First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.
To help, we’ll be going over a few best practices that you and your team can implement to improve the security of your remote work when using a wireless connection.
Whether at home or in the office, everyone who works within your business needs to subscribe to good password standards. For instance:
With many “non-essential” businesses scrambling to find strategies that will keep revenue coming through the door, setting up a remote workforce has become most businesses' best hope. Unfortunately, with such little notice to dot the Is and cross the Ts, businesses are taking on more risk than many of them are comfortable with. That trepidation is not fruitless, either. In times of crisis, hackers have a tendency to prey on the unprepared. The fact is that workers that are operating where they are not comfortable--or where they’re too comfortable--can mean disaster for their employers.
First of all, it’s important not to panic. Many organizations have been offering work-from-home perks for years. Not only is it entirely possible to keep business running, but many businesses see a boost in productivity. A two-year Stanford study shows that in general, remote workers are as productive, if not more so, than those confined to an office.
Based on what is currently known about the coronavirus, the Centers for Disease Control and Prevention have some recommendations as to how to keep the potential impact of coronavirus to a minimum:
If you find that one of your employees is confirmed to have been infected with coronavirus, make sure that you inform their coworkers of their possible exposure while still maintaining the confidentiality that the Americans with Disabilities Act requires. These employees and those who are living with a sick family member should assess their risk of exposure using the CDC’s guidelines.
Unfortunately, coronavirus will also require you to also keep an eye on your network security, particularly if you operate within the healthcare industry. Hackers and cybercriminals have taken advantage of the widespread concern that the disease has caused. For example:
While the current climate may not make it easy, these emails and other threat vectors can be overcome through the same best practices that foil other cyberthreats. In addition to comprehensive digital protections, training your employees to spot these threats will be crucial.
Of course, you should also maintain a comprehensive backup in case you need to recover from a successful attack.
With today’s technology, sending an employee home sick doesn’t necessarily mean that you will be sacrificing that employee’s productivity. We now have many ways that your team can work effectively from home, still contributing to your organizational agenda without exposing their coworkers to their illness.
Remote access solutions, paired with virtual private networking technology, can allow your employees to securely continue their work from home, safely accessing the applications and data their tasks require through an encrypted connection. As collaboration will certainly be necessary, you will want to be sure that your employees are also equipped with the communication tools that facilitate this collaboration as well.
You will also want to thoroughly secure your network infrastructure to help prevent threats like phishing attacks and other methods from being successful… as well as preparing for a potential breach or emergency with data backups and disaster recovery policies and procedures (including contact information for your employees) to help mitigate a worst-case scenario.
Finally, make sure your employees are on the lookout for any suspicious activity that could be a cybercriminal’s attempt at using the coronavirus as a means to an end. Not only should your employees know how to spot these attempts; they should also know the proper procedures for reporting and handling them.
Is the coronavirus scary? At this point, it is safe to say that it is, but does it have to interrupt your business operations entirely? Not if you are properly prepared.
For more assistance in preparing your business for any kind of disaster, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.
COVID-19, better known as coronavirus, is a respiratory illness that first appeared in Wuhan, China, and was reported in the United States on January 21st, 2020.
As of March 3rd, 12 states have reported 60 total cases of coronavirus and six confirmed deaths, with no vaccines or specific antiviral treatments for the illness. Symptoms of the virus include fever, shortness of breath, and a cough, while those with complications from the virus can experience pneumonia in both lungs, failure of multiple organs, and death.
Hackers have many methods they use to break into your network, steal data or put you in a position where you have to pay them money to get your data back. They use a combination of software and skill to make it happen. Here are three ways hackers and cybercriminals attack your network in an attempt to get what they want.
That’s right, they’ll use your own employees against you, and your employees might not even realize what’s happening. Let’s say a hacker gets ahold of your internal e-mail list, like the e-mails you have posted on your website or LinkedIn. All the hacker has to do is send an e-mail to everyone at your company.
