Coleman Technologies Blog

Spam Inundation

If you've been using email for a while either professionally or personally you have almost certainly gotten email from people you don't know. Most of these emails are blatantly unwanted while others can look 'almost' legit, as if a real person is trying to contact you. Often (and unfortunately) spammers can get your email address when you put it online or use it to register for accounts on sites on the internet. The good news is standard spam protection is getting better these days, and more advanced spam protection is cost effective for businesses that need the extra layer of protection. Spam can cause a lot of harm for a business network if it isn't kept under control - spam can bog down email servers and eat up network bandwidth and plus it drastically slows down employee productivity because they need to sift through it all just to find their real email. If you and your staff are getting more than a few spam emails a day, contact us at (604) 513-9428 and ask about our anti-spam solutions.

Don't Open Attachments from Unsolicited Emails

This has been a golden rule for general email usage for a very long time. If you received an email from a stranger and there is an attachment, don't touch it. If you receive an email from a contact and there is an attachment, but anything is suspicious, don't touch it. This goes the same for links - if the email was unexpected and just seems fishy, it is possible your contact's email may have been compromised. Use your judgment on this, but remember it isn't your contact trying to trick you, they are merely the victim of a similar hoax from one of their contacts. If you have any doubt, simply reply or pick up the phone and ask them about it before continuing.

Keep your Computer Safe

Be sure to keep antivirus definitions up to date, and run scans regularly. Running adware and spyware removal software at regular intervals is important too. Be sure your Windows Updates are up to date as well. For businesses, you'll want to invest in network protection to keep external threats from leaking in. Even for small British Columbia businesses, security and threat management is important to keep operations running smoothly and to prevent expensive downtime and data theft.

Don't Rely on Email for Storage

Everyone has done this at least once; you are working on a report or document on one computer and you email it to yourself in order to pull it up on another computer. That's fine as long as you mind your inbox capacity, but you shouldn't rely on email for storing files, not even as a reliable backup. Imagine having to painstakingly pick through all of your email to restore your most important files. It doesn't sound like a good idea now, does it? On top of that, email isn't any less prone to data corruption or loss than any typical storage solution, and unless the server hosting your email is backed up with a reliable solution, it could be here today and gone the next.

Encrypt Sensitive Data

If you send sensitive data to other recipients, you will want to consider email encryption. Some industries require this. Email encryption simply scrambles the message while it is being sent, and depending on what type of encryption, will descramble itself or allow your recipient to log in to a secure location to view the data. Although email encryption services vary, most of them are very cost effected especially when put beside the risks of sensitive data getting leaked and stolen. Give us a call at (604) 513-9428 to learn more about email encryption and what solution is right for your business needs.

What is Encryption?
Encryption is a security measure meant to thwart any would-be hackers from using your stolen data to further their ambitions. Think about it like this; without encryption, hackers would gain access to your files, plain as day. Encryption provides a measure that keeps hackers from using your organization’s data even if they were to gain access to it. It essentially scrambles data to everyone who doesn’t have the decryption key, rendering it useless.

One particular technology that uses encryption to a considerable degree is a virtual private network, or VPN. A VPN can connect your employees to your infrastructure regardless of their location in a secure way. Think of it like this; the connection between your employee’s device and your network is normally a clear tube that can be observed by anyone ambitious enough to look for it. Rather than leave it as is, encryption makes the tube opaque--enough to obscure what’s inside so it’s not quite clear for any unwanted onlookers.

Why is it Important?
You can imagine the immense importance of encryption in today’s data-oriented business world. If you’re not taking every measure possible to secure your data, you could be making a huge mistake. Encryption in particular is important for assuming the absolute worst. You can never know when your data will be stolen, so it’s best to take preventative measures to ensure that it will cause a minimal amount of damage should it occur. If your encrypted data is stolen, it will simply be unusable without spending far too much effort to get the data into a readable state.

Coleman Technologies can equip your business with encryption services that you can count on to keep your data as safe as can be. To learn more, reach out to us at (604) 513-9428.

That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.

To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.

Your Security and Privacy Options

From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.

Verify the Accuracy of Your General Account Settings

Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.

Find Out Where You’ve Used Facebook with Security and Login

On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.

If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.

Change Your Password

While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.

Remember, you should never use a password for more than one online account.

Using Two-Factor Authentication

After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started. 

You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.

Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next. 

Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.

If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.

Add a Backup

Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.

Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.

Setting Up Extra Security

Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.

You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.

Stay tuned for part three of this series, coming soon.

When hackers steal data, they don't just sit on it. Sometimes they delete it, but most of the time, they sell it or use it for illegal activities. A lot of this stolen data ends up on the Dark Web, a hidden part of the Internet where people do shady things. That's why it's so important to keep an eye on the Dark Web to protect your business.

What is the Dark Web?

The Dark Web is like the hidden back alley of the Internet, where illegal activities happen without much oversight. Things that would normally get removed from the regular Internet, like selling stolen information, drugs, weapons, and even worse things, can be found there.

To access the Dark Web, you need special tools like the Tor browser or specific permissions. Websites on the Dark Web are encrypted, meaning they can hide users' locations and identities, which makes it harder to track who is doing what.

How Does Your Data End Up on the Dark Web?

