Whether you like it or not, millennials (those reaching young adulthood around the year 2000) make up a significant portion of the workforce and will continue to penetrate your industry as more and more staff “age out” of their current roles. Appropriately leveraging a younger team’s skills is going to become a big part of succeeding as a business, but millennials are known for their tendency to hop from job to job as opportunity calls. How can you keep your top millennial talent from jumping ship? You can start by offering the latest technologies. (more…)
Your business relies heavily on hardware; workstations, servers, mobile devices, and more, to keep operations moving forward. However, managing these knowledge-intensive machines can demand your time and resources and often falls in the lap of the business owner.
If you’re challenged by the management and deployment of hardware, let us guide you through the process we here at ActiveCo take on for our clients that saves them time, costs and frustrations. (more…)
Sextortion is a form of blackmail where the extortionist claims to have photos or video of the victim watching adult entertainment on their computer. The criminal threatens to send the compromising images out to the victim’s email address book.
We’ve described this sort of crime before, and in the past, typically, that’s as far as classic sextortion went. The extortionist almost never had pictures, video, screen captures, browser history, or anything else. It’s typically been an empty threat.
The scammers are vague on the details of the sites the victims are said to have visited, and that’s no accident. The extortionists usually have no access at all to their marks’ devices and the attacks are “spray-and-pray”.
This new sextortion version has a twist: the hacker claims to have placed a RAT (Remote Access Trojan) on your computer, making it possible to take control of the device. And that’s the twist: the criminal threatens to send the embarrassing material from the victim’s own device.
Perhaps the most convincing element of the scam is that the extortion email has been crafted to look as if it were sent from the victim’s own email account, spoofing their email address. This can help convince someone that yes, they really have been infected by a RAT.
Victims are told they have one day to come up with the ransom, to be sent in Bitcoin of course. If they fail to pay, they’ll be humiliated from their own email account. Analysis of the Bitcoin transactions associated with the sextortion emails found that victims had handed over seven Bitcoin in a short period of time, making it one of the more successful extortion emails seen.
One of ActiveCo’s security partners, KnowBe4, suggests you send the following to your employees in accounting specifically. You’re welcome to copy, paste, and/or edit:
“The bad guys are getting very deceptive with sextortion scams. They now send you an email that looks like it is coming from yourself—spoofing your email address— and claim that they have infected your workstation with a backdoor which allows them to take control of your computer.
Next, they accuse you of watching adult entertainment and that they have recorded that. And here comes the kicker, unless you pay them bitcoin, they threaten to use your own computer to send embarrassing content to all your contacts.”
RATs are real, and they’ve been spotted in all sorts of devices. But there’s no RAT here: it’s a pure hoax. The scammers are simply spoofing the victims’ email address, which is easy enough to do, but which can be surprising and unsettling enough to spook a victim into paying. The extortionist’s email seems real, and urgent, and all the more convincing.
In terms of identity theft, data loss and good ol’ fashioned pick-pocketing, the holiday season is one of the riskiest times of the year. When it comes specifically to protecting your personal information, thieves and cybercriminals are counting on you to be distracted and make careless mistakes. Something as simple as losing your phone (full of personal details, photos, financial information and email access) could have disastrous consequences and ruin your holiday cheer. Another careless but easy mistake to make is clicking on a “FedEx” delivery email that wasn’t actually sent from FedEx, and don’t forget the simpler dangers that have been around since the dawn of civilization like simply being pick-pocketed while shopping! Credit card information, mobile devices, and anyone using open Wi-Fi connections for financial transactions are common targets throughout the holidays.
Here are a few tips that can help keep you and your family safe from hackers and thieves.
- Go Phishing – During the holiday, phishing scam emails emulate holiday-centric messages. Scams will often appear to be from legitimate establishments like FedEx or Amazon. Avoid clicking on any links in these emails, or downloading any attachments and never give out your password or account information.
- Skimming a Bit Off the Top – For those of you who aren’t familiar with card skimmers, the premise behind this type of theft is to copy your credit or debit card information by disguising a scanning device on a legitimate source, like a gas pump or ATM. The scammers are then free to use or sell that information. Skimmers are easily overlooked and protecting your information requires constant vigilance. Whenever you’re using a credit card during your holiday travels, look closely at any device that you are going to be swiping your cards on.
- Hide the Goods – Pickpocketing is an old-world method of theft that is still extremely effective – especially in a hectic environment like a mall during the months of November and December.
- Free Wi-Fi is Not Free – Open Wi-Fi access points are easily hacked and you’ll likely have no idea what kind of security the connection will have. It might be a bit costly but using your data instead of open Wi-Fi may save you from having to deal with identity theft in the future. Don’t forget that the global Wi-Fi protocol was hacked in 2017!
- Patch It – It’s always a good idea to keep your technology up-to-date with security patches and bug fixes. Many of the large ransomware attacks that make headlines could be avoided by security patches.
- Social Media for Burglars – For many, social media is about sharing their good times and memories with friends and family. For thieves, it’s a road map to determine when a home is going to be vacant because their owners are traveling and how long they’re going to be gone for. To eliminate a breaking and entering from your holiday season, avoid posting specifics of your trip information on social media.