The e-mail might be disguised as a message addressed from you asking your employees for a gift card, which is becoming an increasingly common scam. Another e-mail tactic is making a message look like it’s from a fellow employee, asking everyone else to open an attached file, which is likely malware or ransomware. A third e-mail scam is directing people to a phishing website, which is a website that scammers have designed to look like popular websites in order to get login information to hack accounts. All it takes is a single click from any employee to let the bad guys into your business.
Some hackers aren’t afraid of forced entry. Hackers and cybercriminals have access to black market tools and software that helps them get into networked devices – particularly unprotected networked devices.
For example, if you have a PC that’s connected to the Internet and your network doesn’t use any firewalls, data encryption or other network protection software, a hacker can break in and steal data from that PC and potentially other devices connected to that PC, such as portable hard drives. This method of entry isn’t necessarily easy for hackers, but the effort can be worth it, especially if they can walk away with sensitive financial information.
Hackers are relying on ransomware more and more to get what they want. Hackers rely on e-mail, executable files and fraudulent web ads (such as banner ads and popups) to attack networks with ransomware. It goes back to the first point. All it takes is someone clicking a bad link or file and the next thing you know, you’re locked out of your network.
This has happened to dozens of businesses and even city governments in the last year alone. The thing is that even if you pay the ransom, there is no guarantee the hacker will restore access. They can take the money and delete everything, leaving your business high and dry! This destroys businesses!
All of these points are why you need to take a hard look at IT security solutions and use them. For instance, if you had all of your data securely backed up to the cloud and a hacker came in and tried to hold your data hostage, you wouldn’t have to worry. They don’t really have your data. You can tell them “no,” then all you’d have to do is work with an IT team to get your network back up and running while scrubbing it of any malware or ransomware.
Then, it would be a simple matter of restoring data from the cloud. Sure, you might be out of commission for a day or two, but in the grand scheme of things, it’s much better than losing your business to these jokers.
Hackers are just looking for easy targets and, sadly, a lot of small businesses fit the bill. Just because you haven’t had any major problems yet doesn’t mean you won’t in the future. The threats are out there and they’re not going to go away. Invest in security, partner with an IT security firm and protect yourself. This is one investment that is truly worth it!
Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack.
Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.
Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.
When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.
Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.
When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business--where there are often a lot of moving parts--and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems.
Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem.
If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at Coleman Technologies can help. Call us today at (604) 513-9428 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.
The past few years have seen some of history’s greatest data breaches. For instance, the most notorious of these attacks, the Equifax breach, Yahoo, and Marriott-Starwood, resulted in a combined total of 3.5 billion accounts breached.
This means, statistically speaking, you would have a pretty good chance of picking a data breach victim of the past few years by randomly selecting two human beings from the entirety of planet Earth’s population.
Crunching the numbers, there has been an increase of security breaches of 67 percent since 2014.
Interestingly, there is a plus side to these enormous data breaches happening in the public eye, thanks to a few key points:
To clarify, we aren’t trying to sugarcoat the severity of a data breach, but having said that, the past few years’ cybersecurity threats have really given us all an example to consider. With new compliances, regulations, and other mandates being put into play, businesses are certainly considering these threats.
There is a tendency to overlook small businesses when discussing data breaches. After all, the ones that have struck large targets (like Yahoo, Target, eBay, Sony, and many others) almost always get a headline, along with the attacks that focus on municipalities, like the ones that targeted Wasaga Beach, Ontario and Midland, Ontario with ransomware.
What aren’t heard about so much, unfortunately, are the attacks that lead to much smaller companies shutting their doors for good… a side effect of the limited number of victims per attack, and the relatively casual approach that many have towards security. Unfortunately, a Verizon survey shows just how misguided the assumption that a smaller business size will protect it from threats, when 43 percent of businesses breached would be classified as small.
Fortunately, there are ways that you can reinforce your business’ cybersecurity, especially with the help of Coleman Technologies and our experienced cybersecurity professionals. Call (604) 513-9428 to get in touch with us, so we can help evaluate and fulfill your business’ needs.
Did you know there are entire websites out there, devoted to providing the default factory passwords for different devices? They aren’t on the Dark Web, either - this is on the visible, indexed Internet. Imagine if I were to come in with some idea of what brand of routers you had… if I had the right default credentials with me, I could easily access your router and wreak havoc in your business.
