Coleman Technologies Blog

Coleman Technologies Blog

We can give your organization comprehensive IT services and 24/7/365 live support for a predictable monthly fee. Stop stressing about technology, and start focusing on growing your business.

Microsoft Releases Rare Bug Fix Off of Regular Patch Schedule

The two vulnerabilities were patched off of Microsoft’s typical “patch Tuesday” due to the urgency. Most Microsoft patches are released on the second Tuesday of the month. The fact that these two were released ahead of time might seem like an insignificant occurrence, but the reality is this event is a major red flag.

Internet Explorer Zero-Day

The most significant patch was for a zero-day vulnerability that was found in Internet Explorer. It may be hard to believe, but people are indeed still using this antique browser to surf the web. The term zero-day suggests that the vulnerability that was discovered, had already been exploited by ill-minded cybercriminals. 

While not much information has been released on the event, Microsoft did call it a remote code execution exploit that, if accessed, could have given a user control of another user’s account. The attack requires phishing someone who is exploring the internet on Internet Explorer, and luring them onto a malicious website. Once there, an attacker would be able to gain access over the victim. 

Internet Explorer is such a forgotten browser that the event did not spark a lot of controversy. This is largely due to the fact that Internet Explorer makes up just two percent of the active market share. However, for the relatively small amount of users that continue to surf, an event like this is still a huge disaster. 

Microsoft Defender DOS Bug

The second patch that Microsoft expedited was a denial of service vulnerability in Microsoft Defender. The antivirus program comes standard in all Windows 10 PCs, and truly is the core of Windows 10’s sterling security record. 

The bug that was discovered wasn’t necessarily obvious, or easily exploitable. In order to do so, the attacker would need the ability to read, understand, and write code. Doing so would allow them to disable Windows Defender components, giving the attacker access. This would give them free rein to do whatever malicious act they chose to deploy. 

Patches aren’t optional. If you are worried about your business’ vulnerability, speak to one of our experts at Coleman Technologies. We have the know-how to keep your software up to date. Give us a call at (604) 513-9428 today! 

0 Comments
Continue reading

Essential Network Security Best Practices

Leverage Authentication Measures

One of the first steps to securing your network against threats is to create strong authentication procedures. Most of the devices with permission to access your network will already have an authentication system in place, based on a password. If the passwords used are strong enough, this can actually mitigate most threats - but you still have to worry about the ones that this doesn’t discourage. Leveraging something called multi-factor, or two-factor, authentication can help minimize the chance of something slipping past your security.

Two-factor authentication works in a relatively straightforward way. As with most login systems, a username and password are entered - but instead of being granted access, the user is asked for another credential. This is usually a randomly-generated code that a specialized authentication app will generate. Mobile devices are popular to use with 2FA, as their convenient nature makes them more likely to be available when needed. In order for a user to leverage their mobile device, the 2FA system administrator has to authorize it.

Tip: Make sure that you don’t let your password best practices slip, even if leveraging 2FA. Your passwords still need to be sufficiently complex. If you are one of those who find remembering different passwords difficult, consider using a password management system in conjunction with your 2FA. 

Protecting Your Business’ Computing Environment

Whether you use a Local Area Network or a Wide Area Network, the security practices that you need to deploy are fairly predictable. Once you’ve seen to your authentication needs, you need to combine three approaches to security into one all-encompassing strategy: your software-based security, your physical security measures, and your security awareness and best practice training.

Software-Based Security

There are many examples of how software can help keep your business’ network secure. From firewalls to content filtering to antivirus to spam detection, each of these tools protect your business data from a different kind of threat. You may even want to consider adding encryption to your email solution to make it a lot less likely that the contents of your messages will be intercepted.

Tip: If you aren’t sure which solutions are the right ones to implement, think about how your data moves about your business. The more insight you have into how your data operates, the more effectively you will be able to plan its protections.

