Coleman Technologies Blog

Technology is central to most businesses, which means that security is, by proxy, central to them as well. With cyberattacks on the rise, it’s more important than ever for you and your employees to be on the same page regarding cybersecurity. Today, we are looking at four ways you can ensure sound cybersecurity practices that even the most belligerent employees can follow… with the right support in place.

Strong, Unique Passwords Coupled with Two-Factor Authentication

Passwords are your first line against hackers, so guaranteeing their quality is important.

You should have each of your employees utilize strong, unique passwords for each account. Password managers can make them easier to use, as you won’t have to create or remember them all. These credentials can be securely stored in an encrypted vault, only pulled when they’re needed.

Additionally, we recommend using multi-factor authentication whenever possible for the additional layers of security it provides.

Regular Testing Versus Scams and Phishing Attempts

Phishing scams are out of control, so you need to know how to respond to them.

These scams often come via email, text, or fake websites, and they can be strikingly legitimate-looking. You should never click on a link or download an attachment from an unverified sender. You can hover over links to ensure that they go to where you expect them to, and you want to ensure that any website or payment portal asking for sensitive information is encrypted for your protection by checking for “https” in the URL.

We recommend testing your employees periodically to ensure that they know what to look for in a phishing message and how to report it.

Up-to-Date Software and Devices

Outdated software and devices are a disaster waiting to happen.

Patches and updates are required to ensure that your devices are as secure as possible. These patches and updates address vulnerabilities and bugs found in your solutions, effectively fixing them so that hackers can’t exploit them against you. We recommend that you implement automatic updates so that you don’t have to worry about the manual effort of deploying them to each of your devices.

Bonus tip: strive to deploy these remotely, as well, so it takes the least amount of time and effort possible on your tech’s part.

Virtual Private Networks

Public wireless connections are sketchy, so whenever possible, take extra precautions when using them.

A virtual private network, or VPN, offers an encrypted connection for your sensitive information and data. It effectively masks your Internet traffic so that any onlookers can’t intercept data while it’s in transit. A VPN can mask your location and encrypt online activities so that you can safely and securely work wherever your duties take you.

For more information about how to keep your business safe, be sure to contact Coleman Technologies at (604) 513-9428.

Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

You Too Can Steal Passwords to Almost Any Type of Account

All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.

Learn a Little Bit About the Victim

We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.

Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.

Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.

From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.

Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.

Use Software to Crack the Code

This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.

Alternatively, Just Trick the User

No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.

All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.

Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.

Always Remain Vigilant to Cybercrime

Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. Coleman Technologies can help you stay ahead of hackers! Call us today at (604) 513-9428 to learn more.

Multi-factor authentication is great when it works, but when it doesn’t, it can leave you in a pretty difficult situation. After all, what happens when all of a sudden, you cannot access your secondary authentication methods? We’re here to help you bypass this particularly challenging and frustrating scenario.

First, let’s look at how and why you might accidentally get locked out of your MFA methods.

How Might You Get Locked Out of Your MFA Solution?

Multi-factor authentication works by shoring up the problematic password and augmenting it with other, secondary methods of authentication that are more secure. The logic is simple; two keys for a single lock is more effective than one. You might use a password and a fingerprint scan, or a password and a USB key. Here is a brief rundown of various MFA methods:

• Something you know: A password, passphrase, or a PIN.
• Something you have: Something you own or have in your possession is required to access the account, like a key card, smartphone, or hardware-based security key.
• Something you are: Think biometrics, a fingerprint, or retina scan—something to confirm your identity.

By requiring more than just one form of authentication, it becomes much more difficult for an attacker to get into an account.

Of course, requiring two keys also means that if you lose one of them or forget one of them, you cannot access your account, leading to the exact opposite problem of hackers infiltrating your account.

Potential Solutions to Your Dilemma

Rather than give up immediately and start over, let’s consider two paths you might be able to use to gain access to your locked account.

You might be logged in elsewhere.
Most services and applications using MFA will have a website and an app, and chances are at least one of them will still have you logged in, if you’re like most individuals who dislike the hassle of logging into your account every time you have to use it. You can sometimes check the settings to discover an option that will let you temporarily disable two-factor authentication. You will probably have to provide the password, so make sure you don’t accidentally log out until you have finally gotten control of your account again.

Customer support might help.
Customer support might not be the most ideal solution to your problems, but it’s an effective one. Simply put, you never know what’s possible until you ask about what is possible. There might be a simple way you can get back into your account. If there isn’t, there might still be a way too, but it could take up to a couple of days before it takes effect.

