Coleman Technologies Blog

How Blockchain Has Been Shown to Be Vulnerable

Let’s face it… blockchain technology is a human invention, which means that there are going to be some flaws.

Admittedly, the concept behind the blockchain makes this hard to believe: every transaction made through the blockchain, financial or data-based, is given a permanent, designated “block” in the chain. Before the transaction is completed, the rest of the network needs to approve this new block’s validity. The block is then added to the chain, where it cannot be altered and provides an unchangeable record of the transaction - to undo it, a new block would be created. It is only then that the transaction is completed.

While this method may seem foolproof, even “unhackable”, this just isn’t the case. In March of 2014, cybercriminals managed to steal $450,000,000 worth of Bitcoin through a transaction mutability vulnerability, and in June of 2016, cybercriminals managed to steal approximately $60,000,000 by leveraging a recursive calling vulnerability.

Additional Blockchain Vulnerabilities

Again, as a human creation, there are going to be some flaws in blockchain platforms. One investigation revealed that some blockchain and cryptocurrency platforms had over 40 vulnerabilities.

51% Vulnerabilities

Many of blockchain’s vulnerabilities have more to do with the nature of the platform as well. One such vulnerability is known as a 51% vulnerability, and is associated with mining cryptocurrencies. Let’s assume you are a cryptocurrency miner. If you manage to accumulate hashing power that exceeds more than half of what the blockchain contains, you could leverage a 51% attack to manipulate the blockchain to your own advantage.

Naturally, more popular blockchains, like Bitcoin, are far too expensive to be practical targets, but smaller coins are much more affordable to attack and can be lucrative for hackers. In 2018, 51% attacks were leveraged against less popular cryptocurrencies, netting the attackers approximately $20 million.

Security of Private Keys

Using a blockchain requires a user to have a private key. Naturally, if this key were to be stolen, those cybercriminals who stole it would be able to access and tamper with that user’s blockchain. What’s worse, because the blockchain is decentralized, these kinds of actions are difficult to track and even harder to undo.

Breach Examples

As you might imagine, most breaches involving a blockchain are in some way tied to an end user. In 2017, a fraudulent cryptocurrency wallet service was left up for months as the cybercriminal responsible allowed people to funnel their cryptocurrencies into it before stealing $4,000,000 - out of a reported total of $2 billion being stolen since 2017 began. In January 2018, it was disclosed that hackers stole private keys with malware, taking over $500,000,000 in NEM coins (a now-effectively-worthless cryptocurrency established by a nonprofit).

If hackers are able to steal from a purportedly “unhackable” technology, what’s to stop them from stealing from your business?

Cybersecurity solutions from Coleman Technologies, that’s what. We can set up the security solutions your business needs to protect its data, and monitor your systems to detect breaches preemptively, preventing a security issue from happening. To learn more about what we can do, reach out to us at (604) 513-9428.

Your company’s culture is its identity - the impression that your company leaves when someone makes contact. As such, there are assorted reasons that it pays to create an engaging and inclusive company culture.

Draws in Talent

Let me ask you this: would you rather work someplace that had a reputation of nurturing incoming talent and ensuring that this talent had the resources and access that they needed to succeed in their position, or someplace notorious for leaving new employees to fend for themselves, providing minimal direction when direction is necessary to successfully complete a task? My money is on the first option.

One of the biggest benefits to creating a positive culture in the workplace is that more people will want to make it their place of work. This gives you a wider pool of talent from which to select the best candidates, creating a stronger business.

Of course, attracting this talent is one thing, having it stick around is quite another.

Retains Talent and Reduces Turnover

As long as your company culture matches its reputation, the individuals who accept your offer of employment are less likely to leave, barring any personal circumstances that force them to. This is important, as the sudden loss of an employee can have assorted impacts on your business. These impacts can include dropped processes, missed opportunities, and the costs associated with finding, hiring, and onboarding someone to replace the lost employee.

Of course, you don’t have to worry so much about these impacts if your employees aren’t motivated to leave. This is where having a positive company culture is so valuable - you can better avoid the significant costs of losing an employee, continuing to benefit from their skills in the workplace. Research conducted by Gallup indicated that only 37 percent of employees engaged with their work were actively seeking new employment opportunities, compared to a staggering (albeit understandable) 73 percent of those who had disengaged from their work.

Columbia University conducted research as well, and their results followed in the same vein. According to their results, organizations with strong company cultures saw turnover rates of 13.9 percent. 13.9 percent, compared to the 48.4 percent turnover rates at companies with poor company culture.