The most common way your data gets to the Dark Web is through data breaches. Hackers break into systems and steal personal or business data, then sell it to make money.

Even if you're careful, your data could still be at risk if companies or websites you use get hacked. If you've ever signed up for a service or shopped online, your personal information might already be on the Dark Web, waiting to be misused.

If your business data—like passwords, credit card info, or customer details—gets leaked, it can lead to serious problems, like identity theft or financial fraud.

Why Dark Web Monitoring is Important

To stay safe, businesses should regularly check the Dark Web to see if their data has been leaked.

If your information is on the Dark Web, criminals could use it to break into your accounts or steal your identity. With monitoring tools, businesses can quickly find out if their data has been exposed and take action to protect themselves—like changing passwords or improving security.

But checking the Dark Web yourself isn't a good idea. It's better to let cybersecurity professionals handle it. At Coleman Technologies, we can monitor the Dark Web for your business and help you take the right steps to stay safe. Call us at (604) 513-9428 to learn more.

We all know companies collect a lot of data. After all, your business is no exception to this rule, and you likely collect significant consumer data to facilitate operations. But if you get the itch to protect your personal privacy (and you should), there are ways to limit how much advertisers, criminals, and other companies can gain access to. Here are just a couple of ways.

Actually Read the Privacy Policies and Reports

Apps and websites take in a lot of data, but you have more control over it than you think.

For example, scroll to the Data Collection section of any website’s privacy policy. You’ll see notes for what data the app or service collects, how the company stores it, and how it uses that information. App stores also contain information that can shed some light on how they use your data, so take note of that whenever you download a new app (and be sure to check the permissions too while you’re at it!).

Depending on the country and regulations associated, companies may have to email you notifications about policy changes and security issues, so pay attention and be your own advocate for data privacy.

Opt Out of Data Collection

Some companies have begun to use customer data to train generative AI tools, which doesn’t sit well with consumers.

We recommend that you do what you can to limit data collection whenever and wherever possible. Oftentimes you’ll find information on data removal in your user settings, as is the case with most platforms that use generative AI in some way. If you can significantly reduce the number of apps and services that use your data in this way, you’ll be in a lot better shape.

After all, you don’t know what the data is used for unless the company explicitly tells you.

Give Them Bad Data

Have you ever looked at a sign-up form for an app or website and wondered, “Why do I need to give them this information?”

For some apps, certain information might be needed, like your name, email, or date of birth. Other times, the website or app might ask for completely irrelevant data that does not affect how you use the service. In cases like this, there’s no reason to offer the information, and it would be foolish to do so without knowing why the data is collected.

You’re also free to not accept cookies on many websites, despite those increasingly large banners that claim otherwise.

Ready to Take Security More Seriously?

The big reason to be aware of personal data privacy and security: you’ll be more likely to protect that of your customers.

We know security is a nightmare to handle logistically, which is why we do all the heavy lifting for businesses just like yours. With Coleman Technologies, you can know your business will always be doing what it can to stave off attacks against its consumers’ privacy.

To learn more, call us at (604) 513-9428.

The GDPR

Prior to the implementation of GDPR, individual data privacy was mostly left up to the individual. In non-EU circles, this is still mostly the case, but GDPR has made issues related to this much more noticeable, such as the way this personal information can be used for corporate financial gain. GDPR was a response to these organizations failing to properly utilize user data. This included people having their personal information like names, addresses, email addresses, and even medical/financial information being utilized by advertising companies or worse. The largest corporate technology companies were using the data of individuals to turn a massive profit--a practice that seemed to be unfair to consumers.

EU member states have been legislating their own data protection laws prior to the establishment of GDPR. The United States has yet to jump on board this trend, though. With GDPR, organizations are seeing themselves as members of the global economy with strict new guidelines to adhere to. The GDPR is essentially an amalgamation of the laws that had previously existed, requiring all businesses to report certain types of personal data breaches within 72 hours to a supervised authority mandated by EU member nations.

This case was a landmark in that businesses were forced to remain more cognizant of how important data management is for the people who take advantage of their services. Before GDPR, many organizations failed to protect the data of their customers, staff, and vendors. In a way, GDPR forced them to begin thinking about data management, training staff, and investing in security.

One Year In

The results of GDPR have been mixed, to say the least. Over 59,000 personal data breaches have been identified by companies notifying regulators. The sanctions for failing to comply with GDPR mandates carry fines of up to €20 million, or up to 4 percent of total revenue from the previous year (whichever is larger), leading to a more targeted and strategic approach to data security, as well as more prompt reporting of when data breaches occur. To take a look at the results the GDPR had in its first eight months, download the DLA Piper GDPR data breach survey, here.

Overall, the GDPR provided a substantial boost to data breach reporting speed. The mandate gave organizations up to 72 hours to notify breached parties, so there were fewer instances of breaches going years before being revealed to the general public. The GDPR has also resulted in nearly doubling the amount of reported incidents.

The fines resulting in these breaches being reported, however, is considerable to say the least. Fines totaling up to €55,955,871 have been levied against the companies responsible for the 59,000 reported incidents, with most of this being struck against Google. A French GDPR calls this year as more of a transitional phase rather than an indicator of the long-term effectiveness of the measure.