Really, the best way to address this issue is to not find yourself in it in the first place. If you have to open a new account just to get around this frustration, make sure you contact the vendor to disable the old account so that no one can take advantage of the old one.

What Other Options Do You Have?

Most modern MFA tools have contingency plans built into them specifically for situations like these. One way is to set up multiple methods of secondary authentication, like having secondary phone numbers, email addresses, or biometrics in place, providing you with more ways to get into your account should you lose access to one of them.

Many MFA platforms also provide users with recovery keys or backup codes that you can use to communicate with the MFA platform, further guaranteeing that you are the designated user. If you generate one of these codes, you’ll want to ensure that it is protected in a safe place, preferably one with encryption.

If you go the security key route, you should consider getting a second key as well, just in case. Some services enable you to get multiple keys tied to your account specifically because they understand how easy it is to lose something important like this. Plus, if you ever upgrade your key, you’ll have the old one to use as a backup.

Let’s Make Sure Your IT Works

One of our big responsibilities as a managed service provider is making sure you get the value you expect out of your technology, which includes accessing your resources and accounts as needed. We can help you ensure that you are always connected to what makes your business run. To learn more, reach out to us at (604) 513-9428.

Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.

For passwords, it also helps to know what is ineffective in addition to what is effective.

What Does a Bad Password Look Like?

A bad password is, to an extent, always going to be a bad password because passwords are not generally good for account security. While they are certainly better than nothing, they are far from the best way to protect an account, despite being the most popular and most common methods of doing so.

It’s remarkably easy to create a bad password, as well as have bad password practices. Whether it’s a case of the password not being complex enough or too easy to guess, or if it’s used for more than one account, they repeatedly hold businesses and individuals back from achieving the level of cybersecurity they need and deserve.

To help you better leverage good passwords, we’ve put together a list of things you’ll want to do to make them better and stronger.

What Does a Good Password Look Like?

Here are some best practices for password use and creation.

Don’t Repeat Your Passwords
If you use your password for multiple accounts, then all it takes is one of them falling victim to a data breach or phishing attack for all of them to be exposed in the same way. You should be using different, complex passwords for each of your accounts with no repeating passwords.

Always Make Them Complex
Complex passwords are easy to remember, but difficult to guess, which is easier in theory than it is in practice. You can make it much easier through the use of a passphrase rather than a password. Your passphrase should be a random string of words that utilize upper and lower-case letters, numbers, and symbols.

Don’t Use Personal Details
Personal details have no place in passwords for two main reasons: it makes them easier to guess for hackers, if the information is something that they can find publicly on the Internet or on social media, and it places more danger on you in the event that the password is compromised.

Use a Password Manager
To remember all of your complex passwords is impossible, so we recommend using a password manager to help secure them all. A password manager uses one master password to call upon a secure vault of passwords when they are needed. It’s the best way to use passwords without putting yourself at risk.

How are Your Password and Cybersecurity Practices?

If you could use a hand crafting better passwords or protecting your infrastructure, Coleman Technologies has got you covered. To learn more, call us at (604) 513-9428.

Fortunately, there is: password management systems.

What Are Password Management Systems?

A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.

These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.

What to Look for from a Password Manager

During your search, you will want to make sure your chosen password management system offers the following features:

Security

While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.

These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.

It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.

As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.

Storage Considerations

Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.

If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.

Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.

User Friendliness

As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.

Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.

Safeguarding your online accounts is an important part of maintaining network security. With the increasing number of cyber threats, relying on strong, unique passwords is no longer optional—it's a necessity. Remembering complex passwords for numerous accounts can be challenging, however. This is where password managers come in handy, offering a secure and convenient solution to managing your credentials.

The Password Predicament

Let's face it: everyone has multiple online accounts, from social media platforms to banking websites, each requiring a unique login and password combination. Many people, therefore, tend to create and depend on simple, easy-to-remember passwords or even reuse the same password across multiple accounts. Unfortunately, this is how people get hacked. 

Cybercriminals employ techniques to exploit weak passwords, such as brute force attacks and phishing schemes. Once they access one account, they can potentially compromise others, leading to identity theft and other serious consequences.

Enter the Password Manager

Password managers offer a robust solution to the password predicament by generating, storing, and populating complex passwords for all of your accounts. Here's how they work:

• Password generation - A password manager can generate strong, random passwords consisting of a mix of letters, numbers, and symbols, making them highly resistant to hacking attempts.
• Secure storage - Your passwords are encrypted and stored in a secure vault, accessible only through a master password or biometric authentication. This means you only need to remember one strong password to access all your other credentials.
• Auto-fill functionality - Password managers seamlessly integrate with your web browser and mobile apps, automatically filling in your login details when you visit a website or launch an application.
• Syncing on multiple devices - Modern password managers sync your passwords across multiple devices, ensuring you have access to your credentials whenever and wherever you need them.

