Blog
  • Register

Subscribe to our blog

CTN Blog

CTN Solutions has been serving the greater Philadelphia area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Monitoring Pros and Cons

Monitoring Pros and Cons

Dealing with other people, whether in the office or a home environment, can often be troublesome. There is always a case of someone trying to be better than someone else, or trying to take advantage of their naiveté. There are solutions out there that make it easier than ever to help keep your home and business safe. Here are some of the best out there.

0 Comments
Continue reading

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

A new email scam is making its rounds and it has a lot of people concerned with just how much a hacker can peer into one’s private life. How would you react if a stranger emailed you saying they had inappropriate webcam footage of you?

0 Comments
Continue reading

Reexamining Meltdown and Spectre

Reexamining Meltdown and Spectre

It’s been about a year and a half since the Meltdown and Spectre exploits became publicly known. While patches and updates were administered to reduce their threat, they continue to linger on in a less serious capacity. Of course, this doesn’t mean that the threat has entirely been neutered. You still want to know what these threats do and whether or not you’re safe from them.

0 Comments
Continue reading

Tip of the Week: Better Understand BYOD

Tip of the Week: Better Understand BYOD

There are a lot of benefits to implementing a Bring Your Own Device policy for your business. First, people can use the devices that they’ve purchased, and have grown accustomed to, for work. Moreover, many times they can access company information with easy-to-use mobile apps, providing more opportunities to be productive. In fact, many organizations that install a BYOD policy see the majority of their workforce work more, which creates more opportunities for revenue growth, and ultimately, higher profitability.

0 Comments
Continue reading

Are You Ready to Adapt to Network Security Changes?

Are You Ready to Adapt to Network Security Changes?

Humankind has always adapted and improved technology to make life easier, starting all the way back at fire and the wheel. Nowadays, our approach to making life easier through technology is centered around productivity and security. If we can accomplish more than before, in the same amount of time, without worrying that it will be stolen, we’re happy.


This, in addition to the growing assortment of threats there are to business networks, is why network security is projected to continue its growth and development in the near future. Here, we’ve compiled a few predictions for how this growth and development will take shape.

Prediction 1: Penetration testing will happen more often than ever, thanks to A.I. and automation.
Penetration testing is an invaluable process, as it allows you to identify weak points in your network security that your staff may have missed. By hiring an external third party, you make it much more likely that errors and oversights made by your internal staff are noticed. The trade-offs: not only is it a time-intensive process, it can be expensive enough that it can only be justifiably run once a year, if that.

However, this may not be the case for much longer. The integration of new technologies, like artificial intelligence and automation, have made it so that both of these trade-offs have less and less effect on the frequency of penetration testing. This is a good thing, because the rate at which new technology is being integrated into the office is rising. Penetration testing is to be run more often to ensure network security.

Prediction 2: Unified policies will appear that bridge between public and private clouds.
Cloud technology has been advancing, with both private cloud solutions and public cloud solutions proving useful for so many applications. This has led to a widespread move to leverage both to accomplish different aspects of business goals and strategies in adopting what is called a hybrid cloud solution. However, one shortcoming of hybrid clouds is that there aren't any real means of consolidating security policies to simplify management as a part of a larger system.

Once again, this may soon change. It is anticipated that multi-cloud management platforms will be able to synchronize private clouds and those provided to the public through a single control panel, greatly simplifying the cloud management process.

Prediction 3: Endpoint security will be more on point.
It should come as no surprise that the greatest internal threat to your security is your own team and their devices. Using social engineering and leveraging the notoriously unreliable security of consumer devices, cybercriminals are often able to access your network through the employees who use it. While many companies have taken steps to minimize the efficacy of these methods, there hasn’t really been a single, unified solution, making security measures extra time-consuming to manage.

This last point is most likely to change in the near future, as businesses will want a security solution that is leaner, more efficient, and is only one thing to be managed. It is likely that we’ll see these kinds of network security solutions start to take shape and be put to use.

In order to remain secure, you need to adapt to meet the threats that are constantly developing. CTN can help. Reach out to us at (610) 828-5500 for more information.