Effects Abroad

U.S. companies that do business in Europe aren’t safe from the measures initiated by GDPR, but organizations have started to change up their approach to data privacy. Many legislators are pushing for similar measures to GDPR, and CEOs like Apple’s Tim Cook have labeled data privacy a “fundamental human right.”

Unfortunately, this viewpoint seems to be in the minority of major American tech company leaders. Still, this hasn’t stopped states like California from implementing its own data privacy law. Other states like Colorado, Massachusetts, and Ohio were inspired to pass their own data privacy laws. Perhaps the federal government will consider acting to fill in the holes left by these data privacy laws.

What are your thoughts on GDPR and data privacy regulations? Let us know in the comments.

As technology continues to gain prominence in healthcare, it plays an increasingly vital role. Advancements in technology have allowed the healthcare industry to stabilize costs, improve access, and personalize care delivery—objectives that were challenging in the past. These benefits come with a potential downside: data privacy issues, which are becoming more concerning as technology advances.

How Technology Drives Healthcare

Technology hasn't just updated outdated systems and methods of care delivery—it has also brought about several significant improvements, streamlined the process between pharmacies, doctors, and insurance companies, enabling patients to obtain necessary prior authorizations more efficiently.

• Smarter medical devices - The widespread adoption of electronic medical records (EMRs) in doctors' offices and hospitals allows for secure, cloud-based record sharing, leading to higher quality care.
• Better predictive capabilities - Enhanced technology enables healthcare organizations to predict and manage outbreaks of contagious diseases before they escalate.

Data Privacy Challenges

Despite the advancements in technology, data privacy remains a critical concern. The sensitive nature of personal health information (PHI) and the growing threat of cybersecurity breaches make this issue particularly pressing. Healthcare providers need to keep software updated, as cybercriminals can take advantage of weaknesses before updates are fully implemented. While there is much to be excited about in healthcare technology, these advancements come with inherent risks.

To combat these challenges, healthcare organizations are heavily investing in cybersecurity.

Upgrading to newer, more secure systems is crucial for preventing security breaches. With robust security measures in place, healthcare technology can reach its full potential. Additionally, initiatives like the U.S. Food and Drug Administration’s (FDA) push to establish clear guidelines for cybersecurity in healthcare systems emphasize the importance of protecting sensitive data in an increasingly digital world.

Emerging technologies such as blockchain and AI also offer promising avenues for enhancing PHI security. However, the effectiveness of these innovations will depend on the level of investment organizations are willing to make.

If your medical practice needs help with their technology, our technicians can take a look. Give us a call at (604) 513-9428 to get started. 

While we wish we could show you how to really accomplish true privacy on Facebook, the only way to actually reach that threshold would require you to have never signed up in the first place. This doesn’t mean, of course, that there is nothing that you can do now to protect your information - sharing more cognizantly and keeping it within circles you trust.

A Few of Facebook’s Issues

Like we said, Facebook has seen some pretty egregious security issues during its time. While we aren’t going to go too far into the weeds with these events, a quick summary might help to illustrate how careful users should really be as they use the platform:

• In 2007, Facebook introduced a feature that would allow companies to track purchases made by users and notify their friends of what they had purchased… without requiring any consent from the user.
• In 2011, the FTC charged Facebook for allowing private user information to be accessed by third parties, making this private information public without any notification.
• In 2013, Facebook introduced a Donate button that would allow users to make charitable contributions to such organizations. Unfortunately, a bug in the code allowed the email addresses and phone numbers of over six million users to be leaked.
• In 2014, Facebook actively experimented upon their users, testing their ability to manipulate their emotional states with the content the user is exposed to. Depressing content was prioritized to see if they could elicit depressed feelings. As it turns out, they can.
• In 2015, Facebook took action to assuage their users’ concern for their privacy, and rolled back the access that apps had to user data… but one has to wonder, just how much were applications privy to before this rollback?
• In 2018, Facebook suffered a massive data breach, losing the data of 50 million users. In response, Facebook did nothing… that is, until their reputation started to suffer. It was only then that they responded to the underlying issues.

Unfortunately, concerning events like these happen far too regularly to Facebook. There just seems to be difficulty in keeping their user data secure. This is why you need to pay particular attention to the settings on your own Facebook profile. Let’s go over how your information can most effectively be protected by ensuring these settings are configured properly.

Configuring Your Facebook Privacy Options

On your desktop, log in to your Facebook account. At the top-right of the page, there will be a small down arrow. Click it to access a menu, then click Settings.

You will be brought to another page, with Privacy in your list of options. Click into it.

From here, you can set your privacy options that restrict who has access to your information. For example:

Public - Setting your privacy to public is effectively turning off your privacy options. Not only can all other Facebook users potentially see your profile, even people who aren’t signed in could access it. Hypothetically, this means that the search engines could find you are well.

Friends - This setting restricts viewing privileges to only your confirmed Facebook friends.

Friends except… - If there are particular friends or members of a particular group who shouldn’t see certain information, you can prevent them from seeing this on their Facebook.

Only me - This means that (outside of Facebook) you are the only person with access to what you have posted. Just to be safe, we recommend that you still refrain from sharing anything that you wouldn’t be comfortable sharing publicly.

You also have the ability to choose the audience for each individual post. While this may give the impression of improved control over your privacy, the biggest threat to your Facebook security is probably Facebook itself.