Physical Security Measures

Somewhat ironically, we seem to have become so focused on our digital security that it can sometimes seem like we forget that there are very real reasons to protect our physical locations and infrastructure, as well. Consider the damage a bitter ex-employee could do in moments, should they manage to get into your server room. It has become fashionable to leverage biometric authorization measures to protect your server room - and there’s a lot to be said about a good, old-fashioned surveillance system, complete with alarms and cameras (as well as some updates to make this system considerably less old-fashioned).

Tip: Bring in a consulting professional to help you determine your physical security needs. Not only does this save you time by eliminating work you would otherwise have to do for yourself, it ensures that your system will be designed by an experienced professional that knows what will work best in different situations.

Security Awareness and Best Practice Training

Would you be surprised to hear that your employees are likely your biggest vulnerability? Of all of the pieces that make up your network security, the people who use your technology are the leading cause of security issues. With the number of ways that your business could be attacked, your staff needs to be educated on how to identify them and avoid them.

Tip: Both businesses and individuals have experienced difficulties with phishing and it adversely affecting them, so it makes sense to begin your training there. Not only is it a common issue, it is conceptually very simple to grasp, so it is a good starting point before moving on to increasingly complex concerns. The more your staff knows about how they can resist attacks, the more likely they’ll be able to do so if the needs arises.

Remote Solutions Via the Cloud

Modern organizations need to contend with potential threats to their network infrastructures, as businesses always have in some form. The difference is that issues can now come in on the mobile devices owned by their staff, and company resources can be routinely accessed from outside the business’ area network.

This has helped contribute greatly to the growth of cloud computing technologies - although the relative cost savings don’t hurt either. Using the cloud, your staff can access their work data and applications from a remote location, while the resources stored in the cloud are kept secure by the platform’s baked-in security and privacy.

Mobile devices have also been a disruptor to business-as-usual, which means that businesses need to plan on leveraging them if they don’t want them becoming a distraction. Designing a Bring Your Own Device policy and enforcing it through mobile device management solutions is an effective and secure way of reaching a compromise and minimizing the time wasted by mobile devices in the workplace.

Tip: Remember that cloud services are inherently scalable, so you don’t need to worry about overreaching your capabilities. However, you also don’t want to waste capital that doesn’t need to be spent. Auditing your resources is an effective way to identify and eliminate redundant costs leeching from your budget.

Network security can be complicated, but it is an absolutely crucial element to your technology strategy if you want to have any success. Coleman Technologies can help take care of the technical side of things for you, and help teach better habits to your staff. To learn more, keep reading our tips, and reach out to us at (604) 513-9428.

0 Comments
Continue reading

Technologies that Fuel a Remote Workforce

#1: Communication and Collaboration Solutions

Let’s face facts… you’re going to have to be able to work with your remote workers in order to accomplish what needs to be done, so you need to make sure you have a solution that maintains open lines of communication between you and your staff. All of the solutions that a business should use to enable communications while in-house should also be leveraged by a remote workforce, including email, chat platforms, video conferencing, and Voice over Internet Protocol.

On top of that, your line of business apps and the everyday software your staff needs should be available to remote workers. A prime example of a necessary solution for your remote employees is a file sharing platform that allows your team to work side-by-side on documents and data… whether or not they’re actually side-by-side.

#2: Project Management Tools

Time management is one of the biggest challenges inherent in remote work, so giving your staff direction through project management software can help your remote workers stay on task, while keeping the team as a whole apprised of progress towards a shared goal. In this way, project management solutions can help your team more efficiently reach their objectives - while keeping all members more accountable for what they need to accomplish.

This can be a considerable benefit, especially if an employee is going from a structured office environment to the more laissez-faire arrangement that remote work provides. Looming deadlines, combined with a fluid schedule, have been known to increase work-related stress. A reliable project management solution can return some of the structure to a remote worker’s day, giving them the purpose, they need to accomplish their goals.