You need to consider every potential access point into your business and ensure it is properly secured. The same goes for any online accounts associated with your business, like cloud storage. Take the time to make sure that everything is secured with a password that meets best practices, and if memories are an issue, use a reputable password manager to simplify the task for your employees.
This also goes for your physical location. Many access control solutions exist that enable you to keep track of who accesses a certain area, and when, with the added benefit of keeping those without authorization out.
Many people may assume that, once they’ve installed an antivirus/antimalware solution, they are all set. The trouble is, more malware is being developed all the time, and there’s a good chance it is being developed to help the malicious software get past your antivirus. As it happens, the developers of the antivirus are aware of this, and frequently add new threat definitions to the software to make it more effective.
However, all the threat definitions in the world will do diddly-squat if your antivirus solution isn’t updated to include them. This is why it is important to keep an eye on your network’s health and take the time to check that you have the latest definitions included.
Finally, you have the nuclear option against malware… mutually assured destruction, that only you can recover from. That is, as long as you’ve been maintaining a proper backup.
If you should fall victim to a malware infection, completely wiping your devices and quite literally starting from scratch with them is your best hope of getting rid of it. However, in order to keep yourself from crippling your own business while doing so, you need to maintain an ace in the hole. By keeping a backup that passes best practices, you can be sure to have your data if you have to sacrifice your original copy.
Coleman Technologies can help you do all of this, and more. Reach out to us at (604) 513-9428 to learn more.
By many, we mean about a quarter of them.
With the deadline just a week and a half away, we wanted to reiterate what a solution reaching end of support means, how it would impact you, and what your options are.
The first thing to address is what “end of support” actually means. It doesn’t mean you won’t have the ability to use whatever software it is (in this case, the Windows 7 operating system) after the end of support date. What it means is that Microsoft is no longer doing anything to it - including improving its security and patching issues. As a result, the software will lose its functionality over time. Worse, the computer running the software becomes vulnerable, which makes the entire network vulnerable - not a good thing.
To be fair, there are some ways that you can protect your network while still using these devices. For instance, if you rely on a particular line-of-business application that requires Windows 7, you could theoretically isolate a Windows 7 device to allow you to do so. However, to be completely fair, there isn’t any guarantee that you will be protected from vulnerabilities, short of completely taking problematic systems entirely offline.
Therefore, it only makes sense to explore your other options.
With the deadline as close as it is, you will need to hustle to put any of these alternatives into action:
Objectively speaking, Windows 10 is better than Windows 7, if only for its improved security. Furthermore, it isn’t one of those solutions that requires insanely higher specifications to run. In fact, the minimum numbers you need to operate Windows 10 are as follows:
Mind you, this is all it takes to run Windows 10, not to run Windows 10 well. To improve your performance, we suggest that you make a few alterations - upgrading to a 2 GHz dual-core processor, increasing your RAM to between 4-and-8 GB, and Increasing your hard drive space to 160 GZB, at least.
While it will cost you a pretty penny, obtaining new hardware (that comes with Windows 10 installed) may be the easiest option, especially when you take your looming deadline into account. Windows 10 and regular updates to it are all included, but it may take some time to configure everything properly.
In a similar vein as leveraging Chromebooks instead of Windows, you could use your old hardware as a thin client to virtualize your needed solutions. However, despite the reputation that virtualization has as a solid option for businesses, it may not be a practicable option with the deadline pressing so close.
Alternatively, you could simplify this process using one of Microsoft’s services. Microsoft 365 offers a combination of Windows 10, Office 365, One Drive with an included terabyte of storage, and fully featured security. Available at a predictable monthly flat-rate per user, it gives you a solid alternative for at least your productivity-software-using employees.
Regardless, you need to take action now. Reach out to Coleman Technologies today for help. We’ll figure out which approach is best for you and help you with your upgrade process. Call us at (604) 513-9428 to learn more.
