Coleman Technologies Blog

 What You Need to Know About Cybersecurity

In order to completely understand cybersecurity, you first need to understand what it is, and what you need to protect. Your organization needs to have a cybersecurity structure that covers the following subjects:

• Your Network - Network security strategies typically protect the network and infrastructure from intrusion-whether that be direct intrusion or via the dispersal of malware.  
• Your Applications - Whether your applications are hosted in the cloud or in your own onsite servers, application security protects programs that have access to all your data.
• Your Data - Data security strategies are created to add additional layers of protection to any data you can’t afford to have shared or stolen.
• Your Disaster Recovery - Systems that are deliberately set up to protect your digital assets in case of a disaster need their own protection.
• Policies - In order for you to properly protect your network and infrastructure from your staff, you need to have some very forthcoming policies set out so there are expectations attached to your cybersecurity initiatives.

Let’s take a look at the security makeup of a well-protected business:

The Perimeter

There are several layers to any effective cybersecurity strategy. The outermost layer of any major computing network is, by definition, the parameter (although security professionals today have more considerations to make than ever before). It is essentially the moat around the castle. It typically includes:

• Outside firewalls
• Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
• Data loss prevention
• Secure DMZs
• Antivirus & Anti-malware

One qualification that should be explained is that many organizations look to cloud-hosted solutions to improve organizational collaborative capabilities, reduce capital costs, and to add useful and scalable computing resources, among other benefits. Some IT professionals have stopped using the moat and castle analogy since with cloud systems in tow, the actual perimeter of the network reaches inside the very place that perimeter security is securing against.

In cybersecurity circles, the dedicated secure perimeter strategy has been replaced by the “Zero Trust” strategy. This system is one where validation is paramount. This also makes it very resource intensive. If everyone is a possible threat - which they are - building near-impenetrable defense requires this type of diligence.

Network Security

This layer is what many businesses prioritize. Think of your network as a thoroughfare to all of your applications and data; and, while you still need to design and implement a strategy to protect those systems (more on that later), keeping your network free from obstructions and potential dangers is a must. An organization’s network security includes:

• Access control
• Message security
• Wireless security
• Remote access
• Content filtering
• IDS/IDP
• Additional firewalls
• Software patching
• Data Backup

Network security is crucial for any business because once someone gets access to the network, unless applications, databases, and the like are individually protected, any infiltrator worth his/her salt will be able to corrupt and/or steal the information they are seeking to corrupt/steal from there. This is why it is important that every person in your organization is aware of, and in constant compliance of, static rules that govern your organization’s network security strategy.

Sure, most of the heavy lifting is going to be done by your IT technicians, whether they are employees of your organization or outsourced experts. Putting in place the strategies and products necessary to keep the network safe from the outside, and providing the staff training that’s needed to keep it secure from the inside, are both critical parts of a business’ network security strategy.

Furthermore, in order to really secure your network from harm, you, without question, need to back up your data. Ensuring that you have a workable copy of your business’ day-to-day data is essential for it to stave of ruin in the case it is inundated with a disaster: malware attack or otherwise.

End Points

To the average employee, endpoint security is simply just a part of network security, but for the conscientious organization, ensuring there is endpoint security in place to protect any device that is remotely connected to the business’ network. These include IoT devices, smartphones, and other network attached devices that infiltrators could use to gain access to the computing network. Some of the technology used to protect endpoints include:

• Antivirus & Anti-malware
• Encryption
• Access control
• Device Firewall
• Virtual Private Networks
• Password managers
• Endpoint detection and response (EDR)
• IDS/IPS

Since a lot of organizations subscribe to a Bring Your Own Device (BYOD) strategy, there are often a lot of devices that have to be protected so that the network can be. Today, larger enterprises are routinely attempting to circumvent any attempts at infiltration, but smaller organizations typically use strategies like two-factor authentication to ensure that the people--and devices--that can access network-attached data are safe for employees to access that data on.

