Coleman Technologies Blog

Stay Organized Whenever Possible

Any business owner receives countless emails on a daily basis, and when they all collect in one place, they can quickly become overwhelming. The issue with this is that, when you have to focus on too many messages at once, it’s more likely that you’ll miss important messages, focus on the wrong tasks, or even respond to messages thinking they are different ones, creating some messy confusion. If you can’t determine what’s important in your inbox, how can you even be productive? We recommend placing filters on your inbox so that you can determine a message’s importance, sender, topic, and even more to navigate and sort your inbox in the most efficient way possible.

Allocate Time to Your Inbox

You should always set aside a specific amount of time every day to deal with the emails you receive. If you don’t, chances are that you will get sidetracked by a task and possibly miss out on responding to important emails. One thing to keep in mind when considering how quickly you should respond to emails is that messages that are the most important aren’t going to come in your email inbox. The ones that are critical will likely come in other forms, such as someone within your organization knocking on the door or giving you a phone call to make the issue known.

Use Alternative Communication Methods

If you find yourself stuck with a perpetually full inbox, perhaps you could benefit from sending or receiving fewer messages. If the message is short or a simple notification, perhaps it would be better to use alternative means of communication, such as an instant message. This is particularly great, as it cuts down on the back and forth required for a quick conversation, as well as takes the urgency out of a situation.

Make a Quick Phone Call

Sometimes a matter is too important to leave to an email. In cases like this, making a phone call is the most prudent. Furthermore, meeting in person can take this advantage one step further, as you eliminate the possibility of intent being misconstrued altogether, making it much easier to be as clear as possible.

To learn more about how you can eliminate the pains of email, reach out to us at (604) 513-9428.

Before we go into depth about network and cybersecurity, we’d like to point out just why they are so important. You invest a lot of time and money into making your business what it is. You pay a lot of money for hardware, software, services, and time to give your business a chance to succeed. The act of protecting your business, its staff, vendors, and clients is one that should be taken seriously, because if any are compromised, your business is in trouble.

The Protection of Business Computing

Today’s business uses a computing infrastructure that is much larger and complex than most and includes considerations outside the physical confines of the network. Cloud services have become a very popular product for businesses and individuals alike. Cloud services are hosted in some other place, and by companies that have taken great diligence at securing their solution. For obvious reasons, you can’t guarantee that your cloud-hosted data is 100% secure, but logic suggests that a company offering computing services over the Internet would be in serious trouble if they were to have their security compromised.

These services all have dedicated access control systems that are designed to only let authorized users in. Some organizations also require their staff to utilize two-factor authentication to secure the solutions further.

This brings us to the perimeter of the network. Regardless of a company’s ineptitude with cybersecurity, there is typically some form of firewall that stands between the Internet and the company’s network. If the firewall is properly maintained with threat definitions, it will stop a good amount of unwanted traffic. It’s just not enough. With the immense amount of attack vectors threats are coming from nowadays, a stand-alone firewall is like a single sheet of flypaper in front of a window.

Going the Extra Mile

In order to keep their business’ data and infrastructure safe, many organizations have begun to utilize Intrusion Prevention Systems (IPS). These systems include Intrusion Detection Systems (IDS), software that attempts to block determined threats, and logs network traffic so that IT professionals can go in and see the current state of the network.

For years, this would have been enough technology to keep most threats out. Nowadays, however, it’s really just getting started being vigilant. If you consider your network to be like an onion, you need to understand that each layer needs to have its own set of security protocols that typically come in the form of a dedicated access control system and a firewall.  This way, every “layer” is protected from its perimeter, to the applications, to the databases that hold all your data. This tiered access control system is designed specifically for your needs and is in place to do one thing: protect your assets.

It also works to protect your business against the biggest digital threat on the Internet: phishing attacks.

A phishing attack is where someone outside your network tries to infiltrate it by passing off some form of correspondence as legitimate. It’s all a fraud. Verizon, who does an annual study of cybersecurity, found that around 90 percent of all network attacks are the result of successful phishing attacks. Unfortunately, there is no piece of software out there that will make phishing attacks completely benign. That is why training is so important.

Training Your Staff

Training your staff about phishing (and cybersecurity in general) has to be a priority. You’ve spent a lot of capital and time building what you have, and the thought of losing it because you bullheadedly forged ahead without getting your staff trained up properly could be thought of as shortsighted.

A phishing attack is now the preferred method of hacking. Since security systems have evolved to be hard to crack, hackers now look to use your staff’s legitimate credentials to gain access to your network, applications, and databases. By training your staff about phishing, specifically what to look for, how to react when they come across phishing attacks, and what the consequences of a phishing attack can mean for your company, you should be in a better position to protect your network, infrastructure, and data against the onslaught of outside phishing threats.

To learn more about how to secure your network, train your staff, and acquire the technology you need to protect your business, reach out to Coleman Technologies today at (604) 513-9428.

Password DOs
Password security doesn’t have to have a nuisance. Here are some of the easiest best practices to follow when building a password.