Of course, that doesn’t mean that you aren’t given plenty of privacy options to play with. Let’s go over some of them now:

Who can see your future posts? This setting establishes a default privacy setting for the content you post on Facebook in the future. This helps insulate you from sharing content out to those who shouldn’t see it.

Review all your posts and things you’re tagged in. By using the Activity Log, you can review the entirety of your timeline and manage the permission settings of past posts. You can also review posts you have been tagged in from here.

Limit the audience for posts you’ve shared with friends of friends or Public. This is a semi-nuclear option when it comes to locking down what you’ve posted in the past. By clicking Limit Past Posts, you can change all of what you posted publicly or to friends of your friends to only be accessible to those on your Friends list. Fair warning - Facebook doesn’t provide any way to revert this, so you would have to go through your posts by hand to change them back if you so wished.

Who can send you friend requests? Depending on your preference, you have the option of picking between Everyone or Friends of friends. Unlike many of the other settings on this list, leaving this set to Everyone is probably okay.

Who can see your friends list? On the other hand, there is no reason that the rest of the world needs to see who you are connected with on Facebook. Setting this to Only me will keep this information between you and Facebook, nobody else.

Who can look you up using the email address you provided? Do you want someone who has your email to be able to find you on Facebook using it? Most likely not - so restricting this to Friends or Only me is probably in your best interest.

Who can look you up using the phone number you provided? Again, it’s really your call whether or not to allow Facebook users to find you via your phone number, but it really isn’t that necessary. You’re fine setting this to Friends or Only me.

Do you want search engines outside of Facebook to link to your profile? This one really depends on your situation. Facebook can work to prevent the assorted search engines out there, including Google and Bing, from indexing your profile (allowing searchers to find it). Most people will likely want to switch this off, but if your personal brand is part of your business, it makes more sense to turn this option to Yes.

Dictating What Others Can Do On Your Personal Facebook Profile

We all have embarrassing friends, and so you may want to avoid having them be able to freely post content to your wall - for instance, your college buddy Greg seems to have no problem with sharing candids from the good ol’ days… and tagging you in them.

Potential situations like this make it all the better that Facebook gives you control over who can post to your timeline, and who can see this content. You can access your many options to do so by clicking into Timeline and Tagging (which can be found on the left side of your Settings).

Who can post on your timeline? Naturally, you will definitely want to put a limit on this, as there is no reason that a total stranger should be reaching out on your personal profile. This is why it makes sense to only allow your Friends to do so - or, perhaps you alone with the Only me setting.

Who can see what others post on your timeline? This setting will largely depend upon who you have permitted to post on your timeline. If your Friends can post to your timeline, you definitely want your Friends to be the only ones who can see it - assuming you don’t want to maximize your privacy (and hedge your bets) with the Only me setting.

Allow others to share your posts to their stories? Ask yourself: do you want anything you post publicly to be shared by your Friends? If so, leave this one enabled.

Who can see the posts you’re tagged in on your timeline? Tagging can be an incredibly useful thing for someone trying to cultivate an image as an engaged thought leader, but it can also hurt your reputation, never mind your privacy. If people keep tagging you in assorted posts and you’d rather the public at large didn’t see these posts, you can keep these posts to your Friends, or even to Only me.

Review the posts you’re tagged in before the post appears on your timeline?
Alternatively, this is likely the best option for someone looking to be visible via tagged posts, while still remaining in control of which posts that are linked to them. Basically, you can be notified if you are ever tagged in some Facebook content, and can opt whether or not it will appear on your timeline. Fair warning - any mutual friends you have with the person who has tagged you will be able to see the tagged content before you have a chance to review it. Regardless, it is best to keep this setting on.

Review tags people add to your posts before the tags appear on Facebook? Again, this is something you’ll want control over, so set this to on as well.

Managing Your Public Post Settings

Again, from the Settings page, click into the Public Posts option on the left-hand side.

Who Can Follow Me - Rather than adding users as Friends, public figures can provide the option to just be followed by interested people. If you want to give the public at large this option, set this to Public. Otherwise, you can keep your posts among your Friends by setting this to Friends.

Public Post Comments - Or, who can comment on the posts that you’ve shared publicly. It is probably best to keep this restricted to either Friends, or perhaps Friends of Friends.

Public Profile Info - Some facets of your Facebook profile are generally available for anyone to see (like your name and profile picture). Who do you want to be able to comment on your profile picture? Keeping this capability restricted to your Friends or - maybe - Friends of Friends is probably best.

How Much Do You Want Facebook to Know About Where You Are?

Facebook has the capability to track your location history. While this information isn’t shared with your Friends or followers (beyond letting your Friends know that you are nearby), the only real reason we could come up with for Facebook to track this is to be able to target you with ads more effectively. Hopefully, that’s the reason, but even so, it is better to be safe than sorry. After all, Facebook has a history of data security missteps.

Again, starting from the Settings page, click where it says Location on the left-hand side. From there, you can see what Facebook already knows by requesting to View your Location History. However, to disable this, you’ll need to use the mobile application.

Using the Mobile Application to Turn Off Location

From the app, access the 3-bar hamburger icon (found at the top-right), and scroll down until you see Settings & Privacy. From there, you should access Privacy Shortcuts, where you’ll see a new area with various settings and documentation regarding Facebook’s identity controls.

