a little while longer. For assistance in keeping other scams from interrupting your business and putting it at risk, reach out to Coleman Technologies. We have the experience to stop the other threats you would otherwise deal with on a daily basis. Call (604) 513-9428 today.

The Now:
It’s the holiday season, which means that many will find that themselves traveling, either to visit family and friends or to seek out more agreeable climates. However, business being what it is, many will also still be trying to get work done during their travels.

Thanks to the incredible capabilities of the mobile devices we have today, this is made much easier. A business that leverages cloud solutions offers mobile users an exceptional amount of maneuverability, and the popularity of Bring Your Own Device policies have made it so that the resources needed to accomplish work goals are never too far away. Yet, this access is a catch-22, as it also means that data can be easily lost, far from the business’ location and the protections it should have in place.

Resultantly, there are a multitude of ways that a cybercriminal can come into possession of your data, either personal or professional. Fortunately, there are some ways to help prevent this from happening as well.

• Public Wi-Fi is Too Public: When out in public, you’ll want to avoid connecting to public Wi-Fi networks when shopping or accessing sensitive information. We all know that hunting for the best deals is made much easier when you can look up prices online, but you’ll want to use your data instead. Public signals make hackers’ jobs that much easier with their typically insufficient security standards.
• Charity Good, Charity Scams Bad: These phishing variants can come in via all avenues, but very commonly take the form of calls and text messages. A scammer pretends to be working for some charity, but in actuality, just wants your money and data for themselves. If you receive what you believe to be a charity scam attempt, you’d be wise to do some research into who is asking for it before handing over your data, payment information or otherwise.
• Charge Carefully: Whether you’re at the airport during a layover and trying to eke a few more minutes out of your device, or you’re deal-hunting online as you’re wandering the mall, you need to make sure you’re being smart about how you’re keeping your device charged. Many attackers will hide attacks in charging stations, waiting to strike whomever connects.

The Then:
Of course, these hacks and threats aren’t going to end after the holiday season is over. Moving into 2019, the above threats are still going to be just as large of a problem, along with many other threats. Much of this will be in part due to our reliance on mobile devices.

Hackers will still be able to intercept data exchanged on an unsecure network, more devices will become outdated and insecure (you may want to peek at some of those holiday deals for an upgrade), and yes, more people will enable these threats through uninformed decisions. You need to make sure that your business isn’t influenced by threats like these.

Coleman Technologies can help. Get your business a holiday gift by calling (604) 513-9428 and speaking to us about our managed IT services.

Wish One: Security Awareness
Some IT professionals feel like their job never ends, particularly in the realm of cybersecurity. They might feel that training employees to be aware of their actions is an uphill battle that just never stops. Increasing awareness of security is one of the key roles that an IT department plays for your organization, and if you can make their lives easier by shifting any of this responsibility from them, they’ll greatly thank you for it.

Wish Two: More of the Cloud
The cloud is a great way for organizations to get more out of their technology as it allows them to access services that might be exceptionally time-consuming to manage in-house. Saving this time is something that your IT department would relish, as they likely have their hands full with their current responsibilities. The cloud alleviates many of these pains, as it improves operations by enabling your business’ employees to access solutions on any device they want. The cloud gives your organization the opportunity to eliminate waste and deliver assets in a much more convenient and accessible way.

Wish Three: Improved Working Relationships
IT often has to deal with much more than just keeping your business running; it also involves communicating with other workers in your office. To put it in simple terms, the IT department is going to be on the receiving end of all your employees’ frustrations. You can give your IT the gift of a policy in which they must hear IT out. This gives them the ability to learn a little bit about the process, and it could potentially save several contacts with the IT department, meaning more time for them to spend on other initiatives. An outside perspective is helpful for helping people understand each other.

Does your business need the gift of managed IT? Coleman Technologies can help. To learn more, reach out to us at (604) 513-9428.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

• Sparkle FlashLight
• Snake Attack
• Math Solver
• ShapeSorter
• Tak A Trip
• Magnifeye
• Join Up
• Zombie Killer
• Space Rocket
• Neon Pong
• Just Flashlight
• Table Soccer
• Cliff Diver
• Box Stack
• Jelly Slice
• AK Blackjack
• Color Tiles
• Animal Match
• Roulette Mania
• HexaFall
• HexaBlocks
• PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

• Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
• Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
• Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
• Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call Coleman Technologies today at (604) 513-9428.

Why Use a VPN?
The best way to understand what a virtual private network does, is to have a little background knowledge of why it’s necessary to have one. The easiest way to understand it is to think about accessing your business’ data as a two-lane road. On one side of the road is the traffic moving from your business’ infrastructure toward your device, and on the other side is data moving from your device to your business’ infrastructure. Anyone with the right tools can see the data as it’s being transported from one location to the next, and if the data isn’t protected by the right solutions, it can be stolen while it’s in transit. A VPN makes it much more difficult for hackers to accomplish this feat.

