Coleman Technologies Blog

When you suffer a data breach, you might wonder how you can possibly come back from such an event, especially if it leads to a network compromise. Can your business rebound effectively, and if so, what do you need to do to make sure that it doesn’t happen again? It all starts with understanding how much data you need to function, as well as how much downtime you can afford to suffer from.

With all this in mind, you need to have a business continuity plan to prepare for the worst. Your business cannot afford to not be prepared for downtime-causing incidents. You can have the strongest security system in existence and still suffer from a data breach; therefore, you need to have contingencies in place that can help you navigate these unfortunate and unlikely scenarios in an effective way.

You should be backing up your data for multiple reasons beyond cybersecurity. You also must prepare for damages to your physical infrastructure that could affect your data, like natural disasters and user error. Let’s go over what business continuity and disaster recovery mean for modern businesses.

Business Continuity and Disaster Recovery Are Two Different Things

Business continuity and disaster recovery are often mistaken to be the same thing, but the fact is that disaster recovery is part of the greater business continuity effort. Business continuity includes far more than just data recovery; it also includes administrative aspects of running your business, including other events that could derail operations. Disaster recovery, in essence, is one part of an effective business continuity plan.

Disaster recovery starts with data backup, and if you think your business can run without it, you’ve never tried to run it without data or applications. Some businesses can suffer from downtime for longer than others without serious ramifications—this much is true—but enough downtime can cripple any business. This is why it’s important to know what standards you are working toward regarding disaster recovery.

What You Must Consider

Proper backup protocols include far more than storing copies of your company files in a safe location. It also means making sure they are accessible when you need them most. Not all disasters are going to hit you hard enough to knock you out of commission permanently, but you should treat each of them as seriously as they could. Even something as simple as a malware attack or a user error could make more work than necessary for your company if you’re not prepared to deal with it.

We want you to take this major point away from this blog. You should store multiple copies of your data in various locations, both on-site and in a secure, off-site data center (or the cloud). With these contingencies in place, you should be prepared for any situation that could derail your operations, whether it’s hardware failure or a hacking attack. A BDR solution from Coleman Technologies can prepare you to restore your data as quickly as possible following a disaster through a temporary server which can keep operations moving while IT repairs or orders a replacement server. On top of that, our BDR solution is much faster at restoring a backup onto a new server compared to traditional backup methods, saving you a ton of time and labor.

To learn more about how a BDR system can be just the right proactive solution for your business, contact us today at (604) 513-9428.

In the wake of Hurricane Beryl, businesses have another reason to reflect on data backup, disaster recovery, and business continuity. Since the hurricane made landfall in Texas, despite being downgraded to a tropical storm, it still caused over $5 million in damage to islands across middle America.

Hurricanes can cause significant damage and loss of life, and we would like to express our deepest best wishes to anyone who may have been impacted by the situation. While we hope that you made it out of Beryl unscathed, the same might not be said for your business’ technology and data systems.

We can learn about data backup and business continuity from this situation, specifically what it is, and reflect on why it’s required.

Understanding Business Continuity

In its most basic terms, business continuity is ensuring that you can maintain a certain level of operations, even under the worst possible conditions.

The idea of business “disasters” doesn’t amount to natural ones like a hurricane. It includes so much more that you don’t have much control over. You need to be ready to respond to these situations that might prevent your business from functioning as it needs to. Three-quarters of companies without a business continuity plan fail within three years of suffering from a disaster.

If this isn’t sobering enough, I don’t know what is.

Data backup is only one part of your business continuity strategy. We’ll go over some of the specifics of what you should aim for today.

How to Build Your Business Backup Strategy

To prepare your business’ backup plan, consider the following questions:

How many backups will you maintain?
You should have several backups in place that you can restore from, as you can never rely on one singular copy. You never know if it will be available, reliable, or configured appropriately. Maintain multiple backups so you have a dependable backup at all times.

Where are your backups stored?
You should store your backups in multiple locations, including at least one copy on-site and one off-site, preferably in the cloud. This ensures that your data will always be protected, even if one of your backups is destroyed by a disaster.

How often are backups taken?
You should take full advantage of backup tools that allow for incremental data backup. This will allow you to rewrite data that has changed since the last scan rather than rewriting the entire backup. These smaller-scale backups can occur as often as every 15 minutes, making them more reliable and less prone to data loss than the large, end-of-day backups that have traditionally been done in the past.