That’s why we wanted to make sure that you knew how to reclaim your personal data and make sure it is protected. We’ll start by protecting the information that you’ve shared.
To do this, you will want to access your Facebook account on a computer. This is going to be a lot to manage, and the mobile app would only be too much trouble to navigate.
From any page on Facebook, look for the menu, which will appear as a little downward-facing arrow. This should be at the top right-hand corner of the page. Click into Settings. This little arrow is your lifeline during this process, you can always find your way back to the beginning with that menu.
Your first order of business should be to confirm that you still have access to all of the email accounts tied to your Facebook. If an account that you no longer have access to was used, account recovery becomes monumentally more difficult.
On the right, you should see the Security and Login option. Click it, and Facebook will show you all of the devices where your account is logged in. Fair warning, this can be shocking - especially since it includes where and when you last used that device, and what browser you were using to do so. The longer a user has been engaged with Facebook, the more devices will likely show up here.
If one of these devices is one that you don’t recognize, you will want to change your password immediately - we’ll go over how in a moment. First, you will want to log out of Facebook on any device that you aren’t actively using. This can be done through the three-dot icon menus next to each device listed.
While we’re on the topic, this is when you will want to make it a point to update your password. It will only take a minute and might just help keep your Facebook friends from being spammed and phished. You can do this using the process provided on the Security and Login page.
Remember, you should never use a password for more than one online account.
After your password settings, you’ll see the option to set up two-factor authentication (2FA) to help protect your account. To set it up, select Use two-factor authentication and click edit, and Facebook will provide you with the instructions you need to follow. Click Get Started.
You have two options to select from as your Security Method, either using an authentication app, or to receive a text message with an additional code. Between the two, the application is the more secure option, although it does mean you need to have access to the mobile device whenever you want to check your Facebook.
Setting up the authentication app option is pretty simple. Open your application (which, if you have a Google account, might as well be Google Authenticator) and, on the computer, select the Authentication App option, as pictured, and click Next.
Facebook will display a QR code, which your authenticator app should allow you to scan when you add a new account to it. The app will then give you a six-digit number to provide to Facebook as a Confirmation Code. Simple.
If you decide to use the text message option, Facebook will simply send you a code that you have to provide upon login. It isn’t quite as secure as the app, but it will do. All you have to do to configure this is to confirm an initial code with Facebook, and you’ll be walked through the rest.
Once you have two-factor authentication enabled, it only makes sense to add an additional means of 2FA as an emergency backup - in this case, whichever method you didn’t choose. Honestly, you might as well set up both, and make use of the Recovery Codes option, to boot.
Under the Add a Backup option on the Two-Factor settings page, there is also a Recovery Codes option. By clicking Setup, Facebook will provide a brief explanation, and the opportunity to Get Codes. Facebook currently gives you a list of 10 single-use 2FA codes. These are one-shot codes, but you can generate a new list whenever you want from the Two-Factor Settings page. Make sure you keep these codes in a safe place.
Back on the Security and Login page, scroll down to find Setting Up Extra Security. This area lets you opt-in to alerts being sent via email or text, notification, or Facebook Messenger.
You can also Choose 3 to 5 Friends to Contact if you do find yourself locked out of your account. Make sure that these are people you truly trust.
Stay tuned for part three of this series, coming soon.
Consider how many opportunities Facebook has to collect information about you: there’s quite a few. For one thing, you literally tell the platform the things you “Like.” Semi-joking aside, there’s also the stuff you post, which advertisements attract your attention, and many other means for them to construct a pretty solid profile on you.
You can see this profile for yourself. In the aftermath of the Cambridge Analytica scandal - where third-party users were granted free reign and access to Facebook user info - Facebook made a promise to be more transparent. This profile is part of that transparency.
Viewing this information is pretty simple, whether you’re on your computer or you’re using the mobile application.
On a desktop or laptop:
From the Facebook mobile app:
The “data is ready” notification will probably come after about an hour - it really depends on how long you’ve been a user, and how active you’ve been. Most people will probably have a file that takes up a few gigabytes.
Now that the report is available to you, click on Your Facebook Information.