0 Comments
Continue reading

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.


Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to CTN at (610) 828-5500.

0 Comments
Continue reading

Email Security Basics

Email Security Basics

Email is a modern classic as far as business solutions are concerned, and you’d be hard-pressed to find an office that didn’t use it in some capacity or another. However, because email is so popular, it has become a favorite attack vector of malicious users. Fortunately, there are some basic practices that will help keep your email account secure and your communications private.


Follow Password Guidelines
As you might imagine, one of the most important, basic ways that you can lock down your email account is to ensure that your password is sufficiently strong. Too often, breach statistics (and similar data sets) reveal that passwords are still overwhelmingly insecure. Pet names, birthdates, anniversaries, and favorite sports teams are used as passwords far more than they should be. Some minimal social engineering could very easily provide someone with access to an email account.

To counter this, avoid the temptation to resort to formulaic, easy-to-guess password systems, for instance, smushing your alma mater’s mascot together with the number of your childhood home. Again, these password conventions are the first things that a cybercriminal will try to get into your email account. Instead, do your best to rely on an as-random-as-possible string of numbers and letters, creating a different one for each of your accounts. This will ensure that your passwords are as strong as possible with the added benefit of protecting the rest of your accounts if one of your passwords is discovered.

Of course, for the sake of pragmatism, is it totally realistic to remember a completely random string of alphanumeric characters for everything that requires a password? For many, it isn’t. That’s why many resort to using, rather than a password, a passphrase. A passphrase takes a sentence memorable to the individual and turns it into a mnemonic device. So, a fan of films by Rob Reiner could take a line from one of his works and create a password from it, like “uRdBS” or “HFSTC” from The Princess Bride, or “UCHTT” from A Few Good Men.

Avoid the Unknown
Once you’ve accessed your email, there are a few ways that you can avoid putting yourself at risk. One very important way is to avoid the links in email unless you have verified that they do, in fact, go to (and come from) where they appear.

First, where will the included link direct you? Links can be tricky things, which makes them a favorite of cybercriminals to use in emails. If the link is attached to text, you should hover over it and peek at the status bar that pops up before clicking on it. While the text might say that it brings you to the sender’s official webpage, the link could very well actually direct you to a domain that uploads a virus into your system. If the status bar says that you will be directed to someplace that doesn’t look quite right, skip the link.

You also shouldn’t blindly open an email that hasn’t come from a known or verified source, and even that can now be dangerous. There is a tactic that can be used to great effect as a way to snare even the most cybersecurity-mindful targets called email spoofing. As its name suggests, email spoofing is the act of forging an email’s header so that it appears to have come from someone else, likely someone trusted enough that the email will be opened, interacted with, and read.

As a result, it is best to verify the email with the cited sender whenever possible, through a different means of communication. Whether that means a quick phone call or instant message before you open the email, it is better to be safe than it is to be sorry.

What are some other ways that you keep your email from becoming a security risk? Share them in the comments, and make sure you take a moment and subscribe to this blog!

0 Comments
Continue reading

A Ransomware Cyberattack Struck Atlanta, Georgia

A Ransomware Cyberattack Struck Atlanta, Georgia

Ransomware doesn’t discriminate with its targets, as the city of Atlanta, Georgia now knows so painfully well. The city became the target of a ransomware attack that crippled many of its critical system workflows. The municipal government suffered from one of the most advanced and sustained attacks in recent memory.

0 Comments
Continue reading

FREE Printout: IT Security End-User Checklist

FREE Printout: IT Security End-User Checklist

This guide was created so that business owners, office managers, and IT departments can provide it as an educational resource to showcase some of the most basic IT security practices that can be implemented in your workplace. We recommend printing this out and handing it out to your staff for maximum results.


Your work is important, but so is staying safe and sound. By working together, we can protect this business.

Avoid Sharing Confidential Information

  • Don’t give out company or customer information to unsolicited emails or phone calls.
  • Hackers can be very convincing and have many tricks up their sleeves. Always be wary of suspicious activity, especially in regard to confidential or sensitive information.
  • Never email usernames and passwords to anyone--not even yourself.
  • Be cautious of suspicious messages that come from sources like PayPal, Amazon, or a bank.