Benefits of Using a Password Manager

Password managers have a series of benefits that they present to users. 

• Enhanced security - Password managers significantly reduce the risk of unauthorized access to accounts by generating and storing complex passwords.
• Convenience - With auto-fill functionality, you no longer need to remember or manually type out your passwords, saving you time and frustration.
• Improved password hygiene - Password managers encourage the use of unique passwords for each account, eliminating the temptation to reuse passwords or use weak variations.
• Peace of mind - Knowing that your online accounts are protected by strong, unique passwords provides peace of mind, allowing you to browse the internet confidently.

If you would like help choosing an effective password management platform for your business, give the knowledgeable IT consultants at Coleman Technologies a call today at (604) 513-9428. 

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.

How Hygienic are Your Passwords?

With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:

• Personal details, like your name or birthday
• Names of friends, family, or most infamously, your pets
• Commonly used words (like “password” or a favorite sports team)
• Simple keyboard patterns (like “12345” or “qwerty”)
• Repeated login credentials (like username: David1973, password: David1973)
• Making their passwords as short as possible

Now, before you zip away and try to figure out new passwords for all of the accounts that have these kinds of passwords protecting them, let’s take a few more moments to figure out how to actually come up with ones that will be secure.

To begin, let’s consider some “best practices” that should no longer be described as “best.”

Some Less-than-Best Practices

According to NIST (also known as the National Institute of Standards and Technology), the following practices aren’t all that effective any longer when it comes to secure password creation.

• Alphanumeric Switching: So, we all (should) know that something like “password” isn’t nearly secure enough to be used as a password. As a result, many users would use “p455wO2d” instead, changing letters to numerals and occasionally playing fast and loose with their capitalization. While this isn’t always a bad strategy, using such a common password still makes it far less secure than it needs to be.
• Length Requirements: It’s likely that you have encountered this as well, as a program has kicked back your chosen password while announcing that “it is too short/long for its eight-to-ten character limit.” According to NIST, these antiquated requirements literally short-change security, as longer passwords or passphrases are more difficult to crack but easier to remember than the short jumbles of random characters.
• Banning Cut and Paste: For some reason, many username and password fields don’t allow content to be cut and pasted into them, almost as if the prospect of typing out someone’s account details will stop a hacker in their tracks. This also makes the use of password managers, a hugely useful tool in maintaining good password practices, less available. So long as they are used properly, password managers should always be encouraged, as they enable a user to store and use multiple passwords while only really remembering one.
• Password Hints: We’ve all been asked to set hints for our passwords before, just in case we forget them. You know the ones: “Where did you graduate from high school?” or “What was your first pet’s name?” The trouble with these questions is simple: our online habits make this kind of information easy enough to find online, especially with social media encouraging us to share pictures of our pets, or announcing that we’re attending the “Educational Institution’s Class of Whatever Year’s Something-th Reunion.” Instead of relying on these hints, combine multiple forms of authentication to both offer additional means of confirming your identity and better secure your account.
• Frequent Password Changes: Considering how many passwords we're all supposed to remember, it only makes sense that users would fight back against frequent password updates by only changing a single detail about it and calling it changed. For instance, let’s return to David1973 for a moment. If this user were forced to change his password too often, it is likely that he would resort to simply adding an easy-to-remember (and guess) detail. Maybe this is the fifth time that David1973 has been told to change his password, so while his password started as “David1973,” it progressed to “2David1973” to “3David1973” and so on to “5David1973.” Of course, we aren’t arguing that passwords should never be changed, but make sure that these changes aren’t actually counterproductive.

How to Create a Secure Password

Rather than using a password, per se, we recommend that you instead use a passphrase. Let’s use a quote by author Elbert Hubbard as our example: “Positive anything is better than negative nothing.” 

Of course, this is a mouthful to type, in a manner of speaking, so it might make sense to use some alphanumeric switching to help abbreviate it into a complex phrase that is still easy to remember.

Doing so, “positiveanythingisbetterthannegativenothing” becomes “p0$!tiV3NE+hg>-tiV3_+hg”.

Then, if you use this password as the master access code for a password manager, the rest of your passwords/passphrases could foreseeably be randomly generated, increasing your overall security even further. To make your password manager even more secure, you should really devise your own complex phrase, rather than steal one from an author.

You never know, some enterprising cybercriminal might be a big fan of Hubbard’s works, too.

For more advice and assistance to help you make your passwords and accounts as secure as possible, reach out to Coleman Technologies by calling (604) 513-9428 today!