Access Your Information - Facebook provides you with an itemized and viewable list of your Posts, Photos, and Location history ready for viewing.
Activity Log - Consider this a comprehensive timeline recap - almost a scrapbook, prepared by Facebook.
Deactivation and Deletion - People used to complain that deleting a Facebook account was a difficult process. Not anymore!
When you do review your file, the information they have can be shocking, mainly due to the location-based aspect of it all. You can pull up a given day and find out exactly where you were and what you did. Facebook kept track for you.
Then, you need to consider the Ads. This section will show you all of the advertisers who provided Facebook with a contact list your name appeared on. It isn’t that Facebook gave away this information, advertisers already had it and gave it to Facebook to target you on the platform.
While it completely makes sense that Facebook would know a lot about you, seeing it all laid out (and how much of it didn’t come from your profile) isn’t exactly comforting… Facebook has been too involved in a few major data breaches. Just think - there’s a profile just like the one you retrieved about you, for over a quarter of all of the people in the world.
This rabbit hole goes deeper, too. Make sure you check back soon for part two of three of this Facebook privacy blog series.
You probably had a notion that Facebook had a bunch of your information, but how much information outside of your general profile makes you nervous when they are accused of major data breaches. What’s scarier is that the service is used by over a quarter of the world’s population.
This is only the tip of the iceberg of the information we will share about this social media giant. Check back for part two of our three-part blog series about Facebook privacy.
Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.
Facebook - Facebook had an unprotected server with over 419 million records accessed. Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.
Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.
DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked.
Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker. The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.
Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more.
Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests.
Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.
Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.
Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.
Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more.
Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after.
Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more.
State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.
Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.
T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.
Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.
With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.
Mobile malware is not new. It has been around since people used flip phones, but it doesn’t get the attention that the malware that targets Windows PCs do. This is mainly due to it being a little more rare, but if you are the unfortunate recipient of it, it can cause a lot of the same problems.
Many people won’t consider it simply because of the way they use their device. A person’s smartphone is with them around the clock and they don’t often use it in the same manner as they would a PC. This doesn’t mean that there aren’t major threats that can users can be exposed to. Let’s take a look at each major mobile OS.
One of Apple’s favorite marketing strategies is to point out that iOS is the safest mobile operating system. They actually do a commendable job, but devices running iOS aren’t always completely safe, especially on “jailbroken” devices. By not doing this, which is a way to avoid a lot of iOS’ built-in security restrictions, you will be much more secure.
Another risk that iOS-run devices run into is called a zero-day hack. The zero-day hack target devices haven’t received a security update after the security update has been released to the public. One major issue that users have with iOS security is that there aren’t a lot of ways to prevent issues. Apple itself does a lot of the heavy lifting. Their platform’s success depends on them keeping their reputation, so having trust in Apple to keep your device secure is not without its merits.
Android is a completely different situation altogether. With more devices comes more malware, and with so many different manufacturers making (and supporting) their various versions of Android, it gets a little dicey.
Android is much more flexible than iOS, which is one of its main benefits, but it can also be problematic when it comes to keeping the device secure. For example, if you want to install an application that’s found outside of Google Play, you can, but any negative situation you get into as a result is on you. It is also possible to jailbreak an Android device, which can override some of the built-in security restrictions.
There have been situations where installing apps off of Google Play have caused problems. Google has had to play games with app developers to keep some serious threats off their store. It just means that users need but it has become clear that it really comes down to the user being careful with what they install. It’s not normal for malware to be attached to Google-sponsored apps, but it has happened, so if you are an Android user, you don’t have to be too careful if all of your software comes from Google.
Keep App Downloads to Major App Providers - Both Android and iOS feature their own app stores, Google Play Store and Apple App Store, respectively. Even though Android devices can install applications that aren’t on the Google Play store, modern smartphones make this a little more difficult by making users acknowledge that they are putting their devices at risk by doing so.
If you refuse to jailbreak your phone, and you only install applications that are thoroughly vetted, positively reviewed, and come directly from the Apple App Store or Google Play, you will greatly reduce the risk of infecting your device.