• The longer the password, the better: Long passwords are better for security than short passwords, but only if the password contains a varied-enough string of characters. You should aim for at least 16 characters.
• Special characters, numbers, and symbols are great for security: A strong password will contain both forms of letters, numbers, and symbols.
• Alphanumerics are ideal: If you’re trying to improve security, use alphanumeric passcodes. Try replacing a lower-case “i” with an exclamation point, or an “a” with the “@” symbol.
• Passphrases work wonders: If you find passwords are hard to remember, a passphrase might help. Use a short phrase that is easier to remember, but difficult to guess. A good example is, “iL0veW@ffle$2much” instead of “ILoveWafflesTooMuch.”
• Password variety is key: It might seem counter-intuitive to use multiple passwords that are difficult to remember, but it’s much more secure to use different passwords for each of your accounts. If the same password is used for each account, all it takes is one breach to expose multiple accounts to risk.

Password DON’Ts
Of course, best practices are more than just what you practice; it also includes what you don’t practice. Here are some pointers.

• Avoid words like “password”: Some of the most common passwords out there include “password” and “notapassword.” You should avoid using these whenever possible, as they are often the first ones to be cracked.
• Avoid key strings like “qwerty”: Strings of characters with consecutive keys, like “qwerty” and “12345678,” should be avoided at all costs.
• Don’t include sensitive information: You wouldn’t believe how easy it is to find sensitive or personal information about an individual--especially if you are the target of a hacker. To make sure a hacker can’t use any information contained in your password against you, avoid using anything like this in your password altogether.

Coleman Technologies can equip your business with a password manager to improve network security and better manage account passwords. To learn more, reach out to us at (604) 513-9428.

What Is Phishing?
Phishing scams can be considered any digital attempt against your organization to extort credentials or other important information. The method doesn’t really matter, though it does change the way that phishing is identified. For example, more targeted attempts at specific individuals are called “spear phishing,” whereas impersonating a company’s CEO is considered “whaling.” Either way, the end result that the phishing attempt hopes for is that someone will fall for their tricks.

Vectors for Attack
The first thing to remember about phishing attempts is that they don’t happen exclusively through email. They can come in a variety of ways, including through social media applications, phone calls, and other outlets that you might not suspect without a little predisposition toward them. Here are some of the most common ways you might encounter a phishing attack:

• Email messages, where senders spoof addresses and try to convince users that they are someone important to your organization.
• Phone calls, where callers impersonate someone you know or someone of authority, like a government official or business leader.
• Social media messaging is a more personal method of phishing in which identity thieves try to impersonate people you know in your personal life.

The Giveaways
A good rule to keep in mind is that phishing attacks tend to be rather suspicious in nature. For example, if someone who doesn’t normally send you messages suddenly reaches out, and it’s seemingly uncharacteristic of them, be a little suspicious--particularly if they are using language that seems unlikely. Here are some other tips to identify phishing attacks before they have enough of a chance to be dangerous:

• Spelling and grammar errors: More often than not, spelling and grammar errors in phishing messages are quite commonplace, and they signify that something is not as it seems. If you see lots of these errors, you need to be very careful about navigating the messages.
• Immense sense of urgency: If the message prompts you to take action immediately, either out of fear or because it tries to convince you it’s in your best interest, approach it with an extra side of caution. Phishing attempts try to get users to take action as soon as possible; this means that users aren’t thinking things through or discovering that the message isn’t legitimate.
• Suspicious account activity: On social media, if you have a friend who you haven’t heard from in a very long time, chances are it’s not actually the friend reaching out to you if they need money or want you to click on a link. In cases like this, always use discretion.

To limit the damage done by phishing attempts, consider the following measures:

• Implement a spam blocking solution. While it might not help with more specialized phishing attempts, it should limit the most generic ones.
• Educate your employees--this point speaks for itself. If users know what to watch out for, they will be less likely to make mistakes that expose sensitive data.

Does your organization need a way to protect itself against phishing attacks? We can provide your business with the training required to best secure itself. To learn more, reach out to us at (604) 513-9428.

What’s At Stake?
Imagine a scenario where your business has allowed an external entity entry to your network. What kind of sensitive documents are found on it? Think about all your trade secrets being stolen and sold somewhere on the black market, and that’s not even considering the repercussions of any personally identifiable information being stolen. And when your business has a reputation of network security being poor, you might start having trouble finding people who are willing to work with you. Plus, the fines associated with security breaches could be enough to force your business to file for bankruptcy.

Security Solutions for Business
Generally speaking, the most common security measures you will see for small businesses are enterprise-level solutions that are accessible, yet powerful at the same time. Among these are Unified Threat Management, Virtual Private Networks, and Mobile Device Management. All of these services provide some level of security for businesses that need it, but in different parts of operations. They are all equally important, though, and you should consider each of them to optimize network security.

• Unified Threat Management: A UTM solution combines four enterprise-level solutions into one tool, providing a plethora of protection from online threats. A UTM includes a firewall, antivirus program, spam blocking system, and content filtering solution, all to minimize the chance of threats infiltrating your network and eliminate the ones that do.
• Virtual Private Networks: VPNs are critical to keeping your data secure while accessing it outside the protection of your network. VPNs offer encrypted access to data found on your network, eliminating the possibility of onlookers stealing data while it’s in transit.
• Mobile Device Management: With so many mobile devices in the workplace, it’s no surprise that users are taking data with them while out of the office. Without proper measures in place, data could be put at risk. Mobile device management allows your organization to control consenting devices through the use of whitelisting and blacklisting applications, remote wiping, and user access control. This creates a safety net that your business can fall back on if a device is ever lost or stolen.

Implementing the right security measures can be challenging, to say the least. Coleman Technologies can help your business implement useful new additions to your security infrastructure. To learn more, reach out to us at (604) 513-9428.