Boosts Productivity

A happy employee is a productive employee, which translates to direct benefits for your business if your employees remain satisfied. The right company culture can motivate your employees significantly.  The same Gallup research referenced above demonstrated that engaged employees saw productivity boosts of 21 percent. Another study, by IBM-owned Kenexa, suggested that organizations with an engaged workforce were able to bring in twice the income as an organization without these levels of engagement.

Reduces Employee Burnout

There are many reasons that an employee can experience some level of burnout, whether their schedules are overpacked or their hours are simply too long to be sustainable. However, a negative company culture is often overlooked as the root cause of an employee becoming disengaged with their work.

While employee burnout may seem like more of the employee’s problem at first consideration, there are some very real consequences that a business will need to deal with. For instance, employee burnout has been linked to an estimated 49 percent increase in workplace accidents, and a 60 percent increase in errors.

Stressed out employees are a liability to your company, but helping them to reduce that stress with a better company culture can turn these liabilities into true assets.

Better Attendance

Speaking of assets, your employees aren’t going to be very good ones if they are never in the office. A Harvard Business Review study reported an increase in employee absenteeism of 37 percent among disengaged employees. Naturally, if your employees aren’t completing their responsibilities due to this absenteeism, it is going to have an impact on both your business’ success and internal morale.

However, a more positive company culture encourages your employees to report to work, and as discussed above, leads to improved productivity while they’re there.

Is Company Culture Really So Important?

Based on the outcomes discussed above, it is pretty clear that the better your company culture is, the more effectively your business will be able to operate. So, how can you improve yours?

One way is to give your team the tools they need to complete their tasks more easily than they could with outdated and insufficient IT solutions - and the efficiency boost that new IT solutions will bring can free up some time to develop your company culture even more. Coleman Technologies can help to make sure that you are using the tools that are best suited for your company’s (and by extension, your employees’) needs. Give us a call at (604) 513-9428 to learn more.

Uses for the Cloud

No matter what your business needs, there is likely a cloud solution for it. Hosted VoIP and email are great communication tools. Infrastructure and Platform as a Service solutions empower organizations to leverage more flexible computing power. Software as a Service and hosted storage are available for all of your organization’s needs.

In the end, you can get just as much done with cloud infrastructure as you can with onsite hardware.

The cloud allows for functionality and redundancy, no matter what the industry is or the kind of workforce it contains. These services can be utilized as needed and deployed quickly.

The Drawbacks

Cloud computing isn’t perfect. Businesses can create a private cloud system that can create large costs for their bottom line while also maintaining the control, management, and accessibility… but again, a lot of thought needs to be invested into this kind of solution. Environments that are hosted outside of a service provider can be difficult to control, since your organization doesn’t have control over the hardware it’s hosted on.

A major drawback of cloud computing can actually be the cost. Since the IT infrastructure used to run the solutions is managed by the service provider, the price is adjusted accordingly. If your business needs a certain number of cloud licenses, you could see the cost of your solution rise. Plus, if you don’t cancel accounts when employees leave, you could be paying more for services that aren’t being utilized.

Furthermore, imagine if your organization has teams assembled that need to use three or four cloud-based applications to complete a project. Think about all of the money that’s spent just providing access to the appropriate software solutions. If it’s not properly managed, your return on investment could be put in jeopardy.

Coleman Technologies can help you keep track of your cloud-based resources, whether you’re just hitting the cloud environment, or you have an established presence in the cloud. To learn more about how we can help you manage cloud applications, reach out to us at (604) 513-9428.

What Makes Spear Phishing Different?

As a rule, spear phishing is a much more precise and personalized process. To keep to the “fishing” analogy, a generalized phishing campaign casts a wide net, trying to snare as many victims as possible with their scam. Utilizing vague and generic language, the ‘typical’ phishing attack is made to appear to come from a large organization, informing the user of some need for the user to take action, resulting in the hacker gaining access to the user’s information. This methodology makes the typical phishing attack fairly effective against many people, while simultaneously easier to spot if one knows the warning signs.

By comparison, spear phishing is far more precise. Instead of trying to find value in the quantity of targets snared in a trap, spear phishing takes the opposite tack. Using a highly targeted approach, spear phishing attacks are directed toward a specific individual within an organization.