Applications

Application security, again, is often seen as an element of network security, but ensuring that all the software that you utilize is properly updated and has had any potential vulnerabilities patched is an important part of securing your applications. The most pronounced strategy used to secure software is patch management, which, like its name suggests, is the act of patching potential vulnerabilities as to not leave holes in your network.

Data

Finally, we get to data. Securing data is often the least priority since most of the other security protocols put in place are put there to do exactly that...protect data. If an organization thinks it needs additional security on its data, however, there are some options that can help keep specific data secure. These include

• Identity & Access Management (IAM)
• Drive encryption
• Data classification

Since every piece of security that you deploy is put in place to protect your organization’s data from theft or compromise, there is a whole other side to data security: education. In order to ensure that your employees don’t put your organization’s cybersecurity efforts at risk, you need to be able to properly train your staff on the best practices of individual data security, and how to approach the outside threats they very well might encounter. Knowledge of how to handle phishing emails and messages, social engineering, and other nefarious practices will always be a benefit to the organization, so prioritizing employee engagement in mitigating threats is essential to any business cyber security strategy.

How does your organization stack up? Do you prioritize cyber security training? Do you secure every layer of your business’ IT infrastructure? If there is any doubt, call the IT experts at Coleman Technologies to talk about how you can better protect your business from data loss, theft, and malware attacks. To learn more call us today at (604) 513-9428.

With the shift in the manner in which humans interact with machines - and increased number of available machines, it is important to look at how these devices could have an effect on your data security. Today, we look at a few security issues that have popped up with the IoT and how responsible IT administrators can help their organizations ward off these negative situations.

The Things
The things you find in your workplace are honestly not that different than the things you will find in your home, your gym, or any other place you come into contact with smart equipment. There are the ones that the business utilizes, and the ones brought there by their employees. Wearables, like smartwatches, if directly attached to a network, can bring in nefarious code, but for the most part, these devices come with integrated security software (through their OS), and are less of a threat than devices that are left unprotected by their developer support.

The problem businesses have is that it’s against a consumer’s nature to disregard the cool, new devices because they may present a problem for them down the road. So now there are literally billions of smart devices connected to the Internet each day that don’t get any attention. This is largely because the idea of the “smart” life, the one where people are clamoring to be the first in their neighborhood to be using these smart technologies, simply hasn’t materialized, leaving support for older products at a minimum or non-existent. Turns out a small business doesn’t have the available capital to invest in replacing all their technology with smarter technology. So companies (and consumers) are doing it piecemeal. If IoT devices are to become the standard, manufacturers are going to have to find a way to provide IoT devices affordably. There is little doubt that a world where typical products are connected, monitored, and managed is still an inevitability, but that reality hasn’t developed as fast as some people projected.

IoT Uses for Business
The modern business typically tries to use innovative new tools in the most effective manner possible. The Internet of Things, however, may seem like one of those concepts that weren’t built for business use, as the tools that get the most press are smart appliances and energy-saving technology like smart thermostats and smart lights. This couldn’t be further from the truth. In fact, industry experts surmise that nearly 70 percent of all IoT implementations through 2020 will happen in a business setting.

So, what are some of these smart tools that an SMB should consider deploying?

1. Real-Time Data Management - By attaching all of your resources to a network, administrators are able to track every part of your business, whether that be expenses, workflow, hardware, etc.
2. Streamline Supply Chain - For the growing manufacturer, the IoT can become a complete game-changer. By having an IoT system capable of integrating with the complete production, distribution, and procurement processes, it can be free from human error, making business run much more efficiently. This is made possible through the use of data loggers, barcode readers and RFID tags.
3. Remote Worker Management - The IoT is helping connect systems that aren’t typically connected. As a result, the feasibility of having a staff of remote workers has never been more realistic. Companies will be able to reduce turnover, reduce costs, and get higher degrees of productivity out of their resources with the use of IoT-based integrations.
4. Workplace Management - For those businesses that are forced to (or who choose to) employ onsite workers, the IoT can be a major time and money saver. By deploying smart locks, smart thermostats, smart lighting, etc., you can save money and have complete control over how your workplace is setup and managed.
5. Time Management - You know those smart speakers everyone is getting as gifts? They can do a lot. In fact, they can do as much or more that a human assistant. Voice assistants like Alexa, Google Assistant, and Cortana (to name a few) will become important components of the modern workplace over the next few years; and, can function as a central hub of other IoT devices that you use for your business.