Implement Business Continuity and Data Backup Today

Your business shouldn’t have to suffer from a disaster, natural or otherwise. Business continuity and data backup address this pain point. Learn more about what we can do to preserve your business by calling us today at (604) 513-9428.

Perhaps predictably, the word “insure” has roots that tie it closely to “ensure,” as it is meant to ensure a level of security after some form of loss. Nowadays, that loss often pertains to data, making cyber insurance an extremely valuable investment for the modern business to make.

However, in order to obtain this kind of insurance, businesses commonly need to meet some basic requirements. Let’s go over some of these requirements now.

What Are Insurance Providers Looking for to Approve Cyber Insurance?

It’s important that your business is not only meeting the requirements that an insurance provider expects from you, but that you also have it fully documented. This helps make it easier for everyone to stay on the same page, as well as to evaluate how prepared the business is to protect its data. What follows are some of the preparations that many insurance providers expect to see from businesses seeking coverage.

Multi-Factor Authentication Protecting Email (at a Minimum)

It should come as no surprise that email is a major target for cybercriminal activity. It’s popular, it’s convenient, and—as countless attacks have proven—it works. If a cybercriminal manages to gain access to a target’s email account, they effectively have the keys to the castle, as any accounts tied to that email can then be altered and adjusted.

This is what makes it so important that if you have multi-factor authentication protecting anything, your email is a good candidate… although, we recommend that it’s implemented wherever it is available. Multi-factor authentication reinforces your security by adding additional requirements to a login process before access will be granted, ideally by also requiring a user to confirm their identity, often through a secondary key or by providing a generated code or biometric proof.

The long and the short of it is that MFA is a very effective means of eliminating unauthorized access, which is something that insurance providers want to see before they offer coverage.

Testing and Training for Cybersecurity Awareness

On a related note, insurance providers want to see staff engagement where a business’ cybersecurity is involved. After all, all the protection in the world won’t matter if one of your team members leaves the door open or allows an attacker in. This makes it critical that your team knows about the threats they face and—crucially—how to appropriately identify and react to these threats as they encounter them.

Due to the evolving nature of cybercrime, this needs to be an ongoing process. You should be regularly evaluating your employees with and without warning, providing immediate education to anyone who misses one of your simulated threats. Your potential insurance provider will likely want to see documented proof that these steps exist and are enforced as they consider your application.

Incident Response, Backup and Disaster Recovery, and Similar Defenses

In order for these policies to stay profitable, insurance companies will want to see that every precaution has been put in place. After all, the less likely a policyholder is to suffer the damages that their policy covers, the less likely it is that the insurer will have to issue a reimbursement payment. As a result, insurance providers like to see that businesses are as prepared as possible, so they don’t just want to see preventative measures, but mitigations as well.

Therefore, your insurance provider is going to want to see everything you have in place as a part of your incident response plan. They’ll want to see that your backups are situated and updated appropriately, they’ll want to see established processes and systems, and they’ll want to see that you have different people assigned to carry these processes and systems out.

Applicable Compliance Gap Assessments

Chances are pretty good that you process credit card information as part of your business operations in some shape or form. This means that you presumably need to align to the Payment Card Industry Data Security Standard (PCI DSS), which dictates what businesses need to do to protect the information of their cardholding customers. A gap assessment is a process that helps you identify anywhere that you fall short of true compliance, allowing you to more effectively resolve these issues to reach the standards expected. Because of this, insurance providers will want to see the results of your gap assessments and documentation of any steps that you’ve taken to fix the issues present regarding any applicable compliance requirements.

We can help you maintain the standards that an insurance company will be looking for to approve your business for cyber insurance coverage. Learn more about our managed IT services by giving us a call at (604) 513-9428.

Other than the innovative jump from tape, data backup hasn’t seen too many great leaps forward, so to speak. Sure, businesses don’t have to worry about resource-intensive manual backups anymore, but the standard approach is so rock-solid that innovation isn’t necessarily needed at this point. Today, we are exploring the backup and disaster recovery process and how modern-day solutions have made an effective tool even better.

How BDR (Backup and Disaster Recovery) Devices Work

Did you know that nearly two out of five small and medium-sized businesses don’t have a backup solution in place?

This might surprise businesses that fully use their Backup and Disaster Recovery (BDR) platform. Despite our industry’s best efforts to educate and inform business owners of the importance of such a solution, what do these businesses do when they face a disaster or data loss incident?