Don’t Get Phished - Many of the most insidious threats today rely on user error. Phishing attacks are an annoying example of this. A user will get a legitimate-looking email from some account they actively use and will be directed to submit login credentials. Unfortunately, the email account is spoofed and on the other end is potential disaster.
Install Anti-malware - You have antivirus software for your PC right, why not get it for your mobile devices? Most providers have Android apps and can go a long way toward protecting your device from harm.
Enact Policies - If you are a business owner and your employees use their personal devices to do work-related tasks, it’s a solid practice to establish an end-to-end mobile device policy. You can require users to enable security options like device locking and encryption, and since this gets set up on your network, the device (and therefore the user) has to comply with any requirement’s your IT admin requires.
We have a dedicated plan to help all of our clients maximize their data and network security. If you want to talk more about it call our consultants today at (604) 513-9428.
An employee had access to data that they weren’t authorized to have. According to Trend Micro, they were able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”
This employee, who remains unnamed, apparently had planned to steal data, and ended up being able to bypass the internal protections Trend Micro had in place.
Since the data had more than enough information for a scammer to use to trick a user into believing they were calling from Trend Micro (all it really takes is a name and phone number, and knowing that they use the product), this kind of data has a great deal of value to scammers. It gives them an easy way in to steal money from unsuspecting people under the guise of Trend Micro tech support.
This isn’t a new problem, and it definitely isn’t only a problem for Trend Micro customers. Fake tech support scammers have been around for years, often preying on older, less-technically-savvy users. They use scare tactics and feign urgency to get their victim to hand over credit card information or allow remote access to the PC.
More often than not, these calls will come in saying they are “Microsoft Windows Support” or some general computer support. If the scammer thinks they are targeting an individual at a business, they might say they are from the IT department.
It’s important to be wary and educate your employees so they know the proper channels for getting support requests handled.
As a business owner, you need to ask yourself who has a little too much access. Can all employees wander into folders on your network that contain personal or financial information?
An employee should only have access to the data that they need, although it’s also important to not make it too difficult for an employee to do their job. Establishing the policies for this can be tricky but setting up the permissions on your network just takes a little work with your IT provider.
Enforcing security policies, like controlling who has access to what data, requiring strong passwords, and setting up multi-factor authentication can go a long way in protecting your business and its customers from a rogue employee running off with data. An ounce of prevention is worth a ton of damage control, in this case.
Need help? Our IT experts can work with you to lock down your data. Give us a call at (604) 513-9428.
With so much computing now done in cloud environments, it is important to address how this approach can benefit security, but still need to be secured.
It isn’t a secret that any kind of software, from applications to entire operating systems, can have holes in it. These security flaws and issues could easily leave a business vulnerable to attack if they aren’t resolved. This is why software developers will issue patches, which are just corrections to these mistakes, for users to install. By applying the patch, the user is protecting themselves from threats that would otherwise exploit that vulnerability - but just on the system where the patch is installed.
Now, consider how many computers some companies use, and all of the different software titles that would be found on each.
Can you imagine going to each one and applying an update, each time a patch was released? Furthermore, you have to consider that more and more devices are mobile nowadays. This means that there is no guarantee that every device is present when someone goes on their patch application marathon. Factors like these frequently lead to incomplete patch deployments, and as a result, holes in organizational security.
However, by utilizing the cloud as you manage your organization’s patches, the device no longer has to be present in order to receive the patch. Instead, the cloud can be used to push it out to all of your devices, so once they connect to the Internet, the patch will be implemented. This means you can keep your employees using the solutions you want them to use, assisting both your productive operations and your security.
However, it is important to take note that all the cloud is, is a computer located somewhere else (often owned by someone else). As a result, it can also be vulnerable to flaws and issues of their own - which is why you need to be sure that your cloud provider is properly maintaining the cloud solution with its own patches. This is especially the case if you are using an internal cloud solution.
Coleman Technologies can help you keep up on your updates, whether they involve the cloud or not. Reach out to us at (604) 513-9428 to learn more about our services.