Use Strong Passwords

  • Don’t use the same password for multiple accounts.
  • Use complex passwords that contain both upper and lower-case letters, numbers, and symbols.
  • Don’t include personally identifiable information in your passwords.

Don’t Access Sensitive Information on Unprotected Devices

  • You shouldn’t expect hotels and cafes to have secure wireless connections. Never access sensitive information from public computers or devices, as others could also access it.
  • Malware could potentially allow onlookers to steal information like usernames, passwords, and credit card information from your unsecured devices.
  • Ask your IT department about installing a VPN on your device for maximum security.

Don’t Leave Sensitive Information Lying Around

  • Avoid recording passwords on sticky notes.
  • Shred or destroy documents that contain sensitive information.
  • Always lock your devices before moving away from them.
  • On a Windows device, use the Windows key + L to quickly lock your computer.
  • Keep small devices like phones, hard drives, and flash drives close at hand, especially while traveling.

Report Suspicious Activity to IT

  • We can fix things quickly if we know about them. This keeps the issue from becoming a bigger problem.
  • If you lose a device, like a smartphone or laptop, report it to us immediately.

Note: If you have a service agreement with CTN that includes end-user support, please reach out to us at the provided phone number and email address to put in support tickets:

Phone: (610) 828-5500
Email:

0 Comments
Continue reading

Tech Term: Opening the Spam Folder

Tech Term: Opening the Spam Folder

Spam is a tricky subject to talk about, as it seems everyone has a different definition for it. Yet, most have come to the conclusion that spam is a bad thing. For today’s Tech Term, we delve deep into the different kinds of spam out there, as well as theorize about the origin of the term.


Why Spam?
Spam can lead to a considerable amount of wasted time and assets, as well as provide a convenient medium of transportation for threats like malware and viruses. So why is it named after spam, everyone’s favorite canned lunch meat? One theory claims that the folks over at the University of Southern California’s computer lab named it after spam for some unknown reason--perhaps they simply thought it was a funny analogy to make.

The more accepted theory is that spam comes from the Monty Python song. Both the song and spam messages have a lot in common, being both highly repetitive and offering no real substance.

Where Spam Came From
It’s not clear from where spam messages first came. Some believe that spam messages first became a thing on March 31st, 1993. A Usenet user named Richard Depew accidentally posted 200 of the same message to a newsgroup. These messages were then called spam by another user, and Depew used the term in his apology, cementing its terminology.

Another theory regarding the name spam comes from multi-user dungeons, or MUDs, which were a type of chat room named after the role-playing game Dungeons and Dragons. These users would fill these chat rooms with a large quantity of unwanted content. Even the MUDers, as they were called, coined these junk messages spam.

There are two other theories related to spam involving Bitnet Relay, a 1980s chat system, and TRS-80, another use of the aforementioned Monty Python song to annoy users.

Types of Spam
Below, you’ll find the various types of spam that you could potentially encounter:

  • Email spam: Email spam messages are likely the most recognizable form of spam. Spam emails contain all sorts of junk that can make navigating your inbox a complete nightmare. Thankfully, there are regulations put into place that keep spam out of inboxes to an extent, but you can always integrate better solutions and software to augment the sorting of spam emails.
  • Texting spam: In much the same way, texting spam is a way to get unwanted messages through to people. It’s interesting to note that emergency texts don’t constitute spam. Similar to how email spam works, the CAN-SPAM Act also applies to text spam.
  • Comment spam: Comment spam is a bit different in nature from the previous two types. You may have noticed some comments that seem unwanted or “spammy” in nature, such as those advertising the selling of products or simply off-topic.

As always, you don’t want to be dealing with spam carelessly. If your business could use assistance preparing for spam, contact CTN for (610) 828-5500.

0 Comments
Continue reading

Where There’s Data Loss, There’s Trouble

Where There’s Data Loss, There’s Trouble

Data loss can have lasting effects upon your business, usually measured in lost productivity and capital. In other words, data loss is often measured by the cost required to retrieve, restore, and/or repair its effects. Of course, this is only the beginning of how data loss can impact your operations.