#3: Cybersecurity

Any of the benefits of remote work are rendered moot if this remote work leads to a breach or some other security incident. This means that your remote workforce needs to be equipped with the same cybersecurity measures that you should have protecting your business’ on-premise infrastructure.

As a result, you will want to be sure that you’re having your remote workers utilize multi-factor authentication measures, and that their solutions are equipped with fully up-to-date security software. In order to connect back to your business’ network resource, they should also be leveraging virtual private networks to fully ensure your business’ data remains secure while in transit.

In many ways, a password management system would also be classified as a cybersecurity need - especially where remote workers (and thereby, remote access) are involved. 

#4: Time-Tracking Software

Finally, you need to make sure that your remote employees are spending their time effectively, as well as that you are properly reimbursing them for their time. There are many tools to help track how time is being spent while in the office, and these tools work equally as well for remote workers.

Whether you need to track how long a task took for billing and invoicing purposes, you’re trying to optimize your workflows, or you are simply ensuring that your team is being efficient and productive, understanding how time is spent during the workday is crucial. Implementing time-tracking software for remote workers can simplify payroll, allowing you to focus on other pressing business matters.

Coleman Technologies can help you out, by introducing the solutions that will make your remote working strategy far simpler. To learn more about what we can accomplish for you, reach out to us at (604) 513-9428.

0 Comments
Continue reading

Educate Your Staff to Avoid Phishing Attempts

What Is Phishing?
Phishing scams can be considered any digital attempt against your organization to extort credentials or other important information. The method doesn’t really matter, though it does change the way that phishing is identified. For example, more targeted attempts at specific individuals are called “spear phishing,” whereas impersonating a company’s CEO is considered “whaling.” Either way, the end result that the phishing attempt hopes for is that someone will fall for their tricks.

Vectors for Attack
The first thing to remember about phishing attempts is that they don’t happen exclusively through email. They can come in a variety of ways, including through social media applications, phone calls, and other outlets that you might not suspect without a little predisposition toward them. Here are some of the most common ways you might encounter a phishing attack:

  • Email messages, where senders spoof addresses and try to convince users that they are someone important to your organization.
  • Phone calls, where callers impersonate someone you know or someone of authority, like a government official or business leader.
  • Social media messaging is a more personal method of phishing in which identity thieves try to impersonate people you know in your personal life.

The Giveaways
A good rule to keep in mind is that phishing attacks tend to be rather suspicious in nature. For example, if someone who doesn’t normally send you messages suddenly reaches out, and it’s seemingly uncharacteristic of them, be a little suspicious--particularly if they are using language that seems unlikely. Here are some other tips to identify phishing attacks before they have enough of a chance to be dangerous:

  • Spelling and grammar errors: More often than not, spelling and grammar errors in phishing messages are quite commonplace, and they signify that something is not as it seems. If you see lots of these errors, you need to be very careful about navigating the messages.
  • Immense sense of urgency: If the message prompts you to take action immediately, either out of fear or because it tries to convince you it’s in your best interest, approach it with an extra side of caution. Phishing attempts try to get users to take action as soon as possible; this means that users aren’t thinking things through or discovering that the message isn’t legitimate.
  • Suspicious account activity: On social media, if you have a friend who you haven’t heard from in a very long time, chances are it’s not actually the friend reaching out to you if they need money or want you to click on a link. In cases like this, always use discretion.

To limit the damage done by phishing attempts, consider the following measures:

  • Implement a spam blocking solution. While it might not help with more specialized phishing attempts, it should limit the most generic ones.
  • Educate your employees--this point speaks for itself. If users know what to watch out for, they will be less likely to make mistakes that expose sensitive data.

Does your organization need a way to protect itself against phishing attacks? We can provide your business with the training required to best secure itself. To learn more, reach out to us at (604) 513-9428.

0 Comments
Continue reading

What Does Solid Cybersecurity Look Like?