Find Manage your location settings (you shouldn’t have to scroll to find it). Once there, you should:

• Turn off Location History (found in Location Access)
• Turn off Use Location (in Location Services)
• Find and disable Background Location

While you’re at it, you may as well delete your existing Location History.
Again, from within Privacy Shortcuts, select Manage your location settings and then View Your Location History. You will be asked for your password, and then you will see another 3-dot menu in the top-right. From there, you should Delete all location history.

Take note: if you post a photo with your location tagged, or check into some public place, you may be allowing Facebook access to your location data again.

Yes, this is a lot to take in.

Thank you for sticking with us for so long! We hope this helps you to secure your personal privacy on what is known as the social network. To learn more about protecting your privacy and information, geared more toward your business, reach out to Coleman Technologies at (604) 513-9428, and make sure to subscribe to our blog.

Would you be concerned if someone, with only an image, could infer things about you with better-than-expected accuracy? I don’t mean snippets, either—we’re talking about entire paragraphs of context.

Probably, right?

How concerned would you be if I told you that’s precisely what Google Photos does?

Let’s examine the research experiment that a startup photo storage and sharing service—founded by a former Google software engineer, no less—is presenting as an interesting bit of marketing.

Vishnu Mohandas’ Role at Google Gave Him Concerning Insights

A self-taught programmer, Mohandas was alienated by the tech enterprise when he learned that Google used AI to help the United States military examine drone footage. As he left the company, he also left its services behind.

Mohandas had realized that Google could very easily draw on the data stored in its cloud services to help train its AI further. This would include Google Photos.

When he left, Mohandas created a service he dubbed Ente, which would function as a privacy-first photo storage and sharing subscription. While Ente does generate profits, it has been challenging to convince people to shift from a convenient, free option to a paid service.

However, one of the company’s interns (as so often seems to be the case in stories like these) had an idea: why not show people exactly what Google’s AI could glean from your photos?

Hence, theyseeyourphotos.com was born.

Theyseeyourphotos.com Demonstrates What Google Can Do

By replicating the process that Google undergoes as it examines an image, Ente created Theyseeyourphotos.com to allow users to securely upload their own images to see what Google’s AI instantly interprets.

So, let’s say we were to upload the following image…

…They See Your Photos produces this result:

“The photograph shows a group of men standing in what appears to be a 1970s-era computer room. In the foreground is a large piece of computer hardware, possibly a mainframe console, with various knobs, buttons, and displays. The background features several large cabinets, likely containing tape drives, characteristic of computer systems from that era. The walls are a muted yellowish color, and there's a sign visible on the wall, indicating safety procedures or warnings. The floor is a light-colored tile, typical of institutional settings.

The men appear to be of Caucasian descent, likely colleagues in a professional setting given their attire. They are all dressed in business-casual clothing, with ties and suits. Their expressions are serious and somewhat formal, suggesting a professional portrait. They appear to be in their 20s and 30s. Based on the clothing and technology, their economic status is likely middle-to-upper-middle class. They seem to be involved in the operation or maintenance of the large computer system. The photograph was likely taken with a professional-grade camera considering its sharpness and composition. The picture appears to be from the mid to late 1970s.

The photo is subtly composed to emphasize the technology, positioning the men slightly in front of the equipment. There is a small speaker on the floor near the main computer console. The men are not all equally spaced; some subtle variations in stance and positioning can be seen on closer inspection. The overall image quality suggests an older photograph, perhaps printed from a film negative.”

All that, from one image. Imagine how much information could be gleaned from an entire collection.

We encourage you to give Theyseeyourphotos a try. However, despite their promises and philosophies, do not use anything you wouldn’t be comfortable having on the Internet.

What Does This Mean?

First of all, this is not an advertisement for this particular storage service. We simply wanted to share a very practical reason we all need to be careful about what we put online, as this shows how easy it can be to gain insights into someone from the simplest things. It is also important to keep in mind that, while this data currently isn’t being used for advertising purposes, it is being collected, processed, and stored by the company… meaning it could be used later to help create psychological profiles and similar collections of personal information.

Hopefully, this mindset is excessively cautious, but it never hurts to consider where your data is stored and how it may be used.

Facebook remains one of the most visited places on the Internet. Meta (the parent company to Facebook) also features WhatsApp and Instagram on their roster and has faced numerous security and privacy failings over the years. In this week’s blog, we’ll take a brief look at some of the most noteworthy.

Cambridge Analytica

One of the most notable incidents was the Cambridge Analytica scandal in 2018. The political consulting firm harvested the data of millions of Facebook users without their consent, using it to influence voter behavior, including in the 2016 Presidential election and the decision by the English people to leave the European Union. This breach exposed how third-party apps could exploit Facebook's data-sharing policies, leading to widespread criticism and a significant loss of trust among users. The scandal prompted regulatory scrutiny and highlighted the need for stricter data protection measures.

Ignoring Data Privacy

In addition to the Cambridge Analytica scandal, Facebook has been criticized for its handling of user data. Reports have surfaced of the platform storing passwords in plain text, exposing users to potential hacks. Furthermore, Facebook's practice of collecting extensive user data, including location information and browsing history, has raised concerns about user privacy. This data collection is often done without explicit user consent, leading to accusations that Facebook prioritizes profit over user privacy. Ultimately, Meta settled a class action suit for over $700 million.