Data Loss Implies More than Just Lost Data
While there is no denying that, when considered alone, data loss is a critical blow to your business, there are additional effects that that can be more problematic. First and foremost, you have your employees to consider.

You’d be hard-pressed to find a task in business operations today that didn’t require data in some way, shape, or form. Considering this, try to calculate a rough estimate of the impact that a critical bit of data being lost would cause. This is dependent upon what kind of data was lost. If the data belonged to a client, the sensitivity of the data would be important to consider. There’s even an online tool available to help establish if an incident has gone over the parameters outlined in your agreement.

Furthermore, the value of data factors into other considerations as well, that may not immediately come to mind during a data loss event.

Other Concerns, Regarding Customer Confidence
Never mind losing the data for a moment - what happens to the customers whose data you’ve lost?

First, let’s consider how you would likely react if a business you had entrusted your data with suddenly came to you explaining that your data was just gone. How would you react?

There are many factors that ensure that your contacts will find out, as well. Many industries are beholden by law to inform their business associates that their data has been breached. These legal requirements are also influenced by the state one does business in, what data is stored, even how the data loss took place.

As a result, you could easily find yourself struggling with a public relations nightmare, further impacting the confidence of your customers and clients.

To prevent this all from happening, you need to have the right solutions in place. CTN can deploy a comprehensive backup and disaster recovery solution. To get started, give us a call at (610) 828-5500.

0 Comments
Continue reading

BYOD is Only Helpful If the Devices Are Secure

BYOD is Only Helpful If the Devices Are Secure

Mobile devices are so common nowadays that your employees will bring multiple devices to the office on a regular basis. Little do they know that everything they bring with them, from their Fitbit to their laptop, poses a security threat. Of course, the threat level depends on each individual device type. But the point stands that the less you do about mobile device security now, the more danger your organization will be in, down the road.


There is a very simple rule that you can use to gauge how vulnerable your business infrastructure is to mobile devices. The more devices that have access to a network and its contents, the more likely it is that you’ll be putting it in danger. If you aren’t careful about which information is accessed by certain users and devices, then you could expose your business to considerable risk. Therefore, it’s critical that you put measures into place before the worst happens.

It all starts by implementing a Bring Your Own Device (BYOD) strategy, which aims to improve the way that your business manages mobile devices without sacrificing data security in the process. Here are some of the most common features of a BYOD policy:

Blacklisting and Whitelisting Apps
Any apps that you download to your device have to be secure. Generally speaking, most apps that you will download should be safe for your company to use, but there are others out there that have only malicious intentions. Naturally, you’ll want your devices to be equipped with whitelisting and blacklisting capabilities so that you can control what types of apps are found on company devices. The theory here is that you can prevent hacking attacks and data leaks by preventing malicious apps from installing on the devices in the first place.

Remote Wiping
What happens when a device is lost? You might have a lot to worry about, or you might not. It depends on where the device has been lost. If you misplaced it in your office or home, perhaps you can locate it. If you leave it on the train, there’s no telling who will find it. Perhaps a good Samaritan will return the device, but chances are that it will be exploited by its new owner, be it someone who just wants a new device, or a hacker intent on stealing as much data from the device as possible. Remotely wiping the device allows you to maintain the integrity of your infrastructure and its data, even in a worst-case scenario.

A BYOD policy is an incredibly important aspect of a modern technology infrastructure. Do you have one? CTN can help you implement all of the best solutions to secure your mobile devices. To learn more, reach out to us at (610) 828-5500.

0 Comments
Continue reading

Do You Know What to Do When Involved in Identity Theft?

Do You Know What to Do When Involved in Identity Theft?

The unfortunate truth of increased technology use is that there is a corresponding increase in the potential for cybercrime, more specifically identity theft, to strike the workplace. The question is, what can you do to help prevent it, and how should you react to it, should it strike?

0 Comments
Continue reading

Tech Term: What Does “Encryption” Mean?

