What is Blockchain Technology?
In essence, a blockchain is a distributed ledger that builds a collection of records that is continually growing, all protected with encryption. By design, blockchains are meant to be resilient to edits and changes, making them quite reliable in terms of ensuring the integrity of these records. Each block (or node) of data has security measures to keep it from being changed, as well as timestamps for each record and information about the transaction. If a record needs to be altered, all subsequent records must also be altered, which requires the permission of the network majority.

How Is It Used?
Originally, blockchain was developed for cryptocurrency purposes, but the fact that it’s encrypted and resilient to changes makes blockchain ideal for other purposes. Public blockchains are used for cryptocurrency like Bitcoin to provide a distributed ledger, but it’s thought that private blockchain systems might be helpful for business purposes.

How Will It Be Used in the Future?
One of the most noteworthy ways that blockchain could be implemented in the future is the sharing of health records between various provider offices. Since it’s a distributed network, all doctors on someone’s medical plan would have access to the same unaltered data so they could provide the best service possible. Other opportunities for blockchain technology include a transparent ledger for public viewing, which has a wide range of uses for tracking payments for services rendered and other information.

Coleman Technologies can help your business check up on the latest technology solutions on the market, including ones that will help you improve operations or efficiency. To learn more, reach out to us at (604) 513-9428.

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.

In the west, the Dark Web is mostly known as a sinister network used to traffic in all kinds of illegal contraband, but in other parts of the world it is often looked upon as the last bastion of privacy in what can be horribly repressive political regimes. Overall, the Dark Web in practice is a construct that supports user anonymity.

Keep in mind that we are certainly not endorsing use of the Dark Web. We just want you to be aware that the Internet you routinely access, or what we will call the surface web in this blog, is in fact a very small piece of the enormity of the web itself.

A Complete Look at the World Wide Web
If the Internet that we can all access only makes up of a very small percentage of the entire Internet, what is hosted on the rest of it? In what is known as the “Deep Web”, most of the Internet is filled with legitimate data; mostly in the form of unindexed content. Data that is encrypted such as online banking, pay-to-play video services, and other forms of everyday Internet use make up a large portion of the Deep Web. With the revelations that there was an online black market where people could get almost anything, many people started confusing the deep web with the dark web, or darknet. This misconception has many people confused about what exactly the purpose is for the seemingly bottomless Internet, but with most of it being taken up by cloud environments and other encrypted services, the notion that the Deep Web is somehow nefarious is misplaced.

What is the Dark Web?
On the other hand, the Dark Web is also hosted on the Deep Web, beyond sight of the average Internet user. While the surface web is unencrypted and able to be accessed by just about anyone who wants to use it, the Dark Web is accessed only through encrypted browsers. You may have heard of specific ransomware programs asking you to download the Tor web browser to make payments. This is because Tor is one of the web browsers able to browse the Dark Web, although it should be mentioned that it’s not exclusively used for the purposes of paying ransomware demands.

Tor is what is known as an onion router. Essentially in order to maintain a user’s anonymity, an onion router will pass user queries through several intermediary accounts to hide the user from being tracked. It’s like passing each command through the several layers of an onion, thus the moniker.

What Else is On the Dark Web?
The services offered on the Dark Web are varied, but they all generally have one thing in common--most of them are illegal. If you can think of it, and it’s not on the normal World Wide Web, chances are there is a place on the Dark Web for it. Some of the services provided on the Dark Web can include, but are not limited to, the following:

• Illegal pornography
• Bitcoin services (not outright illegal, but often used for money laundering purposes)
• Botnets that can be bought or purchased for nefarious use
• Markets for drugs, weapons, and other illegal contraband
• Scams and other phishing threats are rampant on the Dark Web, so even those who are looking to take advantage of these services have to be careful

Most notable for businesses is that hacking services can be acquired for even non-experienced users, meaning that anyone with an agenda has access to services that could cripple your business. It’s more important today than ever before to make sure that your organization is taking the necessary measures to protect itself from these threats.

With so much information hidden from view, there is a significant chance that there may be information out there that may end up becoming problematic for your business. At Coleman Technologies, we can scan to ensure that your passwords or other personal information isn’t readily available. Call us today to learn more at (604) 513-9428.

Variants of Ransomware
Unlike other malware threats, ransomware isn’t designed to gain access to a system to steal data outright. Rather, it’s just to convince the user to hand over some cash for the safe return of their data. Businesses struck by ransomware are in danger of losing their data and money completely, as there is no guarantee that the hacker will ever return the data, even if the ransom is paid in full. There are two different types of ransomware--“locker” type ransomware targets the CPU, while “crypto” variants go for the encryption of file systems.