 What You Need to Know About Cybersecurity

In order to completely understand cybersecurity, you first need to understand what it is, and what you need to protect. Your organization needs to have a cybersecurity structure that covers the following subjects:

  • Your Network - Network security strategies typically protect the network and infrastructure from intrusion-whether that be direct intrusion or via the dispersal of malware.  
  • Your Applications - Whether your applications are hosted in the cloud or in your own onsite servers, application security protects programs that have access to all your data.
  • Your Data - Data security strategies are created to add additional layers of protection to any data you can’t afford to have shared or stolen.
  • Your Disaster Recovery - Systems that are deliberately set up to protect your digital assets in case of a disaster need their own protection.
  • Policies - In order for you to properly protect your network and infrastructure from your staff, you need to have some very forthcoming policies set out so there are expectations attached to your cybersecurity initiatives.

Let’s take a look at the security makeup of a well-protected business:

The Perimeter

There are several layers to any effective cybersecurity strategy. The outermost layer of any major computing network is, by definition, the parameter (although security professionals today have more considerations to make than ever before). It is essentially the moat around the castle. It typically includes:

  • Outside firewalls
  • Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
  • Data loss prevention
  • Secure DMZs
  • Antivirus & Anti-malware

One qualification that should be explained is that many organizations look to cloud-hosted solutions to improve organizational collaborative capabilities, reduce capital costs, and to add useful and scalable computing resources, among other benefits. Some IT professionals have stopped using the moat and castle analogy since with cloud systems in tow, the actual perimeter of the network reaches inside the very place that perimeter security is securing against.

In cybersecurity circles, the dedicated secure perimeter strategy has been replaced by the “Zero Trust” strategy. This system is one where validation is paramount. This also makes it very resource intensive. If everyone is a possible threat - which they are - building near-impenetrable defense requires this type of diligence.

Network Security

This layer is what many businesses prioritize. Think of your network as a thoroughfare to all of your applications and data; and, while you still need to design and implement a strategy to protect those systems (more on that later), keeping your network free from obstructions and potential dangers is a must. An organization’s network security includes:

  • Access control
  • Message security
  • Wireless security
  • Remote access
  • Content filtering
  • IDS/IDP
  • Additional firewalls
  • Software patching
  • Data Backup

Network security is crucial for any business because once someone gets access to the network, unless applications, databases, and the like are individually protected, any infiltrator worth his/her salt will be able to corrupt and/or steal the information they are seeking to corrupt/steal from there. This is why it is important that every person in your organization is aware of, and in constant compliance of, static rules that govern your organization’s network security strategy.

Sure, most of the heavy lifting is going to be done by your IT technicians, whether they are employees of your organization or outsourced experts. Putting in place the strategies and products necessary to keep the network safe from the outside, and providing the staff training that’s needed to keep it secure from the inside, are both critical parts of a business’ network security strategy.

Furthermore, in order to really secure your network from harm, you, without question, need to back up your data. Ensuring that you have a workable copy of your business’ day-to-day data is essential for it to stave of ruin in the case it is inundated with a disaster: malware attack or otherwise.

End Points

To the average employee, endpoint security is simply just a part of network security, but for the conscientious organization, ensuring there is endpoint security in place to protect any device that is remotely connected to the business’ network. These include IoT devices, smartphones, and other network attached devices that infiltrators could use to gain access to the computing network. Some of the technology used to protect endpoints include:

  • Antivirus & Anti-malware
  • Encryption
  • Access control
  • Device Firewall
  • Virtual Private Networks
  • Password managers
  • Endpoint detection and response (EDR)
  • IDS/IPS

Since a lot of organizations subscribe to a Bring Your Own Device (BYOD) strategy, there are often a lot of devices that have to be protected so that the network can be. Today, larger enterprises are routinely attempting to circumvent any attempts at infiltration, but smaller organizations typically use strategies like two-factor authentication to ensure that the people--and devices--that can access network-attached data are safe for employees to access that data on.