Thankfully, most businesses with a system in place use BDR, and not tape.

BDR works by taking incremental backups. The solution then pushes a copy to an off-site location, typically a data center or the cloud. With BDR, you can rest easy knowing that your data is fully redundant. You’ll have a copy of your data in the cloud, on-site, and secure in an off-site location for whenever you need to deploy it.

BDR embraces the redundancy expected in today’s world of cyberattacks, user error, and natural disasters, and your business needs to do the same.

How Innovation Has Influenced Backup

Certain technologies, such as artificial intelligence and blockchain, can make data backup more efficient and reliable.

AI for Data Backup

Efficiency is the name of the game with artificial intelligence.

Through automation, AI can eliminate human error from your data backup solution. This makes your data backup system significantly more reliable and efficient. With data protection, you can’t take any risks, so this is an important trait to have.

AI can also help your data solutions integrate with your other business IT systems to improve redundancy further.

Blockchain for Backup

You might know the blockchain from its integration with cryptocurrency, but it’s also helpful for various parts of the backup process.

The blockchain is an immutable ledger distributed over various systems to ensure the reliability of its data. The data on the blockchain cannot be altered without creating a new node. In essence, this means that the blockchain is a powerful solution for security.

It’s not a perfect solution for data backup, but it can ensure that your backups are stored securely and reliably.

For assistance with setting up a secure BDR solution, contact Coleman Technologies at (604) 513-9428 today.

Tape backup has been used for a long time, and it was once the most prominent solution for data backup out there. Nowadays, it’s not used much at all, mostly in favor of better and more convenient solutions. However, there has been a slight resurgence in tape backup, so we want to look at why some companies might still use it, despite its flaws.

Why Use Tape Backup?

Data redundancy tends to fuel businesses and their data strategies, and this is even more true as the cost and availability of digital backup systems has decreased over time. Tape backup has mostly been phased out, but some businesses still choose to cling to it for a variety of reasons. Here are some of them:

• Reliability and Longevity: Tape backup is reliable, and has been for a while. It can last for a long time when it’s cared for properly, being less susceptible to corruption over time compared to some storage media.
• Long-Term Storage: Tape is also helpful for storing large amounts of data for long periods of time. The infrastructure is the initial investment, but ongoing costs are low compared to other solutions.
• Data Retention Regulations: Data retention is a point of contention for some organizations, entities, and industries. Tape backup is a way to meet those standards for the sake of compliance, if nothing else.
• Large Data Sets: Businesses that have a lot of data to work with will find cloud backups somewhat impractical, largely due to bandwidth limitations. Tape backup can skirt around this issue.
• Legacy Systems: If compatibility with legacy systems is a factor, then tape backup could give businesses an out while they migrate to newer systems.
• Offline Backups: Tape is stored offline and in a secure off-site location, keeping data loss low in the event of a system failure or natural disaster.

Other Solutions Are Better, Though

We think it’s great that people are making the effort to protect their data, even if it’s with tape, and even if there are better options available. One such solution that we love to recommend to our clients is the BDR, or backup and disaster recovery solution. This system uses incremental backups that occur as often as every 15 minutes to save and store data both on-site and in the cloud or a secure, off-site data center. This provides the redundancy needed to guarantee recovery when it’s needed most.

In comparison, tape is labor-intensive and time-consuming. It could take hours or days just to restore a backup. It’s not reliable, and you can do so much better. Let us help you get there with BDR. To learn more, call us today at (604) 513-9428.

1. Compliance Concerns
First, you need to be sure that your data is not only stored securely but is also sent back and forth to your backup solution properly. This is especially true if your industry is subject to any government mandates concerning how data must be handled, as the penalties for non-compliance can be just as severe as the influence of data loss would be.

Whether you manage your own solution or leverage a vendor to keep your data securely backed-up, the same severity applies. The size of your business has no influence, either, despite many smaller organizations having a difficult time keeping up with these regulations. These businesses are especially benefited by the availability of outsourced IT resources, as these providers are better prepared to see to these compliances and minimize any risk.

2. Costs and Scalability
It is also important to recognize your needs, including the costs that fulfilling those needs may incur (like how much a cloud provider charges for you to download your backed-up data). Before you select a particular cloud provider, make sure that you have considered all of these charges.

Furthermore, a backup solution that can only keep you safe from major disasters is one that overlooks a huge percentage of the actual issues you are apt to face. Sure, ransomware attacks and fires happen, but so do hard drive failures and other causes of small-scale data loss. Every strategy you enact needs to be documented properly, with useful information shared clearly, succinctly, and actionably.