Understanding a VPN
Your average connection should be encrypted to protect the integrity of any data stored on it, and a virtual private network helps by augmenting this practice while out of the office. To aid in protecting your organization’s network connectivity, a virtual private network can encrypt your connection to sensitive data while on a different connection, such as if you’re working from a remote location, or just simply not in the office at the moment. When the data is encrypted, hackers have a harder time stealing the information that’s being sent to and by your devices while out of the office.

To be fair, it’s not that hackers can’t steal the data being sent to or by your devices while using a virtual private network; it’s that the data that hackers do steal is much less useful to them overall. The reason for this is the encryption. If the hacker can’t crack the encryption of the files, the can’t read the data, and, then the data they have just stolen is completely useless to them. Modern encryption methods are virtually impossible to decrypt (at least, the average hacker will spend more time than it’s worth to decrypt the data, making the process far less appealing than it normally would be).

Coleman Technologies can help your business set up the perfect virtual private network for all of its specific needs. Whether you’re out of the office momentarily or for a lengthy amount of time, or if you have remote workers in all corners of the globe, the right virtual private network can keep your data as secure as can be while it’s moving from one location to the next. To learn more, reach out to us at (604) 513-9428.

What is Blockchain Technology?
In essence, a blockchain is a distributed ledger that builds a collection of records that is continually growing, all protected with encryption. By design, blockchains are meant to be resilient to edits and changes, making them quite reliable in terms of ensuring the integrity of these records. Each block (or node) of data has security measures to keep it from being changed, as well as timestamps for each record and information about the transaction. If a record needs to be altered, all subsequent records must also be altered, which requires the permission of the network majority.

How Is It Used?
Originally, blockchain was developed for cryptocurrency purposes, but the fact that it’s encrypted and resilient to changes makes blockchain ideal for other purposes. Public blockchains are used for cryptocurrency like Bitcoin to provide a distributed ledger, but it’s thought that private blockchain systems might be helpful for business purposes.

How Will It Be Used in the Future?
One of the most noteworthy ways that blockchain could be implemented in the future is the sharing of health records between various provider offices. Since it’s a distributed network, all doctors on someone’s medical plan would have access to the same unaltered data so they could provide the best service possible. Other opportunities for blockchain technology include a transparent ledger for public viewing, which has a wide range of uses for tracking payments for services rendered and other information.

Coleman Technologies can help your business check up on the latest technology solutions on the market, including ones that will help you improve operations or efficiency. To learn more, reach out to us at (604) 513-9428.

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.

In the west, the Dark Web is mostly known as a sinister network used to traffic in all kinds of illegal contraband, but in other parts of the world it is often looked upon as the last bastion of privacy in what can be horribly repressive political regimes. Overall, the Dark Web in practice is a construct that supports user anonymity.

Keep in mind that we are certainly not endorsing use of the Dark Web. We just want you to be aware that the Internet you routinely access, or what we will call the surface web in this blog, is in fact a very small piece of the enormity of the web itself.

A Complete Look at the World Wide Web
If the Internet that we can all access only makes up of a very small percentage of the entire Internet, what is hosted on the rest of it? In what is known as the “Deep Web”, most of the Internet is filled with legitimate data; mostly in the form of unindexed content. Data that is encrypted such as online banking, pay-to-play video services, and other forms of everyday Internet use make up a large portion of the Deep Web. With the revelations that there was an online black market where people could get almost anything, many people started confusing the deep web with the dark web, or darknet. This misconception has many people confused about what exactly the purpose is for the seemingly bottomless Internet, but with most of it being taken up by cloud environments and other encrypted services, the notion that the Deep Web is somehow nefarious is misplaced.

What is the Dark Web?
On the other hand, the Dark Web is also hosted on the Deep Web, beyond sight of the average Internet user. While the surface web is unencrypted and able to be accessed by just about anyone who wants to use it, the Dark Web is accessed only through encrypted browsers. You may have heard of specific ransomware programs asking you to download the Tor web browser to make payments. This is because Tor is one of the web browsers able to browse the Dark Web, although it should be mentioned that it’s not exclusively used for the purposes of paying ransomware demands.

Tor is what is known as an onion router. Essentially in order to maintain a user’s anonymity, an onion router will pass user queries through several intermediary accounts to hide the user from being tracked. It’s like passing each command through the several layers of an onion, thus the moniker.

What Else is On the Dark Web?
The services offered on the Dark Web are varied, but they all generally have one thing in common--most of them are illegal. If you can think of it, and it’s not on the normal World Wide Web, chances are there is a place on the Dark Web for it. Some of the services provided on the Dark Web can include, but are not limited to, the following:

• Illegal pornography
• Bitcoin services (not outright illegal, but often used for money laundering purposes)
• Botnets that can be bought or purchased for nefarious use
• Markets for drugs, weapons, and other illegal contraband
• Scams and other phishing threats are rampant on the Dark Web, so even those who are looking to take advantage of these services have to be careful

Most notable for businesses is that hacking services can be acquired for even non-experienced users, meaning that anyone with an agenda has access to services that could cripple your business. It’s more important today than ever before to make sure that your organization is taking the necessary measures to protect itself from these threats.

With so much information hidden from view, there is a significant chance that there may be information out there that may end up becoming problematic for your business. At Coleman Technologies, we can scan to ensure that your passwords or other personal information isn’t readily available. Call us today to learn more at (604) 513-9428.