Tech Term: What Does “Encryption” Mean?

Email is a solution that needs to be protected, lest you expose important information to any onlookers while messages are in transit. Encryption is one of the key ways you can make sure that your messages are safe, but email hasn’t always used this method to secure messages. In fact, it wasn’t until recently that encryption became a staple of the major email providers.


Why Encryption Matters
It’s important to keep in mind that email communications are not always private. Depending on whether or not the email provider offers encryption can potentially expose important information found within the message. The reason you need encryption is simply because you never want to expose this information to outside viewers under any circumstances. You would be doing your company a disservice, and potentially even be in violation of data privacy regulations, depending on your industry.

Either way, our point is that encryption is necessary if you want to avoid the ugly side of the Internet. This includes hackers of all kinds, who would stop at nothing to get past your business’s protections and steal information of value. It’s up to you to put measures in place to stop them in their tracks--before it’s too late.

How Email Encryption Works
Imagine for a moment that your emails are locked in a box. This box remains locked the second that it leaves your organization, and it will stay that way until it is received by someone who has the key. In this case, the recipient will have the key, and the box would be unlocked once it is received by them. In the event that the box is intercepted before it reaches its destination, whoever claims it will not be able to view its contents.

The important thing to remember about encryption is that it needs to be an infrastructure-wide implementation. You can’t encrypt only messages that contain sensitive information, as this can potentially make you an even bigger target in the eyes of hackers. Therefore, you need to ensure that your encryption solution is all-encompassing so as to eliminate any risk associated with email security.

Does your business need email encryption? CTN can help by implementing an enterprise-level email encryption solution that takes into account all of your business needs. We can also provide other types of email security tools, including spam protection that limits exposure to dangerous entities. To learn more, reach out to us at (610) 828-5500.

0 Comments
Continue reading

Could Your Favorite App Infect Your Device?

Could Your Favorite App Infect Your Device?

When considering solutions to help ensure your business’s IT security, mobile devices often go overlooked. This makes sense. For most of the time the telephone has existed, it has been attached to a wall, only capable of transmitting sound. However, now that phones are palm-sized computers carried in our pockets, keeping them safe from cyberthreats has a new importance.


Part of maintaining security on a mobile device is to protect it from picking up viruses, which means that you need to have a mobile antivirus solution installed. Of course, Google has released its own internal safeguard, called Play Protect, that is supposed to catch malicious apps and updates. By scanning everything that is uploaded to the Play Store, and again before it is installed on each device, Play Protect’s job is to catch malware and other threats before a user’s device is exposed to these nefarious programs.

The trouble is, Play Protect isn’t very good at its job.

When the industry average for real-time malware detection rates is 94.8 percent, and rises to 96.9 percent over four weeks, it isn’t a good sign if your rates are 48.5 percent and 66.3 percent, respectively.

Fortunately, there are antivirus apps available for download with prevention rates that are above-average, many of them free. Many are similar to Play Protect in that they serve as a comprehensive mobile security suite. While the benefits certainly balance out any of the downsides that these apps have, it helps to know the possible downside.

For instance, some antivirus apps (like Avast Mobile Security and McAfee Mobile Security) are supported by ads, which many users may find to be annoying. Norton Security Antivirus doesn’t block a user from visiting a malicious website, but it does allow a user to remotely lock a lost phone via text message.

When so much business can be completed through a mobile device, you owe it to yourself, your employees, and your clients to make sure your mobile devices are well managed, and are as secure as possible. CTN Solutions can help implement the security solutions, including mobile antivirus, that keep your business safely productive. Reach out to us at (610) 828-5500 for more information.

0 Comments
Continue reading

Tip of the Week: How to Protect Yourself from Invoice Impersonation

Tip of the Week: How to Protect Yourself from Invoice Impersonation

As cybercriminals become increasingly sophisticated in their methods of attack, it is important that your staff--the ones on the front lines--are educated to spot these attempts and know what to do if one is encountered.