The two vulnerabilities were patched off of Microsoft’s typical “patch Tuesday” due to the urgency. Most Microsoft patches are released on the second Tuesday of the month. The fact that these two were released ahead of time might seem like an insignificant occurrence, but the reality is this event is a major red flag.
The most significant patch was for a zero-day vulnerability that was found in Internet Explorer. It may be hard to believe, but people are indeed still using this antique browser to surf the web. The term zero-day suggests that the vulnerability that was discovered, had already been exploited by ill-minded cybercriminals.
While not much information has been released on the event, Microsoft did call it a remote code execution exploit that, if accessed, could have given a user control of another user’s account. The attack requires phishing someone who is exploring the internet on Internet Explorer, and luring them onto a malicious website. Once there, an attacker would be able to gain access over the victim.
Internet Explorer is such a forgotten browser that the event did not spark a lot of controversy. This is largely due to the fact that Internet Explorer makes up just two percent of the active market share. However, for the relatively small amount of users that continue to surf, an event like this is still a huge disaster.
The second patch that Microsoft expedited was a denial of service vulnerability in Microsoft Defender. The antivirus program comes standard in all Windows 10 PCs, and truly is the core of Windows 10’s sterling security record.
The bug that was discovered wasn’t necessarily obvious, or easily exploitable. In order to do so, the attacker would need the ability to read, understand, and write code. Doing so would allow them to disable Windows Defender components, giving the attacker access. This would give them free rein to do whatever malicious act they chose to deploy.
Patches aren’t optional. If you are worried about your business’ vulnerability, speak to one of our experts at Coleman Technologies. We have the know-how to keep your software up to date. Give us a call at (604) 513-9428 today!
Here, we’ll review the basic experiences that this scam subjects a user to as it sets the trap… and, of course, what your business can do to avoid these threats.
Put yourself in the shoes of a targeted user for a moment: just like any other day, you access your Gmail account and discover what looks like a Google Calendar invite. The invite is apparently for some kind of company-wide meeting (probably to discuss the company’s trajectory, policy changes, or something like that) to take place at the end of the workday. The message includes a link to the complete agenda, which can be accessed once a user confirms their credentials. You do so… and in doing so, fall for a scam.
This scam can be pretty safely categorized as “brilliant in its simplicity,” much like other phishing attacks can be nowadays. By using Google’s own convenience-based features, a fraudulent calendar event can be automatically added to a user’s Google Calendar, notifying the user. Fraudulent links send the user to a faked Google login page, where the user’s credentials are stolen as they attempt to log in. Alternatively, the link just begins installing malware directly to the targeted system. This scam has also proved effective against private users - informing them of some fabulous cash prize they’ve “won” through these fake Calendar entries.
As it turns out, the details of this scam were reported to Google by an IT security firm in 2017, but Google has not made any steps to resolve it until recently.
The firm stumbled upon this discovery when a coworker’s flight itinerary appeared in an employee’s Google Calendar. From there, the researcher realized the implications of this accidental discovery, and quickly determined that users just don’t anticipate phishing attacks to come in through their Calendar application.
Now that Google has acknowledged the issue, a fix is currently being developed as of this writing. Until the point that a successful fix is deployed, you need to make sure your users are protected against this vulnerability.
The first thing they need to do is ensure that no Gmail events are automatically added to their Google Calendar. Under Settings in the Google Calendar application, they need to access their Event settings. From there, they need to deselect the option to Automatically add events to my calendar from their Events from Gmail.
To disable invitations to events from automatically adding themselves to the Google Calendar, a user needs to go through the same process, this time switching the Automatically add invitations option to the much safer “No, only show invitations to which I have responded.”
With any luck, this - combined with a little vigilance from your users - will protect your business from a phishing attack via its schedule. To learn more about how to protect your business against a variety of threats, subscribe to our blog, and give Coleman Technologies a call at (604) 513-9428.
Let’s start with IT security because it’s undeniably important if you want to maintain not just IT regulatory compliance, but business on your own terms. IT security, like the act of complying with regulations, is an act of risk mitigation. In the case of IT security, the risks are many and complex. You have the risk of operational issues like downtime. You have the risk of system corruption from hackers and other outside entities who are trying to break through (or in) and get access to your assets. There is also internal risk to physical systems, central computing infrastructure, and every endpoint on the network.