This specified approach means that the generic messages that many phishing attempts leverage simply won’t be enough to fool the intended target. Instead, the hacker has to play investigator, seeking out as much information as they can about their intended target. Where do they work? What is their position in the company? Who do they frequently communicate with? Once the hacker has collected enough information to create a convincing message, they will typically spoof an email to their target. This email will usually contain some reference to a known contact or some in-progress project to make it more convincing and will request that the recipient download a file via a provided link.

However, while the link will direct to what appears to be a Google Drive or Dropbox login page, it is just another layer to the deception. Entering credentials into this page will give them right to the hacker for their use, breaching the user’s security and putting the entire business at risk in one fell swoop.

What Methods Do Spear Phishers Use?

Due to how spear phishing works, the messages sent by hackers need to be as convincing as possible. Combining extensive research with some practical psychology, a hacker has more ammunition to power their attacks.

As mentioned above, spear phishing is far less generic than the average phishing attempt. By referencing specific people, things, and events that mean something to the target, or appearing to come from an internal authority (a manager, perhaps, or even the CEO), the hacker can create a message that is less likely to be questioned. If the hacker writes their messages without any spelling or grammatical errors, as many spear phishers do, it only becomes more convincing.

These hackers are so reliant upon their target being fooled; many will purchase domains that strongly resemble an official one. For instance, let’s say you owned the domain website-dot-com. If a hacker decided to pose as you to launch a spear phishing attack, they might purchase the domain vvebsite-dot-com. Without close inspection, the switch may not be noticed - especially if the hacker creates a good enough lookalike website.

Am I A Target?

Of course, the research that a hacker has to do to successfully pull off a spear phishing attack is extensive - not only do they have to identify their target, they also have to figure out the best way to scam this target. Generally speaking, a hacker seeking to leverage spear phishing will focus their efforts on anyone in an organization who could potentially access the information that the hacker wants but isn’t high up enough in the organization to question an assignment from above.

Or, in more certain terms, a business’ end users.

In order to minimize the chances that a spear phishing attack will be successful against your company, you need to make sure that everyone subscribes to a few best practices. For example:

• Pay attention to the finer details of an email. Is the message actually from This email address is being protected from spambots. You need JavaScript enabled to view it., or does the email address actually read This email address is being protected from spambots. You need JavaScript enabled to view it.? Did Christine/Kristine include any attachments? As these can be used to spread malware via email, you should avoid clicking on them unless you are certain the message is legitimate.
  
  
• Is the message written to sound overly urgent? Many phishing messages, especially spear phishing messages, will try to push an action by making it seem as though inaction will lead to a critical issue. Another warning sign to look out for: any deviation from standard operating procedures. Don’t be afraid to question a sudden switch from Google Drive to Dropbox - it may just be the question that stops a spear phishing attack.
  
  
• Speaking of questioning things, don’t hesitate to make sure that any messages you suspect may be spear phishing aren’t actually legitimate through some other means of communication. A quick phone call to the alleged sender will be well worth avoiding a data breach.
  
  

While spear phishing is a considerable threat to your business, it is far from the only thing you need to worry about. Coleman Technologies can help your business secure its IT solutions and optimize them for your use. To learn more, subscribe to our blog, and give us a call at (604) 513-9428.

Today’s world is driven by data. As a result, information systems have to be secured. That really is the bottom line. Business is all about relationships and without proper security protocols in place, there are some very serious situations that could completely decimate the relationships you’ve worked so hard to forge. While today’s hackers have a lot of different ways to breach an organization’s network, data breaches that occur as a result of lax security are unforgivable from a customer standpoint. Some organizations can spend more on security than others, but it with the landscape as it is today, it has to be a priority, no matter your IT budget.

Here are some of the regulations all business owners and IT administrators should know:

• GDPR: The European Union’s General Data Protection Regulation is as comprehensive a data protection law as there is. Its aim is to protect the citizens of EU-member countries from data breaches. The GDPR applies to every organization that processes personal information of people residing in the EU.
• GPG13: Known as the Good Practice Guide 13, it is the U.K.’s general data protection regulation for organizations that do business in the U.K.
• HIPAA: The Health Insurance Portability and Accountability Act puts several guidelines on how patients’ data is shared and disseminated by insurers and health maintenance organizations.
• SOx - The Sarbanes-Oxley Act requires corporate records to be kept for seven years to ensure that there is transparency in the accounting. For IT this means being able to have access to data to run reports when called upon.
• PCI-DSS - Payment Card Index Data Security Standard are regulations enacted to try and reduce fraud by protecting an individual’s credit card information.