3. Lack of Management or Testing
If your company is ever in the position that it needs to lean on a data backup, they’re going to need to lean on a leader to ensure that this process goes without a hitch. In many cases, this role would fall on your shoulders - but what if something goes down while you (or whoever is in charge of managing the recovery process) aren’t there?

This is why you need to keep a comprehensive, up-to-date plan prepared for just this occasion, a hard copy ready to be referenced on-site as well as one digitally stored in your backup files.

In addition to this preparation, you also need to make sure that the backups you’ve prepared actually work in the first place. A backup will do you no good if you can’t recover the data from it, after all. Make sure that, just as you would a fire drill, you practice utilizing the backup on occasion.

How Coleman Technologies Can Help
We have the expertise and capability to put together just this kind of strategy for you and your employees to leverage. That way, you can be confident that your disaster recovery won’t just be a new disaster to deal with. Reach out to us at (604) 513-9428 to learn more today.

The COVID-19 pandemic has certainly thrown us all for a loop, with many businesses wisely choosing to close their office doors, either scaling back their operations or choosing to utilize a more mobile workforce. While this clearly qualifies as a disaster, it isn’t one that holds too many risks against your data; at least, not when compared to some others. This gives us a chance to consider how well-prepared we are for other disasters that could pose more of a threat to the information and files your operations depend on. For instance, how would you respond if something were to happen to your actual business infrastructure (and, by association, any data you had stored there)?

The standards accepted as best practice today say that the smart move is to preserve at least one copy of your data in an offsite location. That way, if something were to happen to your in-house servers, you know that there’s another copy safely stored away. If you have a BDR set up, this can then act as your temporary server to enable your team’s continued productivity (even while working remotely) until the servers can be replaced.

So while the timing of World Backup Day isn’t the best this year, its lessons remain just as important:

• The 3-2-1 Backup Method - Using the 3-2-1 method means that you keep at least three copies of your data. Two copies can be stored onsite, while one is kept in an offsite data center or other cloud storage option.
• Backup Your Backup - You will want to check all of your backups (and then check again) to ensure they were taken successfully. There are several reasons a backup could fail, so you should never assume they are working. Check them, double-check them, and then check them again after that. If you ever need your backup, you’ll be glad you made sure. 
• Protect Your Backup - All devices that contain your data need password protection at the very least, with added multi-factor authentication for extra benefit, including your backups. You should also protect your backup’s storage solution with an up-to-date antivirus/antimalware protocol.

For help in setting up your business with the protection that a data backup brings, with the added disaster recovery benefits you will need, reach out to us at (604) 513-9428 today.

Stuff happens, and this stuff can often be bad. That’s an inescapable part of life, especially if you’re trying to run a successful business. That said, the consequences of this bad stuff can usually be minimized—if not mitigated entirely—when you have a proper disaster recovery strategy.

Let’s review what goes into preparing this kind of strategy in the most effective way and what makes it so crucial.

Why Do Businesses Need a Disaster Recovery Plan?

Isn’t the idea to avoid disasters?

While yes, it is always preferable for things to go smoothly, we said it above… stuff happens. This stuff can come in all shapes and sizes, too.

• Weather events can interfere with your operations and potentially lead to infrastructure damage.
• Fires, floods, and other mishaps can also damage your infrastructure.
• Cyberattacks and bugs can render your technology inaccessible.
• Power or Internet outages can prevent many processes from being accomplished.
• Health events can prevent people from coming to the office.

If you’ll take note, none of these are particularly predictable events, and there’s a limit to how much you can do to prevent some of them. This means you ultimately need to be prepared to deal with any of them efficiently and effectively—and, should something happen regardless of your preparations, to have a means of bouncing back into action.

That is the purpose of your disaster recovery plan. It allows you to react swiftly and appropriately in response to any event that could cause business disruption and downtime. As an additional bonus, it can help make these recovery processes less expensive. This is a real benefit when you’re also contending with the compounding costs of downtime.

Plus, many business compliance standards require such preparations to be in place, so designing a disaster recovery plan can assist you in meeting your business’ essential benchmarks.

What Does a Comprehensive Disaster Recovery Strategy Require?

Implementing a disaster recovery strategy requires several steps. First, your business must account for every potential risk it may face, conducting a risk assessment to evaluate the likelihood of each and then determining each risk's business impact.

