Coleman Technologies Blog

What Is Phishing?
Phishing scams can be considered any digital attempt against your organization to extort credentials or other important information. The method doesn’t really matter, though it does change the way that phishing is identified. For example, more targeted attempts at specific individuals are called “spear phishing,” whereas impersonating a company’s CEO is considered “whaling.” Either way, the end result that the phishing attempt hopes for is that someone will fall for their tricks.

Vectors for Attack
The first thing to remember about phishing attempts is that they don’t happen exclusively through email. They can come in a variety of ways, including through social media applications, phone calls, and other outlets that you might not suspect without a little predisposition toward them. Here are some of the most common ways you might encounter a phishing attack:

• Email messages, where senders spoof addresses and try to convince users that they are someone important to your organization.
• Phone calls, where callers impersonate someone you know or someone of authority, like a government official or business leader.
• Social media messaging is a more personal method of phishing in which identity thieves try to impersonate people you know in your personal life.

The Giveaways
A good rule to keep in mind is that phishing attacks tend to be rather suspicious in nature. For example, if someone who doesn’t normally send you messages suddenly reaches out, and it’s seemingly uncharacteristic of them, be a little suspicious--particularly if they are using language that seems unlikely. Here are some other tips to identify phishing attacks before they have enough of a chance to be dangerous:

• Spelling and grammar errors: More often than not, spelling and grammar errors in phishing messages are quite commonplace, and they signify that something is not as it seems. If you see lots of these errors, you need to be very careful about navigating the messages.
• Immense sense of urgency: If the message prompts you to take action immediately, either out of fear or because it tries to convince you it’s in your best interest, approach it with an extra side of caution. Phishing attempts try to get users to take action as soon as possible; this means that users aren’t thinking things through or discovering that the message isn’t legitimate.
• Suspicious account activity: On social media, if you have a friend who you haven’t heard from in a very long time, chances are it’s not actually the friend reaching out to you if they need money or want you to click on a link. In cases like this, always use discretion.

To limit the damage done by phishing attempts, consider the following measures:

• Implement a spam blocking solution. While it might not help with more specialized phishing attempts, it should limit the most generic ones.
• Educate your employees--this point speaks for itself. If users know what to watch out for, they will be less likely to make mistakes that expose sensitive data.

Does your organization need a way to protect itself against phishing attacks? We can provide your business with the training required to best secure itself. To learn more, reach out to us at (604) 513-9428.

What’s At Stake?
Imagine a scenario where your business has allowed an external entity entry to your network. What kind of sensitive documents are found on it? Think about all your trade secrets being stolen and sold somewhere on the black market, and that’s not even considering the repercussions of any personally identifiable information being stolen. And when your business has a reputation of network security being poor, you might start having trouble finding people who are willing to work with you. Plus, the fines associated with security breaches could be enough to force your business to file for bankruptcy.

Security Solutions for Business
Generally speaking, the most common security measures you will see for small businesses are enterprise-level solutions that are accessible, yet powerful at the same time. Among these are Unified Threat Management, Virtual Private Networks, and Mobile Device Management. All of these services provide some level of security for businesses that need it, but in different parts of operations. They are all equally important, though, and you should consider each of them to optimize network security.

• Unified Threat Management: A UTM solution combines four enterprise-level solutions into one tool, providing a plethora of protection from online threats. A UTM includes a firewall, antivirus program, spam blocking system, and content filtering solution, all to minimize the chance of threats infiltrating your network and eliminate the ones that do.
• Virtual Private Networks: VPNs are critical to keeping your data secure while accessing it outside the protection of your network. VPNs offer encrypted access to data found on your network, eliminating the possibility of onlookers stealing data while it’s in transit.
• Mobile Device Management: With so many mobile devices in the workplace, it’s no surprise that users are taking data with them while out of the office. Without proper measures in place, data could be put at risk. Mobile device management allows your organization to control consenting devices through the use of whitelisting and blacklisting applications, remote wiping, and user access control. This creates a safety net that your business can fall back on if a device is ever lost or stolen.

Implementing the right security measures can be challenging, to say the least. Coleman Technologies can help your business implement useful new additions to your security infrastructure. To learn more, reach out to us at (604) 513-9428.