Cyberattacks and Data Breaches

Facebook has also faced challenges in securing its platform from cyberattacks. In 2018, the company disclosed a breach that affected 50 million accounts, where attackers exploited a vulnerability in Facebook’s code. In 2019, over 500 million people had their Facebook data found on publicly accessible servers. Later that year, 300 million users had their Facebook information hacked and made available on the Dark Web. These breaches allowed hackers to access user accounts and potentially obtain personal information. Despite Facebook's efforts to improve its security infrastructure, such incidents demonstrate the ongoing vulnerabilities that can be exploited by malicious actors. Finally, the U.S. Federal Trade Commission levied a $5 billion fine and set forth new privacy restrictions for their products. 

Poor Privacy Practices

The platform's privacy policies have been a subject of controversy as well. Facebook's terms and conditions are often criticized for being lengthy and complex, making it difficult for users to understand how their data is being used. The company's approach to privacy settings has also been problematic, with frequent changes that can confuse users and lead to inadvertent sharing of personal information. This lack of transparency and control over privacy settings has contributed to user distrust.

Fake News and Manipulation

Finally, Facebook's role in disseminating misinformation and harmful content has raised ethical and privacy concerns. The platform's algorithms often promote sensationalist and polarizing content to maximize user engagement, which can have negative societal impacts. Moreover, the use of targeted advertising based on user data can lead to manipulation and exploitation. These issues underscore the broader implications of Facebook's security and privacy failings, affecting not only individual users but also society at large.

Most of the people you know use some type of Meta social media product, and after a myriad of privacy concerns, you need to have a plan for how to protect yourself. Stop back next week for part two, where we will tell you some things you can do to do just that.

It’s incredibly important to keep your personally identifiable information secure, but what exactly constitutes PII? Today we offer a definition and suggestions or strategies to help you keep your PII safe.

The Definition of PII Depends on Who You Ask

If you want to protect PII to the best of your ability, you first need to understand what it is, but the answer to this question is not exactly clear-cut.

The United States identifies a couple-dozen identifiers in its legislation, but other countries have different ideas for what is considered PII. The European Union, Brazil, China, and even various US states like California and Virginia have different ideas of what makes for PII. The General Data Protection Regulation (GDPR) sees race, political opinion or affiliation, religion, and sexual orientation as PII, but the California Consumer Privacy Act does not.

With so many different factors and variables in place, it’s hard to define PII, which in turn makes it hard to protect it. Five US states want to hold companies more accountable for failing to protect PII, and regulators are in the same boat. For example, Morgan Stanley Smith Barney failed to properly dispose of consumers’ PII on servers and drives that they wanted to sell following a big move, resulting in a $35 million fine.

Avoiding Fines for PII Security

The first and foremost thing you need to account for is the PII as it is outlined for your industry. Take this information into consideration right from the start so there is no room for error or confusion. Implement it into your data handling and sharing practices immediately to ensure compliance.

Furthermore, you’ll have to test your protections to make sure that you are keeping your data as safe as possible. Be sure that the data, even if stolen, cannot be used to identify the individual.

To top it all off, implement solutions designed to protect your data on all levels, including encryption, identity and access management, and role-based permissions.

Coleman Technologies can help to make sure that your business is protecting its personally identifiable information. All you have to do to get started is call us at (604) 513-9428.

Fortunately, there is: password management systems.

What Are Password Management Systems?

A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.

These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.

What to Look for from a Password Manager

During your search, you will want to make sure your chosen password management system offers the following features:

Security

While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.

These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.

It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.

As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.

Storage Considerations

Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.

If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.

Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.

User Friendliness

As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.

Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.

The User Experience and How Security Fits

Let’s face it, the majority of Internet consumers have no idea about data security until something terrible happens. Until they get malware, or get their identity stolen, or their accounts hacked, they assume that there is enough built-in security to facilitate any behavior online. This is not ideal, obviously, but there are a small number of people, around 29 percent, that have enough security awareness to avoid certain websites. 

This actually represents an increase in security awareness, and retailers that are now seeing their sales drop due to security concerns are feeling pressure to improve their security, especially considering that this year online retail sales are expected to climb by nearly 30 percent over 2019.

It is a balancing act. While on one hand, consumers demand a certain level of security while shopping online, they also demand superior usability. A streamlined user experience typically gets in the way of comprehensive security. Think about it this way: a third of users will just delete an application if they experience challenges in usability, including login problems. Therefore, businesses need to weigh what type of authentication measures they use. 

Major Privacy Concerns are Troublesome for Consumers

Another issue that is plaguing online retailers, is how their data is used, stored, and managed. Most consumers are at least cognizant of how important it is to keep their personal and financial information protected and are quick to move past retailers that they deem don’t at least consider their privacy. In fact, 70 percent of consumers view their ability to deny developers of certain apps and websites the right to resell their information as a key consideration of whether or not to use that particular site/app. This goes against user practices, however, as nearly three-quarters of consumers will give over some information for a discount. Some consumers will provide a whole profile for as little as five percent off their purchase.