Variants of Ransomware
Unlike other malware threats, ransomware isn’t designed to gain access to a system to steal data outright. Rather, it’s just to convince the user to hand over some cash for the safe return of their data. Businesses struck by ransomware are in danger of losing their data and money completely, as there is no guarantee that the hacker will ever return the data, even if the ransom is paid in full. There are two different types of ransomware--“locker” type ransomware targets the CPU, while “crypto” variants go for the encryption of file systems.

It doesn’t matter which strand you contract. The basic premise is still the same. After the threat is unpackaged and executed on the user’s device or network, it encrypts access to data, processing, or both, and it gives the system its demands in the form of instructions on how to make payment. The user then has to make the decision of whether they actually pay the ransom. If they don’t, there is always the option to restore from a data backup platform, if you have one.

Ransomware is a drastically different kind of malware compared to the more traditional methods of hacking. Unlike malware that wants to keep itself hidden so it can siphon information from a computer or install backdoors, ransomware wants you to know what misfortune has befallen you. Ransomware has grown more common in recent years, and so many strains are now seen in the wild that it’s tough to keep up with. These attacks have targeted municipalities, enterprises, and other organizations, all with the goal of leeching as much money from them as possible.

How Ransomware is Delivered
Ransomware might seem like something created by only the most nefarious hackers, but in reality, it’s spread in much the same way that any other threat would be. Spam messages and targeted email campaigns can initiate a ransomware attack, either through clicking on infected links or downloading suspicious attachments. In these cases, ransomware is typically most effective against businesses that have poor network security practices.

Take spam, for example. There’s no reason your business should be dealing with messages like this on a daily basis. With enterprise-level solutions, they can be outright prevented from even entering your inbox. The same can be said about your employees. With proper training, they shouldn’t be downloading unsolicited attachments or clicking on suspicious links in emails. If you invest some time and resources into proper network security, you can minimize the odds of being infected by ransomware.

The Consequences of Ransomware
The most dangerous aspect of ransomware is the downtime that ensues because of it. If you can’t get your work done due to your files being locked down by ransomware, you’re simply wasting time. The same can be said for any employee on your network. Assuming that the entire network is now encrypted by the ransomware, your whole organization could be left with nothing to do until either a backup is restored or someone hands over the ransom. It’s generally a best practice to not pay the ransom, as there is no guarantee that the hackers on the other end will stay true to their end of the bargain.

Instead, it’s best to take preventative and proactive measures to ensure that ransomware doesn’t become a problem in the first place. A Unified Threat Management (UTM) solution is a great way to keep your network secure from external threats, and employee training can keep influences beyond your direct control (like your employees) from placing your entire business in jeopardy. It’s also imperative that your business have a continuity and redundancy strategy in place, as in a worst-case incident like a ransomware attack, you’ll want to restore affected files and systems from a time before the attack struck.

To learn more about how your organization can stay safe from malware--including ransomware--reach out to us at (604) 513-9428.

Spam Inundation

If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.

Don't Open Attachments from Unsolicited Emails

This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.

Keep your Computer Safe

Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.

Don't Rely on Email for Storage

Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.

Encrypt Sensitive Data

If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.

Applying Software Patches
It should be clear that software patches are designed to fix security problems and improve the functionality of the software, but some organizations simply don’t have time to implement them manually, or they simply don’t understand the purpose for them. Part of the problem is that sometimes the developers aren’t necessarily clear that patches are available, while other times those within your organization may not even know how to administer them. Regardless of the reason, there are usually problems on a network that will go unattended for extended periods of time.

Most hackers only want to take advantage of the issues they can detect. Thus, there could be countless threats out there designed to target countless unpatched vulnerabilities on your network that not even the hackers can know about. It makes sense for a hacker to use just one exploit to target a handful of vulnerabilities. Therefore, it’s important to make sure that all software that you use is updated and patched.

Additionally, your systems shouldn’t be running unused programs. The more software you have, the more ways hackers can take advantage of your organization’s network vulnerabilities. Moreover, you might even be wasting revenue on renewing software licenses that you don’t even need, so it’s best perform a network audit from time to time to get the worthless software off your infrastructure.

Dodging Social Engineering Attempts
Social engineering is broadly categorized as any method that takes advantage of unprepared users or those who are ignorant of solid network security practices. Examples include a phone call or email message claiming that the network has been breached by a foreign entity and that “tech support” needs to remote into the computer and resolve the issue. There are other, more subtle methods as well, such as targeted spear phishing attacks that go after specific users with personal information that convince them that the hacker is someone in authority.

These types of attacks vary in sophistication, but they can range anywhere from an employee receiving a message claiming that they’ve won a prize, to the intruder physically following your employees into the office and stealing sensitive data manually. In instances like these, a little bit of employee training can go a long way. Teach them to look for anything suspicious, and inform them that vigilance is incredibly important in the workplace.

These two security improvements barely scratch the surface of what your organization should be focusing on for network security. If you want to fully protect your business to the best of your ability, give us a call at (604) 513-9428.

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.