In IT security, the amount of risk often dictates what kind of action is necessary, since reacting to the problems themselves isn’t a viable option. Thus, when protecting your network from threats, you will likely have to be much more comprehensive about your attention to detail as you would even under the most strictest compliance standards.
Compliance also is all about minimizing risk, but to stay compliant, it’s more about focusing on following set-in-stone rules than it is about keeping systems secure. Most of the regulations that have been passed down by a government entity, third-party security framework, or customer contract have very specific requirements. This gives network administrators a punch-list of tasks that need to happen to keep their organization’s IT compliant with their various IT mandates.
Insofar as it works to maintain digital asset security, many regulations are created to ensure that risky behavior is not introduced, while others are very specific about what data needs to be protected, and what systems need protection. In fact, some regulations barely touch the IT infrastructure, only dictating that the business purchase regulation-compliant hardware.
Compliance standards typically depend on which vertical market your business does business in, or more specifically, how it uses sensitive information in the course of doing business. That doesn’t speak to your organization’s complete IT security strategy. In order to keep all of your digital (and physical) assets secure, there needs to be a dedicated plan to do it. After all, today the user is the most common breach point.
With that truth it is important for the business that operates under the watchful eyes of a regulatory body to understand that you may be compliant, but still be at risk. It’s important that aside from meeting all the compliance standards set forth by your industry’s regulatory mandates, you need to put together a cybersecurity strategy that prioritizes the ongoing training of your endpoint operators.
At Coleman Technologies, our technicians are experts in modern compliance standards and cybersecurity. Our team can work to simultaneously build an IT infrastructure, the policies to govern that infrastructure, and the endpoint monitoring and protection solution that will keep your business secure from threats, while also being compliant to any mandated regulations your business is under. Call us today at (604) 513-9428 to learn more.
Some of the best cybersecurity methods are practices developed over the past few years. This is because social engineering, specifically phishing, has become a major problem. There are billions of phishing emails sent each year, and some of those are so convincing that even people who have had some basic cybersecurity training fall victim to them. To fight this, security firms have started to look to tomorrow’s technologies to help them mitigate risk today.
One of the most effective ways of combating this rise in hacking is to use the most dynamic technology you have access to and make a tool that will help you mitigate the massive risks. One way is to reduce the effectiveness of these hacks. In this case the technology is artificial intelligence.
When we talk about artificial intelligence, we are talking about having a machine that learns as it is continually exposed to threats. This will work to solve common issues at first, but as these systems advance, and are exposed to user behaviors, they will be able to replace access management systems. Since the AI will be constantly monitoring systems, as well as user behaviors, workplace roles, and common actions, it will be able to recognize a person without, the need for password-protected accounts and creating ubiquitously secure endpoints. If the system recognized any deviations, an additional form of authentication such as biometrics would grant or deny access.
Cost will initially be a factor for businesses, especially small and medium-sized businesses, but as large companies begin to truly trust these platforms, they will have viable endpoint-protection systems for small businesses.
5G and beyond will bring a lot of changes to the user experience, of course, but it will also make huge changes to cybersecurity. Before long, the AI systems that are being developed to thwart today’s cyberthreats will become essential systems for the sustainability of mobile computing. Just think about how much cyberthreats have multiplied over the past decade after the jump from 3G to 4G. The jump to 5G isn’t going to any less dramatic.
It will be crucial for cybersecurity professionals to be able to leverage systems that are both ubiquitously available to search through large streams of data while also being capable of learning on the fly in order to ascertain what data is potentially malicious and what data is less so.
Luckily there are still years before these types of systems will be needed. Unfortunately, there are enough threats out there to be a major problem going forward. The IT professionals at Coleman Technologies can help you protect your hardware and data. Give us a call at (604) 513-9428 today!
Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.
20178 96 Avenue, C400
Langley, British Columbia V1M 0B2
Mon to Fri 9:00am to 6:00pm