Criminals are just as excited about the holidays as you are; because they know you’ll be distracted with the same workload and life commitments with the added pressure of holiday deadlines and commitments. Just like in the workplace, you are the last line of defence for scammers. Be sure to take ownership of your security and protect yourself!
Today we are all dealing with the same potential threat; at any moment, a breach, a failure, a glitch or error could take down our company, or inadvertantly cost you time and money without so much as a moment’s notice.
You can take as many precautions as you like, and you will still be impacted by malware, cybersecurity threats or human error. Case in point: ActiveCo Technology Management. We consider ourselves a leader in the IT industry, having processes and procedures in place that ensure our clients can rest well knowing that our multi-layered approach to security helps mitigate concerns for the threat of unwanted access to their network.
Despite best efforts in security protection, coupled with continuous awareness training for end users, 2 of our clients were hit with cybersecurity threats within 1 week of one another.
One came from ransomware (the infamous threat that acts like a vampire in that it must be invited in).
The other came from malware that made it’s way through multiple security layers, a stark reminder that the bad guys are working just as hard as the good guys in the realm of security.
Business owners may want to stop, take stock of your day-to-day operations and ensure they have at least 4 out of the 4 topics below covered (yes, 4 out of 4 = 100%) to ensure that your business threats are mitigated, but also that you are falling within the realm of Canadian compliance legislation.
1) Work with a responsive IT partner.
Not all businesses run on a 9-5, Monday to Friday schedule, and it’s important to have a responsive IT partner to ensure your users, your servers, your applications are all running at all hours of the night (especially where global satellite offices or users are concerned). If the call goes out at 4am Pacific Standard Time, will your technology success partner be there to answer the call, and have the capacity to re-mediate the issue as soon as possible?
2) Your backup and disaster recovery should be with a trusted provider.
Work with a sophisticated backup system that you, or your IT team/provider know, trust, and have a long history of success with. What are you looking for? Best case scenario is a cloud and a local fail-over. Both, or a combination of, is key to getting your team back up and running from a breach. You may need to connect with your business peer groups for some direction, as well as contacting your IT provider (or ActiveCo, if currently not your IT provider!).
3) Keep on top of evolving threats.
This one takes some time for weekly research, the simplest way to get started is to sign up to bulletins and technology news sites that provide regular security information and updates (ActiveCo partners with KnowB4, for example, as they provide weekly reports on global threats).
4) Pursue, or fall within guidelines of, Canadian Compliance Legislation.
As of November 1st, 2018, every organisation in Canada must be in pursuit of compliance guidelines as per The Office of the Privacy Commissioner. It is not just a best practice anymore, it is now a mandated federal requirement to have the right systems in place:
Policies – ensure your company has, or is working towards having, essential company policies in place that have been read and signed off by staff. This ensures that guidelines are understood and followed, protecting your business from in-depth investigations for breach of compliance.
Procedures – every company has procedures that must be followed, you should already have an emergency evacuation plan, for example, including a muster point where staff all know to meet up in the event of an event. Right? Good. So, does your organisation have the same level of knowledge when it comes to security procedures such as file access?
Proof – “aka”: documentation. This is one of the most important aspects of a successful security process, especially in the realm of compliance. The Office of the Privacy Commissioner wants to see all of your documentation including, for example, security awareness training events, who attended and what was reviewed (including sign-off from all attendees).
It’s easy to get lost in running your organisation and to ignore, or simply be unaware of, the requirements going on “behind the scenes”. The world is moving so fast that compliance legislation mandates organisations to have a compliance manager in charge of ongoing requirements being met, and documented.
If you’ve made it this far, there may be urgency to connect with a technology success partner that can take care of the most important aspects of your business that are happening behind the scenes. Without a successful technology success plan in place, and being consistently executed, there are gaps in your organisation’s processes that need to be remediated.
If you’re still reading even now, there should be nothing stopping you from contacting us for further details for your business or industry, or calling us now at 1.866.931.3633 and having a stress-free conversation about next steps.
ActiveCo is proud to have hosted Take Our Kids to Work Day, on Wednesday, November 14th, 2018; an annual event where students step into their future for a day and get a glimpse into the working world.
The day involves students in Grade 9 spending the day in the workplace of a parent, relative, friend or volunteer host, where they experience and learn about the world of work.
ActiveCo is participated this year with someone very special, our Controller’s daughter came in to lend a helping hand and learning what it’s like to work a full day at technology support & consulting firm (ActiveCo!).
By participating in Take Our Kids to Work Day, students are able to learn about a variety of careers, industries, and sectors. Take Our Kids to Work Day also creates a great opportunity for employee engagement within the workplace. It is an event that encourages team building, productivity, social interactions, and employee involvement can significantly boost morale around the office! The Take Our Kids to Work Day event is a great avenue for strengthening company culture and employee relationships with the organization and as well with each other.
Will your organization be participating? The Learning Partnership is a Canadian charity that prepares students to thrive in a diverse, connected and changing world. We leverage the best thinking from educators, business, and government to deliver experiential programs for students that cultivate entrepreneurial thinking and support social emotional learning. Since 1993, we have been helping build the foundations for students to solve tomorrow’s challenges. For more information, please visit The Learning Partnership Online.