With this in mind, it is left to the business to figure out how to get the information they seek, while also paying attention to consumer’s growing distrust of online data collection. It’s a tough situation for both parties. Many businesses will try to provide discounts on a user’s birthday, but that is only possible if they actively work to collect that information. Some retailers routinely do business this way, but many are starting to find new ways to get more engagement from their customers. 

Every Business Needs to Be Secure

Every single business can use data to their advantage, but with more people concerned about their online privacy than ever before, it is important to have the security protocols in place to allow them trust enough to do business with you. If you are looking for some help with your business’ security, or would like to learn more about the options available to help you find the happy medium between helping your customers protect their privacy, call the IT security professionals at Coleman Technologies today at (604) 513-9428.

It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.

Unfortunately, card skimming is even worse for those who rely on prepaid cards provided by the state for food assistance. Let’s consider why this is.

Skimming Losses are Worse for Those Receiving Assistance

Authorities across the country have taken note of increased losses associated with those receiving assistance through the Electronic Benefits Transfer (better known as EBT), which permits participants with the Supplemental Nutrition Assistance Program (SNAP) to pay for their food purchases.

When a SNAP card is used, the associated EBT account is debited so the store is reimbursed for the purchase. In this way, the EBT card is effectively a debit card—they even have an associated PIN and can be used to withdraw money from an ATM.

However, EBT cards largely lack the protections that most other payment cards have, like the more secure smart chip technology that makes these cards harder to duplicate, or the fraud protections that other payment cards have. If SNAP funds are fraudulently stolen and spent, the rightful recipient has little recourse to take. They’re effectively out that money…money that they need as a member of the program.

It isn’t exactly news that criminals and scammers have found ways to steal card data, either…and they’re getting better at doing it surreptitiously. The devices used to “skim” data off of payment cards (cleverly referred to as “skimmers”) can now be hidden inside cash machines, or camouflaged to look like just another part of the device. This makes it more challenging to spot these skimmers, putting more people at risk in general of having their data cloned and used to create additional copies of payment cards that the thief can use or sell.

What Can Be Done?

Well, short of more states implementing improved security measures into their EBT cards—eliminating the magnetic strip and replacing it with the modern chips that other card types use—it really falls to the user and the business where an ATM or other card-reading device is located to prevent these issues. Keep an eye out for people trying to tamper with these machines, and discontinue its use if you can until it has been fully checked by a professional for card skimming devices. As a customer, give any card reader a close look before you swipe to see if it looks at all unusual.

Coleman Technologies is here to help keep your business more secure and efficient, both for your benefit and that of your clients and customers. Find out how we can help via our managed services by calling (604) 513-9428.

Your business is likely subject to certain compliance laws and regulations depending on the type of data you collect from your clients or customers. Today, we want to emphasize the importance of your business considering regulation and compliance when managing its data and IT resources, as without doing so, you run considerable risk.

Consumer Personal Data

You probably collect certain information from your clients and customers, such as their names, emails, phone numbers, and so on. You might use this to provide better service to them, but collecting and holding on to this information means that you are subject to the General Data Protection Regulation (GDPR)—particularly if you collect personally identifiable information or sensitive information like Social Security numbers.

Financial Records and Transactions

You’re in business to make money, and in order to make money, you have to receive payments somehow. Therefore, the necessity for financial records and transaction ledgers is there. This might include tax documents, payment card information, bank account details, and so on, and they all require adherence to regulatory requirements. One that you’re likely to see is the Payment Card Industry Data Security Standard, or PCI DSS, which requires you to protect data from card payments in various ways. This might involve securing your payment portal, protecting and auditing the system, and ensuring that it complies with other laws.

Health and Medical Records

Healthcare and other health-related records are extremely private by nature, so they must be protected per the Health Insurance Portability and Accountability Act, or HIPAA. If you store information on patient demographics, medical history, treatment records, and insurance information, you need to protect it, period. To ensure data is transmitted and stored securely, you can use encryption, access control, multi-factor authentication, and other powerful security measures.

Take Responsibility for Your Data Security

Hackers will always take advantage of businesses that don’t take the time to consider cybersecurity, and when compliance fines and penalties are involved, you cannot afford to slip up. You have to accept the fact that your business is a target, and ready or not, the hackers will launch attacks at you until they get their way.

Coleman Technologies can help your business master cybersecurity and regulatory compliance. Call us today at (604) 513-9428 to learn more.

Strategy #1 - Know the Value of Your Assets

By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses. 

Strategy #2 - Stay Proactive

One of the best ways to protect your network and infrastructure from security threats is to be proactive in your efforts to protect them. You’ll want to develop a response plan that is created with the worst-case scenario in mind. That way as soon as there is a cyberattack, you will know how to react and what strategies to take to mitigate the problem. 

Strategy #3 - Train Your People

One thing is certain, a well-trained staff will do more to protect your network and data than any other solution. The “all-hands-on-deck” strategy to cybersecurity will minimize the frequency and severity of cyberthreats by nearly 50 percent, so ensuring that all of your people know how to spot abnormalities (especially phishing attacks) can save your business a lot of time and money. 

Strategy #4 - Keep Innovating

One thing is certain, cybersecurity is as much about staying out in front in terms of tools and strategies as it is about being hyper-aware of potential problems. Sure, knowing how to react to a data breach or successful phishing attack is important, but the more that you understand how these hackers are coming at your business, and putting tools and strategies in place to thwart those attacks, the more secure your data and resources are going to be going forward.