Other key metrics to consider include your recovery time objective, which is how long your business can sustain downtime but still be able to recover, and your recovery point objective, which establishes how much data your business could theoretically lose before it fails (which informs you how far back you should go when saving backups).

We can assist your business in doing all this and more, helping them stay secure and productive even in the face of disaster. To learn more about disaster recovery and overall business continuity, give us a call at (604) 513-9428.

Involve Your Team

In a crisis event, you need to have your team at your side (even if they must physically stay home) and supporting you. Here are a few ways to encourage this:

• Keep your team in the loop. Make sure that everyone has the information that they should, as withholding as much as possible will only distract from the goals you are trying to accomplish and make effective communications more difficult. Of course, don’t share information that they shouldn’t hear.
• Set the tone. As much as you can, maintain control of the situation at hand and make sure everything that you need to complete is still completed. Your employees will probably follow your example, making progress and recovery much simpler.
• Trust who you’ve hired. There is a reason that you haven’t fired your employees: they can contribute to the business. Allow them to make these contributions, rather than taking on too much yourself.

Evaluate the Situation and Adjust

Of course, a disaster is going to require some deviation from your standard operating procedures. Considering this, you need to be prepared to do a few things:

• Take stock of your situation. Try to get a comprehensive understanding of how things have been impacted by the disaster, and what is likely to happen as a result. Once you do this, you will be more prepared to shift your strategy as need be.
• Make the hard calls ahead of time. As you are anticipating the future, figure out what you will need to do to potentially deal with your predicted scenario. Start with the smaller stuff, like how your business hours might be influenced, and move on to the major ones, like how long of a shutdown your business could survive.
• Adjust to continue operations. Use the technologies available today to figure out alternative methods of completing your usual workflows. Give remote work a try, or open an online store to sell merchandise.

Keep Your Chin Up

Finally, it is important that you and your team maintain a healthy frame of mind as you make these adjustments, never mind deal with a disaster’s other ramifications.

• Find some normal. Keep yourself grounded and thinking clearly by finding something that helps you disconnect from the influence of a disaster. This can be something as simple as a new hobby, fostering an animal in need, anything that keeps you occupied and engaged.
• Help. If you have any free time, spend it doing something that can help someone else, even if it’s just writing a card. Even the smallest gesture can make a big difference.
• Stay informed via reliable sources. With the low barrier for entry that today’s technology provides, it is too easy to find and share incorrect and inflammatory information out there, not to mention opportunistic scams. Make sure you only trust news sources with a lengthy and proven history of reliability… even if it doesn’t make you feel better, at least you’ll know the information is trustworthy.

A big part of what Coleman Technologies does as a managed service provider is to help make sure that our clients are able to use the tools we give them to make it through scenarios like this. Call (604) 513-9428 today to learn more about how we can help, and make sure you are staying safe.

First of all, it’s important not to panic. Many organizations have been offering work-from-home perks for years. Not only is it entirely possible to keep business running, but many businesses see a boost in productivity. A two-year Stanford study shows that in general, remote workers are as productive, if not more so, than those confined to an office.

Double Down on Good Communication Habits

Although we’re all supposed to be social-distancing ourselves to prevent our friends and loved ones from spreading and catching COVID-19, communication is still incredibly important. Managers and supervisors need to be kept in the loop from both sides: team members need to report up to them, and company updates need to be communicated downstream. Regularly scheduled department meetings and staff meetings should still all happen. Department heads should check in with their teams regularly.

Of course, business owners may get the intuition to check to make sure their staff is “on seat” and working, but if possible it’s better to show you trust your employees, and address problems with specific staff, have managers focus on them instead of the entire workforce as a whole.

Fortunately, there are plenty of applications available to make communication easier. These range from instant messaging tools like Google Hangouts and Slack, to video conferencing solutions like Zoom, Webex, and GoToMeeting. For businesses that utilize Microsoft 365, Microsoft Teams is a solution included with each license. G-Suite users can use Google Hangouts for group chatting and internal conferencing. Coleman Technologies can help you set any of these up with your staff.

One final thought: remember that many of your employees may be feeling pretty isolated, and even lonely. Keeping that structure with regular staff and department meetings can help keep people feeling connected.