 What You Need to Know About Cybersecurity

In order to completely understand cybersecurity, you first need to understand what it is, and what you need to protect. Your organization needs to have a cybersecurity structure that covers the following subjects:

• Your Network - Network security strategies typically protect the network and infrastructure from intrusion-whether that be direct intrusion or via the dispersal of malware.  
• Your Applications - Whether your applications are hosted in the cloud or in your own onsite servers, application security protects programs that have access to all your data.
• Your Data - Data security strategies are created to add additional layers of protection to any data you can’t afford to have shared or stolen.
• Your Disaster Recovery - Systems that are deliberately set up to protect your digital assets in case of a disaster need their own protection.
• Policies - In order for you to properly protect your network and infrastructure from your staff, you need to have some very forthcoming policies set out so there are expectations attached to your cybersecurity initiatives.

Let’s take a look at the security makeup of a well-protected business:

The Perimeter

There are several layers to any effective cybersecurity strategy. The outermost layer of any major computing network is, by definition, the parameter (although security professionals today have more considerations to make than ever before). It is essentially the moat around the castle. It typically includes:

• Outside firewalls
• Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
• Data loss prevention
• Secure DMZs
• Antivirus & Anti-malware

One qualification that should be explained is that many organizations look to cloud-hosted solutions to improve organizational collaborative capabilities, reduce capital costs, and to add useful and scalable computing resources, among other benefits. Some IT professionals have stopped using the moat and castle analogy since with cloud systems in tow, the actual perimeter of the network reaches inside the very place that perimeter security is securing against.

In cybersecurity circles, the dedicated secure perimeter strategy has been replaced by the “Zero Trust” strategy. This system is one where validation is paramount. This also makes it very resource intensive. If everyone is a possible threat - which they are - building near-impenetrable defense requires this type of diligence.

Network Security

This layer is what many businesses prioritize. Think of your network as a thoroughfare to all of your applications and data; and, while you still need to design and implement a strategy to protect those systems (more on that later), keeping your network free from obstructions and potential dangers is a must. An organization’s network security includes:

• Access control
• Message security
• Wireless security
• Remote access
• Content filtering
• IDS/IDP
• Additional firewalls
• Software patching
• Data Backup

Network security is crucial for any business because once someone gets access to the network, unless applications, databases, and the like are individually protected, any infiltrator worth his/her salt will be able to corrupt and/or steal the information they are seeking to corrupt/steal from there. This is why it is important that every person in your organization is aware of, and in constant compliance of, static rules that govern your organization’s network security strategy.

Sure, most of the heavy lifting is going to be done by your IT technicians, whether they are employees of your organization or outsourced experts. Putting in place the strategies and products necessary to keep the network safe from the outside, and providing the staff training that’s needed to keep it secure from the inside, are both critical parts of a business’ network security strategy.

Furthermore, in order to really secure your network from harm, you, without question, need to back up your data. Ensuring that you have a workable copy of your business’ day-to-day data is essential for it to stave of ruin in the case it is inundated with a disaster: malware attack or otherwise.

End Points

To the average employee, endpoint security is simply just a part of network security, but for the conscientious organization, ensuring there is endpoint security in place to protect any device that is remotely connected to the business’ network. These include IoT devices, smartphones, and other network attached devices that infiltrators could use to gain access to the computing network. Some of the technology used to protect endpoints include:

• Antivirus & Anti-malware
• Encryption
• Access control
• Device Firewall
• Virtual Private Networks
• Password managers
• Endpoint detection and response (EDR)
• IDS/IPS

Since a lot of organizations subscribe to a Bring Your Own Device (BYOD) strategy, there are often a lot of devices that have to be protected so that the network can be. Today, larger enterprises are routinely attempting to circumvent any attempts at infiltration, but smaller organizations typically use strategies like two-factor authentication to ensure that the people--and devices--that can access network-attached data are safe for employees to access that data on.

Applications

Application security, again, is often seen as an element of network security, but ensuring that all the software that you utilize is properly updated and has had any potential vulnerabilities patched is an important part of securing your applications. The most pronounced strategy used to secure software is patch management, which, like its name suggests, is the act of patching potential vulnerabilities as to not leave holes in your network.