Applications

Application security, again, is often seen as an element of network security, but ensuring that all the software that you utilize is properly updated and has had any potential vulnerabilities patched is an important part of securing your applications. The most pronounced strategy used to secure software is patch management, which, like its name suggests, is the act of patching potential vulnerabilities as to not leave holes in your network.

Data

Finally, we get to data. Securing data is often the least priority since most of the other security protocols put in place are put there to do exactly that...protect data. If an organization thinks it needs additional security on its data, however, there are some options that can help keep specific data secure. These include

  • Identity & Access Management (IAM)
  • Drive encryption
  • Data classification

Since every piece of security that you deploy is put in place to protect your organization’s data from theft or compromise, there is a whole other side to data security: education. In order to ensure that your employees don’t put your organization’s cybersecurity efforts at risk, you need to be able to properly train your staff on the best practices of individual data security, and how to approach the outside threats they very well might encounter. Knowledge of how to handle phishing emails and messages, social engineering, and other nefarious practices will always be a benefit to the organization, so prioritizing employee engagement in mitigating threats is essential to any business cyber security strategy.

How does your organization stack up? Do you prioritize cyber security training? Do you secure every layer of your business’ IT infrastructure? If there is any doubt, call the IT experts at Coleman Technologies to talk about how you can better protect your business from data loss, theft, and malware attacks. To learn more call us today at (604) 513-9428.

0 Comments
Continue reading

Top Cybersecurity Threats Right Now

Shadow IT
In a lot of ways, productivity is a lot like the thing it produces, money. People will do anything to get more of it. Businesses, have a plan; and, while they also want to maximize productivity and money, they typically don’t put their whole enterprise in jeopardy to get a little bit more of it. Shadow IT is the process in which an employee will download and use a piece of software that hasn’t been tested or passed by a company’s IT administrator to try and get a little more done.

Often times, the employee is just showing initiative, with no real knowledge that by downloading and utilizing a certain off-brand software that they have just put their whole business in danger. This wouldn’t be such a major deal if it was an isolated incident, but studies show that nearly 80 percent of all employees admit to utilizing software that wasn’t selected, tested, and released for use by their IT administrator. These apps may have vulnerabilities that would-be infiltrators can take advantage of. That is why it is important to utilize the software that has been vetted by the company, even if that means losing out on a bit of productivity.

Cryptojacking
There are well over 1,500 different cryptocurrencies, and in 2018 crytojacking, the strategy of using malware to use a target computer’s resources to mine for cryptocurrency was a major problem for businesses. Since this is a computationally complex task, it significantly reduces the computer’s effectiveness and longevity. As a result, cryptojacking has become en vogue for hackers and others looking to mine cryptocurrency without the investment necessary to do it.

Most studies show that the effect of cryptojacking could get way worse in 2019 since the value of cryptocurrency has fallen significantly over the past year. This means more machines mining for crypto are necessary, and thus more attacks. Users are just learning how these attacks are carried out and how to protect their business against them.

Ransomware
While there was a reported reduction in the number of ransomware cases in 2018, it still remains a major concern for any business looking to build a comprehensive network security strategy. Ransomware, of course, is a strain of malware that encrypts parts of or entire computing systems and then demands payment in cryptocurrency in a set amount of time for safe return of the files/access.

Hackers using ransomware have taken to targeting healthcare organizations’ networks for the breadth of the sensitive data they hold on them. They’ve also began to target operational technology systems, since, as with healthcare, costs of restoration of these systems (rather than payment) are prohibitive. This produces a little more urgency to get the problem resolved.

Unsecured Internet of Things
The Internet of Things keeps expanding, but so does the security threats to networks as a result of security-light devices. With more and more devices presenting security problems for businesses and individuals alike, it becomes important to ascertain exactly what devices are present on your network at any given time. Remember, even if a security-less IoT device is connected to a network-attached smartphone, it still offers up a major vulnerability.