That’s just a few of the regulations business owners and IT administrators have to be cognizant of. For business owners there are several more, like the federal and state tax codes, and the adherence to the Affordable Care Act. All these regulations seem pretty straightforward and necessary until you begin to roll them out for your business. Then they just get expensive. In the first-ever Small Business Regulations Survey conducted by the National Small Business Association, the numbers reported, although not comprehensive by any means, weren’t pretty. To put it frankly, the cost to the small businesses that reported, would sink as many or more new businesses.

“The average small-business owner is spending at least $12,000 every year dealing with regulations,” NSBA President Todd McCracken said, “This has real-world implications: more than half of small businesses have held off on hiring a new employee due to regulatory burdens.” The report goes on to state that the average regulatory costs to start a new business venture add up to a whopping $83,019. These figures don’t take in to account the dozens of man hours each year spent on these very complex problems. It should be stated that the NSBA has been a long-standing advocate of reducing regulations on small businesses.

Regulators are paid to be skeptical, but overall they are put in place for a purpose, as oversight to ensure sustained adherence to data protection laws. How much can they demand from a small business? The question begs for analysis, as to listen to entrepreneurs talk about them regulations are unnecessary, but as stated before, these regulations aren’t just implemented willy-nilly. They have empirical evidence of immoral or unethical wrongdoing attached to them. Moreover, it becomes clear that the financial pain these entrepreneurs are in is indefinite, which means that it is highly debatable. The truth is that each scenario needs to be seen in perspective in order to understand just how much certain regulations are costing a business.

One thing is certain: that the average small business pays more for their regulatory compliance programs than larger businesses in the same market do. That disparity is a main point of contention for many small business owners, as it directly affects a company's ability to compete. Some studies have seen organizations that have less than 20 employees charged nearly 60 percent more than slightly larger businesses. Getting into which regulations are onerous and which are necessary would take an examination of each one in detail, so it’s worth it to repeat that these regulations were bred out of situations where individuals were hurt, making them an important part of the oversight process.

To Comply or Not To Comply? That Is the Question
Small business owners who have been reprimanded or fined as a result of a lack of regulatory awareness have a tendency to get the message, but if an organization is notoriously noncompliant and has slipped past regulators, there is a tendency for them to stay the course; and, that course is filled with nothing good. Many european and multinational corporations are expecting to invest $1 million toward their GDPR compliance. Obviously this figure, despite being higher per user, will be substantially lower for small and mid-sized businesses. The cost, however, remains significant, and while an organization could probably get around it for a bit, when it hits, it could just sink the whole business.

According to Infosecurity Magazine, the average cost of compliance with GDPR is costing enterprises and average of $5.5 million, which comes in about a third of the estimate cost of noncompliance, $14.82 million. That’s a lot of cheddar. It stands to reason that if you are going to spend upwards of 10 percent of your yearly IT budget on ensuring your organization is compliant, that you meet the criteria under the regulation. The best way to do that is by finding affordable solutions that won’t take as big of a chunk out of your operational budget every year.

More than the capital, a business that doesn’t adhere to simple IT regulations probably isn’t adhering to other regulations. Would you want to do business with someone that you know won’t do what’s asked of them to protect YOUR data? Unreputable businesses that are looking to gain an edge by not meeting regulations will pay later for not spending now, end of story.

Compliance and Your Business
Finally, we get to your business. How are you going to plan for your compliance burden? The best way is to educate yourself on what exactly your business needs to plan for by looking at the regulatory mandates, sure, but more often seeking out organizations who have already insulated themself from the risks associated from noncompliance. This is where a managed IT service provider (MSP) can be a godsend. Since we take security compliance extremely seriously, and deal with multiple businesses that represent several vertical markets, we have the perspective that can provide a clear strategy on how to avoid problems staying compliant.

Moreover, MSPs like Coleman Technologies use extremely sophisticated monitoring, management, and reporting software to reduce risk and put our clients in the best position to prepare for any audits or assessments that need to be completed by regulators. Since the regulatory landscape is constantly changing, our IT professionals are in a unique position to serve as both IT administrator and regulatory consultant.

If you are searching for a way to control your compliance situation, look no further than the IT professionals at Coleman Technologies. We can deploy our strategies made up from tried and true industry best practices to virtually eliminate any risk your organization would have as a result of compliance concerns. Call us at (604) 513-9428 today to get started.