Data

Finally, we get to data. Securing data is often the least priority since most of the other security protocols put in place are put there to do exactly that...protect data. If an organization thinks it needs additional security on its data, however, there are some options that can help keep specific data secure. These include

• Identity & Access Management (IAM)
• Drive encryption
• Data classification

Since every piece of security that you deploy is put in place to protect your organization’s data from theft or compromise, there is a whole other side to data security: education. In order to ensure that your employees don’t put your organization’s cybersecurity efforts at risk, you need to be able to properly train your staff on the best practices of individual data security, and how to approach the outside threats they very well might encounter. Knowledge of how to handle phishing emails and messages, social engineering, and other nefarious practices will always be a benefit to the organization, so prioritizing employee engagement in mitigating threats is essential to any business cyber security strategy.

How does your organization stack up? Do you prioritize cyber security training? Do you secure every layer of your business’ IT infrastructure? If there is any doubt, call the IT experts at Coleman Technologies to talk about how you can better protect your business from data loss, theft, and malware attacks. To learn more call us today at (604) 513-9428.

With the shift in the manner in which humans interact with machines - and increased number of available machines, it is important to look at how these devices could have an effect on your data security. Today, we look at a few security issues that have popped up with the IoT and how responsible IT administrators can help their organizations ward off these negative situations.

The Things
The things you find in your workplace are honestly not that different than the things you will find in your home, your gym, or any other place you come into contact with smart equipment. There are the ones that the business utilizes, and the ones brought there by their employees. Wearables, like smartwatches, if directly attached to a network, can bring in nefarious code, but for the most part, these devices come with integrated security software (through their OS), and are less of a threat than devices that are left unprotected by their developer support.

The problem businesses have is that it’s against a consumer’s nature to disregard the cool, new devices because they may present a problem for them down the road. So now there are literally billions of smart devices connected to the Internet each day that don’t get any attention. This is largely because the idea of the “smart” life, the one where people are clamoring to be the first in their neighborhood to be using these smart technologies, simply hasn’t materialized, leaving support for older products at a minimum or non-existent. Turns out a small business doesn’t have the available capital to invest in replacing all their technology with smarter technology. So companies (and consumers) are doing it piecemeal. If IoT devices are to become the standard, manufacturers are going to have to find a way to provide IoT devices affordably. There is little doubt that a world where typical products are connected, monitored, and managed is still an inevitability, but that reality hasn’t developed as fast as some people projected.

IoT Uses for Business
The modern business typically tries to use innovative new tools in the most effective manner possible. The Internet of Things, however, may seem like one of those concepts that weren’t built for business use, as the tools that get the most press are smart appliances and energy-saving technology like smart thermostats and smart lights. This couldn’t be further from the truth. In fact, industry experts surmise that nearly 70 percent of all IoT implementations through 2020 will happen in a business setting.

So, what are some of these smart tools that an SMB should consider deploying?

1. Real-Time Data Management - By attaching all of your resources to a network, administrators are able to track every part of your business, whether that be expenses, workflow, hardware, etc.
2. Streamline Supply Chain - For the growing manufacturer, the IoT can become a complete game-changer. By having an IoT system capable of integrating with the complete production, distribution, and procurement processes, it can be free from human error, making business run much more efficiently. This is made possible through the use of data loggers, barcode readers and RFID tags.
3. Remote Worker Management - The IoT is helping connect systems that aren’t typically connected. As a result, the feasibility of having a staff of remote workers has never been more realistic. Companies will be able to reduce turnover, reduce costs, and get higher degrees of productivity out of their resources with the use of IoT-based integrations.
4. Workplace Management - For those businesses that are forced to (or who choose to) employ onsite workers, the IoT can be a major time and money saver. By deploying smart locks, smart thermostats, smart lighting, etc., you can save money and have complete control over how your workplace is setup and managed.
5. Time Management - You know those smart speakers everyone is getting as gifts? They can do a lot. In fact, they can do as much or more that a human assistant. Voice assistants like Alexa, Google Assistant, and Cortana (to name a few) will become important components of the modern workplace over the next few years; and, can function as a central hub of other IoT devices that you use for your business.