While this is a major threat, there has been a push to improve the security of IoT devices as of late. With more security-minded companies developing useful smart products, these concerns will begin to take a back seat. But until that shift has been well documented, you’ll want to be diligent in the manner in which you utilize IoT devices.

Phishing
No business goes very long without getting some type of phishing email. In fact, it is estimated that 156 million phishing emails are sent every day, making it the most used practice by hackers everywhere. The way it works is that since most accounts are secure enough not to be guessed outright, hackers search for ways for people to help them gain access to the accounts they want to get in to. Nearly every successful cyber attack begins with a successful phishing scheme.

A specific example called business email compromise (BEC) which targets specific members of an organization is responsible for over $12 billion in losses across the globe. Once thought to be an email scam that could be mitigated with strong spam filters, today’s phishing scam is taking on a new shape by utilizing text messaging, instant messaging, phone calls, and even the seemingly-benign social media quiz to gain access to business networks.

2019 is lining up to be another stellar year for business technology, and as more tech is used, more threats come with them. If you would like any more information about how to prioritize network security, give our IT experts a call at (604) 513-9428 today.

0 Comments
Continue reading

Cybersecurity In 2018, What You Need to Know

The Internet of Things Shapes Security Policies
Connected devices are now commonplace in both the personal lives of users and offices all over the world. The Internet of Things typically consists of devices that can connect to the Internet, but aren’t traditionally connected devices, like home appliances and other objects. To protect themselves from the security issues related to these devices, businesses have implemented solutions and tried to control devices brought to the office by their employees. Basically, you need to determine if the measures you are taking are adequate to ensure IoT devices aren’t going to become a problem for your organization. If you take action now, you decrease the risk of these devices compromising your security.

Ransomware Decreases in Usage, But It’s Still Dangerous
As of last December, Malwarebytes indicates that the rate of direct ransomware infection has dropped to about 10%. This is a major change compared to the ransomware spike that occurred in 2017. Of course, it’s still important to ensure that you are protecting yourself from this dangerous malware, as well as have plans in place to recover from an encounter with ransomware.

Cryptomining is More Popular than Ever
One big development in 2018 is an increase in cryptomining threats that can install themselves on devices and covertly mine Bitcoin without the user’s knowledge. These kinds of threats can have side-effects on your computers that can slow down the device or create more work for the device than usual. You definitely don’t want cryptomining software on your device, so be sure to protect it from these threats as well with a comprehensive security solution and active resource monitoring.

Proactive Security is Still the Best Option
Thankfully, more organizations are seeing the benefit of actively preventing security threats from becoming an issue by implementing proactive solutions on their infrastructure. This includes patching vulnerabilities and updating software as soon as new fixes are issued, as well as seeking out threats on a regular basis to eliminate anything that has potentially installed on their devices. This basically takes a reactive approach that some businesses still rely on--resolving issues as they pop up rather than preventing them entirely--and converts it to a proactive stance.

IDG has released a new survey that reveals the security priorities of many businesses. These respondents found that the following aspects of network security were priorities:

  • 74%: Best practices
  • 69%: Compliance mandates
  • 36%: Responding to a security incident that occurred in their own organization
  • 33%: Mandates from the board of directors
  • 29%: Responding to a security incident that occurred in another organization

Cybersecurity is more important than ever before, so how is your organization working to keep itself safe? Coleman Technologies can help. To learn more, reach out to us at (604) 513-9428.

0 Comments
Continue reading

About Coleman Technologies

Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

If you feel like you have too many browser tabs open at any given time, then you'll be happy to know that you can sometimes save certain browser tabs as a standalone application on your device. This will give them their own icon and make accessing th...

Contact Us

20178 96 Avenue, C400
Langley, British Columbia V1M 0B2

Mon to Fri 9:00am to 6:00pm

support@coleman.biz

(604) 513-9428

Coleman Technologies Inc Proud Member of

Image
Image
Image