Staff can Make and Receive Work Calls from Home

Beyond communicating internally, you’ll likely want your workforce managing the phones even from home. Fortunately, with many VoIP systems, this is relatively easy to do. Every VoIP solution is going to vary a little, but most offer the ability to make and receive business calls from any computer, laptop, or smartphone. It doesn’t require additional hardware (other than perhaps a good headset) and it gives your staff the ability to make calls from their work number instead of a personal one. 

They still get the same capabilities they would at the office: call recording, forwarding, voice mail, conferencing, and more. The key is they can handle it all from their personal device. Of course, traditional desktop phones and handsets are available too. On top of that, VoIP can often save a little money when compared to traditional phone systems.

If your business isn’t using VoIP, it’s time to consider making the switch. 

IT Security is More Important Than Ever

Let’s say you have 25 users and 25 workstations. You control those workstations; you have them monitored and maintained, and you have network policies pushed to them to prevent things from getting out of control. If those 25 users start working from home, suddenly you are contending with at least 25 endpoints that you don’t control. 

There are a lot of variables at play here. Who uses the computer at home? Are kids on it? Is it the family computer? What kind of security does it have? It’s impossible to say, but it’s more than likely things aren’t as sterile as they are at the office.

Secure Remote Access via a VPN
A VPN (Virtual Private Network) is one of the best ways to protect your company’s data, and it is useful in a lot of scenarios besides just working from home. A VPN allows users to remote into the work network securely from anywhere with Internet access. It encrypts the traffic so data sent to and from the office can’t be intercepted. The VPN also gives users access to all of the applications they would normally have while they are at work. 

Upgrade the Free and Consumer-Based Antivirus
Home antivirus solutions aren’t as hardened as centralized enterprise-level solutions. Sure, they do the trick when a family member picks something up while surfing the web, but if your business is trying to meet industry compliance standards, you’ll need something better suited.

You might want to consider extending your company antivirus to home systems that will be accessing the network. This may also include rolling out firewalls to ensure each user has the same security they would normally have while at the office. You’ll want to talk to the IT security experts at Coleman Technologies to determine what you really need to do.

Issue Out Company Hardware
You might even want to consider giving certain individuals (or your entire staff) work devices. This may sound like a drastic, costly move, but many organizations supply mobile employees with a laptop that the company controls and manages. We’ve seen organizations offer compensation if an employee buys their own personal device and allows the business to set it up like a work device.

This might not be a great option for the pandemic that we’re in the middle of, but something to consider for the future, if working remotely is something you want to offer for the long term.

Security Education is Critical
Your staff will still run into the same pitfalls at home as they would in the office. This includes spam and phishing attacks, poor password hygiene, and traditional user error. Make sure your workforce understands the threats out there and how to circumvent them. No amount of security infrastructure is going to stop a user from reusing a password or falling for a phishing email other than training, training, training.

This Pandemic Is a Disaster That Your Business Needs to Overcome

We talk about disaster recovery and business continuity all the time. We always use examples like floods and fires to represent a disaster, but COVID-19 fits the definition as well. It’s disrupting work and putting a huge strain on business in general. Business continuity is more important than ever.

It’s critical that you take preventative measures to minimize any additional risk to your business. That includes ensuring that your data is backed up and stored both onsite and offsite and is tested.  

In fact, being able to send your employees home to work is part of a solid business continuity plan. The whole idea behind a business continuity plan is to keep the lights on during any type of unforeseen disaster, and being able to walk away from it intact. 

Equipping your workforce with the tools and best practices to keep operations running is critical, and we are here to help. Give Coleman Technologies a call at (604) 513-9428 and ask how we can help equip your workforce to safely, securely, and effectively work remotely.

Cybersecurity is important. Scroll through a few pages of our blog and you’ll see article after article talking about threats and ways to make yourself and your business less vulnerable to cyberthreats. As an IT professional, however, I’d be so much happier if the state of the world didn’t require such a massive effort just to protect oneself and we could just talk about cool stuff you can do with modern technology all the time!

But alas, strong cybersecurity is crucial to virtually any organization, and it’s becoming even more important by the month.

You Can’t Flub Your Cybersecurity Awareness

Cybersecurity is something that you can’t just ignore. It’s not going to ignore you—cybercriminals target the people who think they aren’t a target in the first place.

Most businesses these days have at least some level of cybersecurity-based compliance regulations to meet and follow. Some can come from the state, some can come from the industry you are in, some apply based on the type of information you work with, and some can come directly from your business insurance provider. 