Cybersecurity is a long game and if you want the best team in British Columbia helping you come up with strategies and outfitting your business with the tools it needs to keep hackers at bay, give Coleman Technologies a call today at (604) 513-9428.

Hackers are always on the lookout for personally identifiable information, or PII, as it’s an immensely lucrative resource. You’ll need to protect it if you want your business to continue operating safely and efficiently. Let’s go over what PII entails and what kinds of data you might find under this term.

What Constitutes PII?

The National Institute of Standards and Technology’s (NIST) Computer Security Resource Center (CSRC) defines PII as such:

“Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.”

Let’s say your business had a contact named Charlie Brown, some of their data might include the following.

Examples of PII

If you hosted the data for this totally fake individual named Charlie Brown, you might be responsible for the loss of the following data:

• His name
• His address
• His phone number
• His personal identification numbers
• His information that identifies his property
• His personal features
• His asset information

Data Can Combine to Constitute PII

Depending on the other information you have collected, the following combinations could be considered PII as well:

• His date and place of birth
• His race
• His religion
• His weight
• His activities
• His geographic location
• His employment history
• His medical data
• His educational history
• His financial data
• His family information

Hypothetically, if someone had Charlie Brown’s employment history and family information, they could have enough to be considered PII.

Protect Your PII at All Costs

The damages that could result if you do not take proper care of PII stored on your company’s infrastructure are devastating to say the least. We recommend you call us today to learn more about how to secure it all. Contact us today at (604) 513-9428.

Profitable Types of Data

Believe it or not, even a small business with a handful of clients has data worth stealing. You’re in business to make money, and by virtue of this fact, you likely collect and store financial information. In fact, you collect a ton of valuable data. The type of data that hackers are looking for.

In addition to all of the financial details you collect, there is also all of the contact information regarding leads, clients, and customers. With so many emails and phone numbers stored on your infrastructure, hackers can have a field day. They will have all the information they need to steal funds, distribute malware, and create unpleasant situations for your business.

The Unpredictability Factor

Not all hackers have any specific goal in mind when they hack you. Sometimes all they want to do is make your life miserable. The unpredictability associated with hackers is one of the most dangerous parts of them, as they can take advantage of any overlooked vulnerabilities to create a problematic situation for you.

The Impact of Security Negligence

If your business falls victim to a hacker, it’s certain to affect your business' operations. In some cases, it could be subject to compliance fines that could break your budget and put your business at greater risk. Furthermore, you could lose access to important data that makes your business work, threatening its future and all but guaranteeing that recovery can never happen. Therefore, the importance of protecting your network can never be overstated.

Coleman Technologies can help your business implement the security solutions needed to maximize protection from threats. To learn more about what we can do for your organization, reach out to us at (604) 513-9428.

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.

You don’t want to get spammed; nobody does. Unfortunately, it happens to EVERYONE, and it’s just getting worse. All this unwelcome correspondence happens over the phone, through email, and especially on social media. In today’s blog, we’ll talk a little bit about how social media puts users at risk and what you can do to keep that risk from becoming a problem for you. 

How Social Media Invites Risk

Think about how integrated today’s companies are with the way you navigate online. Do you use the “sign in with ___” feature when you access other apps? Do you have near-constant notifications dinging because you have every email, every update in an application, and every message you get sending you one? Do you spend an unhealthy amount of time scrolling through shorts and reels and whatever? 

No matter what type of user you are, today’s technology has got our attention. Unfortunately, it also has gained the attention of scammers. Let’s take a look at four ways to avoid being scammed on social media.

Nothing Is Too Good To Be True, Except on Social Media

You’ve probably seen those ads: "Get thousands of dollars with this secret trick!" Yeah… no. If something sounds too good to be true, it probably is. Scammers use flashy deals to lure people in, but once you click, they might steal your personal info or install malware on your device. Always double-check offers and only trust verified sources.

Avoid Clicking on Random Links

Scammers love sending shady links in DMs, comments, and even fake emails pretending to be from brands you trust. If you don’t know the person sending it—or if the message feels a little off—don’t click. Even if it’s from a friend, their account might be hacked. When in doubt, ask them directly before opening anything. Always verify if there is any question.

People Are Often Not What They Seem

Scammers create fake accounts pretending to be celebrities, brands, or even people you know. If a friend suddenly messages you asking for money, take a step back and verify first. And if a celeb slides into your DMs saying they need you to help them with an urgent matter, just block and report. Always check for blue verification badges on official accounts and look out for weird usernames with extra numbers or letters.

Try to Keep Private Information Private

People who overshare on social media play right into the hands of scammers. Posting your full name, birthday, or even where you work makes it easier for scammers to impersonate you or hack your accounts. Also, be careful with those viral quizzes that ask for personal information. These quizzes are often phishing for answers to security questions. Keep your info locked down and update your privacy settings regularly.

Unfortunately for everyone, scammers aren’t going anywhere, but you can stay one step ahead. If you ever feel like something’s off, trust your gut. Block, report, and move on. Stay smart, stay safe, and enjoy social media, without the scams.

For more great technology-related best practices, tips, and tricks, return to our blog soon.