IoT and Data Security/Privacy
For the small or medium-sized business, the IoT is all about data; and, the questions that are presented when capturing it. Why, if it’s making things easier, is there this underlying fear about IoT? Whose data is it exactly? What data is helpful/hurtful to your organization?

To answer this, we have to know what exactly an IoT device is.

An Internet of Things device is any device that has integrated network functionality. That’s it. There doesn’t have to be much function to it, and as you’ll learn soon, security isn’t necessarily a priority either. Knowing that, you have to know that when each of these devices is accessed by people, it creates a veritable treasure trove of data. So, in order to properly use IoT devices for your business, you have to do two things:

1. Ensure data goes where it needs to go so it is protected or destroyed.
2. Secure the devices against threats.

That’s it. If you want to protect your network from the threats surrounding IoT devices, you’ll have to understand both the security of your network from the outside, and the integrated security of any device you allow to access your network.

The Threats
There are several threats the IoT can present, but two of them are extreme. The first one is the propensity for these devices to not be secure. Since new smart things are made every day, some of the older smart things will need to be upgraded to stay secure. The problem with this is that many devices don’t have strong support, and don’t necessarily even get updates. This can put your network in a very precarious position. When deciding which IoT devices to allow on your business’ network, you have to know that it comes with the security required.

The other threat is that, today, with so many devices providing access to a person’s sensitive information, lines are beginning to blur a bit as to what is good to use and what is too personal. For example, an employee wears a fitness band and connects it to your business’ network. Of course, all the data from that device is fully able to be captured, but should it be? The job of the IT administrator gets more difficult when they have to decide what data has to stay anonymous and what data is fair to use. This is why many cloud-based IoT platforms will present IT administrators with the ability to encrypt certain types of information. Since not all platforms do this, it is on the shoulders of the IT administrator to make sure they understand that (along with the security of the business’ network) users’ privacy needs to be made a priority.

As the IoT continues its immense growth, people will be utilizing it to improve their lives and their businesses. There is a lot that is misunderstood about the Internet of Things, and a lot that even experts don’t know yet. With its emergence, however, it will likely transform the way small and medium-sized businesses look at their data. For more information about the Internet of Things, visit our blog today.

To get the most out of A.I., we first need to understand why A.I. seems to be the likely answer to a lot of troubles surrounding network security.

What Makes A.I. So Helpful?
Automated systems might be able to help organizations protect a network to a certain degree, but there are a lot of reasons to be cautiously optimistic about their inclusion in modern network security. Considering the lack of technology education in today’s business environment, it can be difficult to acquire the skills needed to protect against high-level threats and implement necessary security solutions. This doesn’t change the fact that security is more important than ever before, though, as more devices are being introduced to networks every day. The more devices, the more likely threats are to surface, and the more difficult it is to protect networks. A.I., backed by algorithms to detect threats, has the potential to improve network security, as well as make the jobs of internal IT departments much easier.

Of course, there are several reasons why A.I. for network security isn’t the best solution. Here are a few of them.

Considering How Threats Are Detected by Artificial Intelligence
How does A.I. detect threats? Even if machine learning gives these solutions the ability to learn over time, it has to start somewhere. A.I. initially identifies threats based on algorithms assigned to them. According to the MIT Technology Review, A.I. is essentially “trained” to detect threats based on tags assigned to specific data sets. The unfortunate side-effect of this is that the programs can essentially be reverse-engineered by hackers if they get ahold of them, effectively giving malware developers the ability to create threats that aren’t identifiable by the majority of automated systems.

Overreliance on a Single Method
With only one way to detect threats, A.I. is quite vulnerable to being exploited, as hackers can simply turn that into their own advantage. This is why it’s so important to have multiple algorithms to detect threats, as only one isn’t going to be enough to keep all threats out of your network. Consider this hypothetical scenario: your office hires a single security guard that keeps watch over the front door of your building. There are no other guards on-site to protect the building, and you don’t have security cameras. While nobody is getting in the front door, what about the other entry points? It’s a simple fact that one algorithm is easily exploitable and far from an ideal security situation.

Coleman Technologies can help your business determine the best security solutions on the market, and they can be combined with our expertise and active monitoring to ensure data security from a variety of threats. To learn more, reach out to us at (604) 513-9428.