One of the biggest mistakes I see business owners and C-levels make is that they have overconfidence in their own cybersecurity. Most business owners are the least secure people I know (and I don’t mean that in an insulting way; CEOs and entrepreneurs, in general, are just wired to be efficient, and cybersecurity practices can feel like a big roadblock to efficiency.)

Heck, I lose sleep at night when I suspect that the owner of a company we work with refuses to use multi-factor authentication, but I catch myself longing to turn that feature off because of the extra couple of seconds it adds to getting into an account every day. 

The point is, even as a leader, you can’t skimp on security. In fact, you should be the shining example of it in your organization.

You Have to Know If You Are Compliant or Not

Depending on the regulations your organization needs to meet, you likely have a laundry list of tasks to check off quarterly or yearly. For many organizations, a part of that might include a regular penetration test.

A penetration test is a very specific set of tasks that involve an ethical hacker attempting to break into your business network using a variety of different ways. 

There are multiple phases that include reconnaissance, scanning for vulnerabilities and other weaknesses, getting in and attempting to steal, change or delete data, staying within the network undetected for a period of time, and looking for non-technical ways to exploit your organization, such as social engineering.

It’s not a small feat, and it’s far from the typical quick network audit or port sniffer scan and things that a technician might do to solve a problem or investigate an issue.

Don’t confuse the small stuff with a penetration test. I’ve talked to business owners in the past who were convinced their network was secure because a third-party ran some network audit tools that came back with devices that were out of date and fixed them. While that’s important to do, and something we do regularly, and maintain for our clients, it’s a long way from an actual penetration test.

Let’s Make Sense of Your Cybersecurity, Together

Protecting your business from modern-day threats and meeting regulatory requirements is a challenge if you try to do it by yourself. Let Coleman Technologies be your trusted IT partner and keep your business operating smoothly. Get started today by calling (604) 513-9428.

How to Minimize General Exposure in the Office

Based on what is currently known about the coronavirus, the Centers for Disease Control and Prevention have some recommendations as to how to keep the potential impact of coronavirus to a minimum:

• Encourage employees who are ill to stay home. This will help to minimize the spread of infection within your business. Make sure that your employees are aware of this policy by reiterating it verbally, and by posting notices around the office encouraging them to stay home if under the weather.
  
  Emphasize hygiene and etiquette. Properly stifling coughs and sneezes and keeping hands clean are surprisingly effective ways to keep your workplace healthier. Rather than using their hands to catch a cough or sneeze, your employees should use a tissue or--if unable to do so--use the upper part of their sleeve.
  
  The CDC recommends that tissues and alcohol-based hand sanitizer should be made readily available. Make sure your employees are washing their hands with soap and water for the recommended 20 seconds.
  
  

• Engage in keeping the workplace clean. There is a chance that coronavirus (and other illnesses) could be spread via infected surfaces. Make sure that all surfaces that are touched frequently, like desks, workstations, and doorknobs, are kept sanitized. Provide your employees with disposable wipes so they can proactively disinfect these surfaces before use.

If you find that one of your employees is confirmed to have been infected with coronavirus, make sure that you inform their coworkers of their possible exposure while still maintaining the confidentiality that the Americans with Disabilities Act requires. These employees and those who are living with a sick family member should assess their risk of exposure using the CDC’s guidelines.

Coronavirus as a Cyberthreat

Unfortunately, coronavirus will also require you to also keep an eye on your network security, particularly if you operate within the healthcare industry. Hackers and cybercriminals have taken advantage of the widespread concern that the disease has caused. For example:

• Scammers have phished healthcare providers with updates that appear to have come from the World Health Organization or hospitals local to their area, but actually introduce keyloggers into their systems.
• Those involved in the medical supply chain have been targeted with emails referencing the coronavirus that install malware to steal information.
• Ransomware has been introduced into consumer systems by promising recipients of an email information about COVID-19’s spread.

While the current climate may not make it easy, these emails and other threat vectors can be overcome through the same best practices that foil other cyberthreats. In addition to comprehensive digital protections, training your employees to spot these threats will be crucial.

Of course, you should also maintain a comprehensive backup in case you need to recover from a successful attack.

How to Maintain Productivity with Your Team at Home

With today’s technology, sending an employee home sick doesn’t necessarily mean that you will be sacrificing that employee’s productivity. We now have many ways that your team can work effectively from home, still contributing to your organizational agenda without exposing their coworkers to their illness.