Unfortunately, the increased sophistication of these attacks have made them harder to spot and resultantly, harder to avoid. This has led to a rise in the use of an attack vector known as an invoice impersonation attack. When utilizing these attacks, a cybercriminal will send a message under an assumed name (often one that belongs to a regular contact) that includes an invoice number and a link, presumably to download the invoice.

However, rather than downloading the invoice, as expected, the target of an attack will discover that they have actually downloaded some malware. This is often how ransomware is introduced into a system.

Warning Signs
To avoid falling victim to an invoice impersonation attack--or any form of email phishing or fraud--your users should know to keep their eyes out for any warning signs.

Messages containing a payment request and link
One of the bigger security issues with the concept of email is the fact that most users can only take it on good faith that the message comes from the person it appears to have. There is no voice to identify as someone else’s, and no handwriting to compare to the actual person’s.

Therefore, if an email comes from someone with a request for payments to be made, with a link to what is claimed to be a payment portal, don’t click. You might have just dodged a ransomware program delivered via a phishing attempt.

How to Protect Your Business (with the Help of Your Employees)
Phishing attacks, including invoice impersonation attacks, rely on their target to trust the content enough to not question if the sender is who they say they are. As such, they can be avoided with a little mindfulness on the part of your employees.

Make sure your employees know to keep an eye out for risk factors. Requiring regular training sessions as well as testing their cybersecurity mindfulness will help to keep awareness alive and well among your staff members.

Furthermore, you should have updated spam filters and malware blockers installed to help minimize the risk that these messages even make it to your staff in the first place. This is where CTN Solutions can help.

If you’re interested in the solutions we have that can help make cyberthreats a non-issue, give us a call at (610) 828-5500.

0 Comments
Continue reading

Targeted Ransomware Checks for Particular Attributes

Targeted Ransomware Checks for Particular Attributes

Put yourself in the shoes of a cybercriminal. If you were to launch a ransomware attack, who would be your target? Would you launch an indiscriminate attack to try to snare as many as you could, or would you narrow your focus to be more selective? As it happens, real-life cybercriminals have largely made the shift to targeted, relatively tiny, ransomware attacks.

0 Comments
Continue reading

According to Study, Only 28% Utilize Two-Factor Authentication

According to Study, Only 28% Utilize Two-Factor Authentication

2FA, or two-factor authentication, is a simple and effective means of boosting your cybersecurity. Despite this, a study performed by Duo Labs suggests that 2FA has not been adopted as much as one might expect, or as much as it should be.


Using data from Survey Sampling International, the researchers at Duo Labs created a survey to determine the adoption rate of 2FA. This survey was designed to mimic patterns throughout different regions to give an impression of how much 2FA was adopted, and was also targeted to a sample that is proportional to the entire US population. The results of this survey provided some invaluable insights.

However, a few insights were more surprising than others. For example, only 28% used 2FA, and under half of all participants had ever heard of 2FA before taking the survey.

Yet of those who had heard of 2FA, 54% had adopted it voluntarily, and only 20.8% had first used it in their work environments. Considering the number of applications and services that encourage users to utilize 2FA as a security measure, these relatively high numbers make sense. What makes less sense is the fact that the researchers found that less than half of these voluntary adopters used 2FA at every opportunity.

Despite this, some of the survey’s results were a little more positive for the future of 2FA. Analysis of the current state of 2FA has shown a shift in how users authenticated their identities between 2010 and 2017, that shift indicating a reliance on more secure, safer methods. Hard tokens, or physical devices that a user carries to confirm their identity, have seen a decrease in use of about 50% in the time covered by this analysis. These tokens are relatively insecure, as they only need to be lost or stolen to potentially undermine the use of 2FA, so this decrease in their use shows an increase in security awareness and risk management.

Perhaps most importantly, this research provides real insights into the behavior of the user, and what they considered the most important reason to use certain 2FA methods.

Most users indicated that when they compared different approaches to 2FA, they held simplicity and convenience as their most important factors. This helps to explain why 84% of respondents ranked security tokens as the most trustworthy form of 2FA, when the security risks and issues are well-known by users.