IoT and Data Security/Privacy
For the small or medium-sized business, the IoT is all about data; and, the questions that are presented when capturing it. Why, if it’s making things easier, is there this underlying fear about IoT? Whose data is it exactly? What data is helpful/hurtful to your organization?

To answer this, we have to know what exactly an IoT device is.

An Internet of Things device is any device that has integrated network functionality. That’s it. There doesn’t have to be much function to it, and as you’ll learn soon, security isn’t necessarily a priority either. Knowing that, you have to know that when each of these devices is accessed by people, it creates a veritable treasure trove of data. So, in order to properly use IoT devices for your business, you have to do two things:

1. Ensure data goes where it needs to go so it is protected or destroyed.
2. Secure the devices against threats.

That’s it. If you want to protect your network from the threats surrounding IoT devices, you’ll have to understand both the security of your network from the outside, and the integrated security of any device you allow to access your network.

The Threats
There are several threats the IoT can present, but two of them are extreme. The first one is the propensity for these devices to not be secure. Since new smart things are made every day, some of the older smart things will need to be upgraded to stay secure. The problem with this is that many devices don’t have strong support, and don’t necessarily even get updates. This can put your network in a very precarious position. When deciding which IoT devices to allow on your business’ network, you have to know that it comes with the security required.

The other threat is that, today, with so many devices providing access to a person’s sensitive information, lines are beginning to blur a bit as to what is good to use and what is too personal. For example, an employee wears a fitness band and connects it to your business’ network. Of course, all the data from that device is fully able to be captured, but should it be? The job of the IT administrator gets more difficult when they have to decide what data has to stay anonymous and what data is fair to use. This is why many cloud-based IoT platforms will present IT administrators with the ability to encrypt certain types of information. Since not all platforms do this, it is on the shoulders of the IT administrator to make sure they understand that (along with the security of the business’ network) users’ privacy needs to be made a priority.

As the IoT continues its immense growth, people will be utilizing it to improve their lives and their businesses. There is a lot that is misunderstood about the Internet of Things, and a lot that even experts don’t know yet. With its emergence, however, it will likely transform the way small and medium-sized businesses look at their data. For more information about the Internet of Things, visit our blog today.

To get the most out of A.I., we first need to understand why A.I. seems to be the likely answer to a lot of troubles surrounding network security.

What Makes A.I. So Helpful?
Automated systems might be able to help organizations protect a network to a certain degree, but there are a lot of reasons to be cautiously optimistic about their inclusion in modern network security. Considering the lack of technology education in today’s business environment, it can be difficult to acquire the skills needed to protect against high-level threats and implement necessary security solutions. This doesn’t change the fact that security is more important than ever before, though, as more devices are being introduced to networks every day. The more devices, the more likely threats are to surface, and the more difficult it is to protect networks. A.I., backed by algorithms to detect threats, has the potential to improve network security, as well as make the jobs of internal IT departments much easier.

Of course, there are several reasons why A.I. for network security isn’t the best solution. Here are a few of them.

Considering How Threats Are Detected by Artificial Intelligence
How does A.I. detect threats? Even if machine learning gives these solutions the ability to learn over time, it has to start somewhere. A.I. initially identifies threats based on algorithms assigned to them. According to the MIT Technology Review, A.I. is essentially “trained” to detect threats based on tags assigned to specific data sets. The unfortunate side-effect of this is that the programs can essentially be reverse-engineered by hackers if they get ahold of them, effectively giving malware developers the ability to create threats that aren’t identifiable by the majority of automated systems.