Equipping Your Employees

Remote access solutions, paired with virtual private networking technology, can allow your employees to securely continue their work from home, safely accessing the applications and data their tasks require through an encrypted connection. As collaboration will certainly be necessary, you will want to be sure that your employees are also equipped with the communication tools that facilitate this collaboration as well.

Network Protections

You will also want to thoroughly secure your network infrastructure to help prevent threats like phishing attacks and other methods from being successful… as well as preparing for a potential breach or emergency with data backups and disaster recovery policies and procedures (including contact information for your employees) to help mitigate a worst-case scenario.

Employee Awareness

Finally, make sure your employees are on the lookout for any suspicious activity that could be a cybercriminal’s attempt at using the coronavirus as a means to an end. Not only should your employees know how to spot these attempts; they should also know the proper procedures for reporting and handling them.

Is the coronavirus scary? At this point, it is safe to say that it is, but does it have to interrupt your business operations entirely? Not if you are properly prepared.

For more assistance in preparing your business for any kind of disaster, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.

What is COVID-19?

COVID-19, better known as coronavirus, is a respiratory illness that first appeared in Wuhan, China, and was reported in the United States on January 21st, 2020.

As of March 3rd, 12 states have reported 60 total cases of coronavirus and six confirmed deaths, with no vaccines or specific antiviral treatments for the illness. Symptoms of the virus include fever, shortness of breath, and a cough, while those with complications from the virus can experience pneumonia in both lungs, failure of multiple organs, and death. 

A popular automotive dealership software platform has recently become the target of a cyberattack, resulting in the solution going down for several days. Any business that has a solution it relies on can sympathize with the situation. After all, if you lose access to your critical business apps for several days, would your operations be able to recover?

Let’s dive into the situation.

CDK Global Outage Takes Down 15,000 Car Dealerships

Most businesses have specific solutions that they rely on to keep operations efficient, and car dealerships are no exception. While various platforms are available, moving from one to another can be costly and time-consuming, making a last-minute pivot next to impossible without a serious financial burden. It involves data migration, system implementation, inventory configuration, and user training.

These platforms are essential for operations, and each industry will utilize them differently. Some might use them for payroll, customer relationship management, inventory management, financial management, marketing, and so on. CDK Global is one of these solutions but for the automotive industry. 1 in 5 car dealerships in the US rely on it.

This outage started on Wednesday, June 19th, bringing down CDK’s systems for hours. On Thursday, yet another cybersecurity incident occurred. As of this writing, most of 15,000 dealerships had their systems restored, in line with a memo issued by CDK that the systems were unlikely to be restored before the end of June. 

Before the restoration, however, it was recommended that dealerships plan to adopt other software for their month-end financial closing processes in the short term.

As you can imagine, this was not an easy task for the car dealerships who rely on this software.

Dealerships Couldn’t Operate, and People Can't Register Cars

If you were a customer ready to pull the trigger on a new vehicle purchase, you’d be disappointed when only one of the five dealerships you visit can help. It’s also problematic if you cannot legally drive it. CDK Global’s software can help car dealerships register cars with the state. Still, depending on state laws, new customers must make an appointment with their local motor vehicle department to legally drive their car home.

Let’s be realistic: no one likes going to the Department of Motor Vehicles, regardless of how quickly or slowly the line moves. The fact that this outage forces customers to engage in this way is not good for CDK users.

Whose Fault is This, Really?

It’s easy to think that CDK Global is at fault, but it’s not necessarily the case (at least as of this writing). While it’s been severe enough to force most car dealerships to work on pen and paper, it’s important to note that cybersecurity issues are an inevitability.

There are ways to prepare for such attacks, but there is always a risk, however miniscule it might be. Even organizations that are well-prepared to handle cybersecurity threats can fall victim to them. What you can do, however, is judge how they respond to such attacks.

Here are some lessons that businesses can learn from this incident.

1. Cyberattacks can have a massive impact on your business and the lives of those you work with.
2. Cyberattacks can happen to literally any organization, large or small.
3. Proper preparation and proactive prevention can minimize the risk of a cyberattack and reduce the impact.
4. Communication during a cybersecurity incident is critical!

If your business relies on specific applications, then it’s time to consider what would happen if those applications were suddenly unavailable. It’s better to be prepared for the worst and never experience it than to be unprepared.

If cybersecurity concerns you, we’ve got your back. Coleman Technologies offers security solutions for your business. Call us at (604) 513-9428 to learn more.