Still, the saddest truth revealed by this survey is that too few users utilize 2FA as they secure their devices, both personal and work related. The very real risk of data loss, and how network security can prevent it, is pushed further into the public consciousness by news of repeated security breaches and cyberattacks.

The question now becomes, are your business resources protected by 2FA? If you want professional assistance in implementing it, and other critical security needs, give CTN Solutions a call at (610) 828-5500.

0 Comments
Continue reading

Mobile Security Showdown: Cellular Network vs. Wi-Fi

Mobile Security Showdown: Cellular Network vs. Wi-Fi

Today’s business relies on mobile devices, like smartphones, to guide productivity and efficiency. In fact, the vast majority of people in today’s society own a smartphone. A report shows that 90 percent of people younger than 30 own a smartphone. This means that the forward-thinking business, hiring talented millennials, should think about how to secure any mobile devices that they use to access company data.


A recent Wi-Fi security report from Wandera analyzed a set of 100,000 company-owned mobile devices and found that 74% of wireless data took advantage of a nearby Wi-Fi network. 12% of those Wi-Fi hotspots lacked any type of encryption to secure the connection. Furthermore, only 4% of these company-owned devices were exposed to accidental or deliberate “man-in-the-middle” attacks.

When we say a man-in-the-middle attack, we’re basically talking about a situation where one computer has contracted malware that allows another machine to steal data that’s flowing to and from it. Once the machine has connected to a Wi-Fi connection, the malware is then transferred to the network, thereby infecting the entire network with the malware and giving the hacker free rein to cause all kinds of trouble.

Surprisingly enough, cellular networks are much more secure than a normal Wi-Fi network, since cellular providers take advantage of encryption that protects users. Yet, users will prefer to use a Wi-Fi connection over a cellular provider connection when given the choice. One statistic claims that up to 60% of people will simply connect to any public Wi-Fi they find rather than resort to their cellular data, even if it’s paid for by their employer. Symantec’s Wi-Fi Risk Report comes to a similar conclusion, claiming that people believe their data is more secure if it’s transmitted over Wi-Fi. 53% of people can’t even tell the difference between a secured network and an unsecured network, and 90% of consumers have put some type of personal information at risk using public Wi-Fi.

At the business level, the state of affairs shifts favorably. Individual Wi-Fi use still seems similar, but businesses do a much better job of securing a network from online threats and malicious users. A firewall is one of the best ways to do so, since it actively keeps threats out of your network by checking data that enters it. When a user is accessing your organization’s Wi-Fi, they can then access the entire network that’s hosted on it--including any servers or confidential information that’s found on it. By partitioning information behind the firewall, you’re making your business that much more secure against online threats.

Another way to do so is by implementing what’s called a Virtual Private Network, or VPN. A VPN adds another layer of security by implementing encryption. Basically, it protects your data by ensuring it’s traveling through a secure tunnel of sorts, shielding it from view by those who might be lurking in the shadows. A VPN is a staple of remote computing because it’s really the only way to make sure that your sensitive company data is being transferred as securely as possible. A VPN ultimately keeps you from spending even more money on potential data breaches, and is a considerable benefit when factoring in organizational mobility.

Does your business need a VPN to secure its data? CTN Solutions can help. To learn more, reach out to us at (610) 828-5500.

0 Comments
Continue reading

Tip of the Week: Do You Know What Your Android Permissions Actually Mean?

Tip of the Week: Do You Know What Your Android Permissions Actually Mean?

Downloading an application on an Android device is fairly simple: access the Google Play store, find the app you want to download, and press the button that says install. However, it is also too easy to simply hit ‘Allow’ once the app starts asking for ambiguously-worded permissions. Today, we’ll examine what these permissions actually mean.


It is important to understand that these permissions are not ambiguous by accident. Due to the various responses that different users will have to a request to access certain parts of the device (like the camera, for instance), developers have taken to describing the possible effect of an application’s access, instead of simply saying what it will be accessing.

Therefore, you may find yourself giving your applications permission to access and even alter more than you realized, simply because the permissions your apps have requested didn’t give you a clear idea of what they entail. This can be risky, especially if the app in question was created by an unscrupulous developer seeking access to your information.