Overreliance on a Single Method
With only one way to detect threats, A.I. is quite vulnerable to being exploited, as hackers can simply turn that into their own advantage. This is why it’s so important to have multiple algorithms to detect threats, as only one isn’t going to be enough to keep all threats out of your network. Consider this hypothetical scenario: your office hires a single security guard that keeps watch over the front door of your building. There are no other guards on-site to protect the building, and you don’t have security cameras. While nobody is getting in the front door, what about the other entry points? It’s a simple fact that one algorithm is easily exploitable and far from an ideal security situation.

Coleman Technologies can help your business determine the best security solutions on the market, and they can be combined with our expertise and active monitoring to ensure data security from a variety of threats. To learn more, reach out to us at (604) 513-9428.

When your employees are engaged, they are more likely to invest in the future of your company, as well as their own future within your company. Research doesn’t see this situation as likely as you might think, though. The numbers from a 2015 poll from Gallup place the number of engaged employees at about 30%, while 50% claim they aren’t engaged with their work, and an additional 20% claim that they are actively disengaged by their workplace. So… where does your business fall?

There are several ways to improve employee engagement, but we’ll focus on just three of them: digital signage, Bring Your Own Device (BYOD), and cloud-based communication solutions.

Digital Signage
Some offices have monitors placed around the office that give statistics, reminders, and directions to those wandering around the office. These monitors can be used to give workers an idea of how they are doing, as well as display important information that they all might need to do in order to get their jobs done in a more efficient manner. Examples include deadlines, key performance indicators, and who has closed the most deals (or another important factor for your business) to spur on a little friendly competition. You can even use it to offer incentives to employees who perform above and beyond.

Bring Your Own Device
Some employees would rather work using their own devices rather than the ones you provide them with. This is because they are more familiar with their own devices than the ones your business gives them to get their work done. Maybe their own devices are simply better than the ones provided, too. Either way, a Bring Your Own Device policy solves several issues that your organization might face, such as the revenue used to purchase these devices… as long as the policy is handled correctly to address the potential security issues caused by this.

Cloud-Based Communications
Employees are more productive when they feel their feedback is valued. To this end, collaboration is critical, as everyone who puts forth ideas and information will feel like they are at least being listened to--even if their ideas don’t make it into the finished product. This can also create a sense of camaraderie between your employees and improve teamwork on a fundamental level.

Coleman Technologies can help your business break boundaries and improve employee engagement through the use of technology. To learn more, reach out to us at (604) 513-9428.

Part of the problem for many healthcare institutions is that there is a staggering amount of physical documents that are used to keep track of patients, processes, and procedures. As reported by SiliconAngle, Dr. Vasi Philomin of Amazon Web Services claims there are 1.2 billion medical documents created every day in the healthcare industry, in the United States alone. With so many documents, it’s no surprise that it’s difficult for people to manage them.

And what’s a way to take out the menial tasks done throughout the workday, or organize countless documents accumulated in a collection that is impossible for humans to go through on their own? That’s right--artificial intelligence. While it might seem like a weird way to use A.I., it is certainly a viable option, and one that industry professionals are considering to boost efficiency of care and ease of use.

The Health Insurance Portability and Accountability Act (HIPAA) complicates this issue, but Amazon Web Services is hoping to challenge this with new initiatives. A service called Academic Comprehend Medical aims to help narrow down candidates for clinical trials--something that is impossible without the help of computers and artificial intelligence. Of course, this is only a small amount of what could be accomplished through the use of A.I. in the medical industry, so the future could potentially be very bright for any organizations that utilize this technology.

You can count on Coleman Technologies to keep our fingers on the pulse of any interesting technology developments in the industry. For more information about healthcare solutions, call us today at (604) 513-9428.