It doesn’t matter which strand you contract. The basic premise is still the same. After the threat is unpackaged and executed on the user’s device or network, it encrypts access to data, processing, or both, and it gives the system its demands in the form of instructions on how to make payment. The user then has to make the decision of whether they actually pay the ransom. If they don’t, there is always the option to restore from a data backup platform, if you have one.

Ransomware is a drastically different kind of malware compared to the more traditional methods of hacking. Unlike malware that wants to keep itself hidden so it can siphon information from a computer or install backdoors, ransomware wants you to know what misfortune has befallen you. Ransomware has grown more common in recent years, and so many strains are now seen in the wild that it’s tough to keep up with. These attacks have targeted municipalities, enterprises, and other organizations, all with the goal of leeching as much money from them as possible.

How Ransomware is Delivered
Ransomware might seem like something created by only the most nefarious hackers, but in reality, it’s spread in much the same way that any other threat would be. Spam messages and targeted email campaigns can initiate a ransomware attack, either through clicking on infected links or downloading suspicious attachments. In these cases, ransomware is typically most effective against businesses that have poor network security practices.

Take spam, for example. There’s no reason your business should be dealing with messages like this on a daily basis. With enterprise-level solutions, they can be outright prevented from even entering your inbox. The same can be said about your employees. With proper training, they shouldn’t be downloading unsolicited attachments or clicking on suspicious links in emails. If you invest some time and resources into proper network security, you can minimize the odds of being infected by ransomware.

The Consequences of Ransomware
The most dangerous aspect of ransomware is the downtime that ensues because of it. If you can’t get your work done due to your files being locked down by ransomware, you’re simply wasting time. The same can be said for any employee on your network. Assuming that the entire network is now encrypted by the ransomware, your whole organization could be left with nothing to do until either a backup is restored or someone hands over the ransom. It’s generally a best practice to not pay the ransom, as there is no guarantee that the hackers on the other end will stay true to their end of the bargain.

Instead, it’s best to take preventative and proactive measures to ensure that ransomware doesn’t become a problem in the first place. A Unified Threat Management (UTM) solution is a great way to keep your network secure from external threats, and employee training can keep influences beyond your direct control (like your employees) from placing your entire business in jeopardy. It’s also imperative that your business have a continuity and redundancy strategy in place, as in a worst-case incident like a ransomware attack, you’ll want to restore affected files and systems from a time before the attack struck.

To learn more about how your organization can stay safe from malware--including ransomware--reach out to us at (604) 513-9428.

Spam Inundation

If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.

Don't Open Attachments from Unsolicited Emails

This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.

Keep your Computer Safe

Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.

Don't Rely on Email for Storage

Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.

Encrypt Sensitive Data

If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.

Applying Software Patches
It should be clear that software patches are designed to fix security problems and improve the functionality of the software, but some organizations simply don’t have time to implement them manually, or they simply don’t understand the purpose for them. Part of the problem is that sometimes the developers aren’t necessarily clear that patches are available, while other times those within your organization may not even know how to administer them. Regardless of the reason, there are usually problems on a network that will go unattended for extended periods of time.

Most hackers only want to take advantage of the issues they can detect. Thus, there could be countless threats out there designed to target countless unpatched vulnerabilities on your network that not even the hackers can know about. It makes sense for a hacker to use just one exploit to target a handful of vulnerabilities. Therefore, it’s important to make sure that all software that you use is updated and patched.

Additionally, your systems shouldn’t be running unused programs. The more software you have, the more ways hackers can take advantage of your organization’s network vulnerabilities. Moreover, you might even be wasting revenue on renewing software licenses that you don’t even need, so it’s best perform a network audit from time to time to get the worthless software off your infrastructure.

Dodging Social Engineering Attempts
Social engineering is broadly categorized as any method that takes advantage of unprepared users or those who are ignorant of solid network security practices. Examples include a phone call or email message claiming that the network has been breached by a foreign entity and that “tech support” needs to remote into the computer and resolve the issue. There are other, more subtle methods as well, such as targeted spear phishing attacks that go after specific users with personal information that convince them that the hacker is someone in authority.

These types of attacks vary in sophistication, but they can range anywhere from an employee receiving a message claiming that they’ve won a prize, to the intruder physically following your employees into the office and stealing sensitive data manually. In instances like these, a little bit of employee training can go a long way. Teach them to look for anything suspicious, and inform them that vigilance is incredibly important in the workplace.

These two security improvements barely scratch the surface of what your organization should be focusing on for network security. If you want to fully protect your business to the best of your ability, give us a call at (604) 513-9428.

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.