If you see the following permission requests, know that they are considered and classified as “Dangerous.” The reasons that these permissions could put your security at risk are included.

  • Phone permissions -- These permissions give an app the ability to interact with your calls and call history however the developer wants. As a result, the app can make calls (including those that use Voice over Internet Protocol, or VoIP), as well as read and edit your calls list. An app with these permissions can also read your network information to collect data on the calls that you have made, and can even redirect your calls or hang up the phone. Essentially, phone permissions give an app control over the primary function of a cellular phone. While this may sound frightening, it is important to realize that this permission is often asked for so that any app you may be using when you receive a call can be paused. As a result, this is a permission asked for by many games and multimedia apps.
  • SMS permissions -- These permissions give an app the ability to both send SMS messages and read any that are incoming. Not only does this present some obvious privacy concerns, it also means that a criminal could leverage this access to add paid services to your account without your consent.
  • Contact permissions -- As with any of the permissions on this list, there are completely aboveboard reasons that an application would require access to your contacts, as well as the ability to edit them. However, in the wrong hands, your contact list becomes a resource for a spammer to harvest their next victims. It is also important to consider that these permissions grant access to any accounts that your apps use, including Facebook, Google, and others.
  • Calendar permissions -- With these permissions granted, an app can read, edit, and create events in your calendar. However, this also means that an app can review your calendar without restriction, with the ability to edit or remove anything they want.
  • Camera permissions -- These permissions, perhaps obviously, allow an app to utilize your phone’s built-in camera to capture images and video. However, these permissions don’t specify that the app has to necessarily be in use to do so, allowing the app to potentially record your life whenever it wants.
  • Microphone permissions -- Just as the camera permissions allow an app to capture visual content, microphone permissions allow an app to use the onboard microphone to capture sounds and audio. Also like camera permissions, there is nothing that says the application has to be in use for it to do so, and so an app could potentially record anything your device could pick up at any time.
  • Storage permissions -- If granted these permissions, an application can read and write information to your phone’s storage, whether it's in the onboard storage or an added SD card. Like other permissions with the “Dangerous” label, this also means that the app can edit and remove files from your data storage. This is another common permission, as just about every app you download will likely need to store a small amount of your usage data. This includes services that save your login information, like Netflix, to games that store your progress, like Candy Crush Saga.
  • Location permissions -- These permissions allow an app to read your location at any time. Based on what the app is looking for, this location is either very exact (coming from GPS data) or a more general one (based on local Wi-Fi hotspots and cellular base stations). This could create a problem, as a criminal could potentially obtain your location history from the app and use it to establish your behaviors.
  • Body sensor permissions - These are not seen quite as often as other permissions, but you are apt to see them if you use certain accessories (like fitness trackers) and their associated apps to track your health data. These permissions allow the app to access that data. However, there permissions are not related to your device’s native movement tracking abilities.

It is important to remember that most applications that request these permissions are doing so simply in order to do what you want it to do. A messaging application without SMS permissions isn’t going to be able to do its job. Social networks, especially Instagram, need access to the camera in order to take the photos that you edit and share.

However, you should always consider why an app might request certain permissions, and if there is actually a reason that those permissions are necessary for the app to function. If the same messaging application were to ask for body sensor information, it wouldn’t be a bad idea to seek out a different app for your needs.

Make sure you subscribe to the CTN Solutions blog for more IT tips and best practices!

0 Comments
Continue reading

Mobile? Grab this Article!

QR Code

Latest News & Events

CTN is proud to announce the launch of our new website at www.ctnsolutions.com. Be sure to check out our 6 key service areas where we have highlighted specific services we offer. And don’t forgot to subscribe to our BLOG that provides helpf...

Latest Blog

In part two of our desktop buying guide, we talk about one of the most confusing specifications you’ll see whenever you purchase a computer. We’re going to demystify memory, also referred to as RAM.

Contact Us

Learn more about what CTN can do for your business.

Call us today
(610) 828-5500

610 Sentry Parkway
Suite 110
Blue Bell, Pennsylvania 19422