Blog
  • Register

Subscribe to our blog

CTN Blog

CTN Solutions has been serving the greater Philadelphia area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

When It Comes to Payment Cards, Frank Abagnale Gives Credit Where Credit is Due

When It Comes to Payment Cards, Frank Abagnale Gives Credit Where Credit is Due

With more than $16 billion being scammed from more than 16 million people, there is clearly an issue at hand that could use some expert insight. Those who are familiar with Steven Spielberg’s Catch Me If You Can might know that the movie was based on the memoirs of Frank Abagnale, former con man and longtime security consultant of the FBI. With his 45 years of experience with the bureau, Abagnale can safely by considered an expert in cybersecurity and fraud protection.

0 Comments
0 Comments
Continue reading

European Union’s GDPR: One Year Later

European Union’s GDPR: One Year Later

2018 will be remembered as the year where data privacy was altered forever. From Facebook’s many problems to the launch of the European Union’s General Data Protection Regulation, data privacy has never been a bigger issue than it is today. Let’s take a look at how the GDPR has affected the computing world in 2018-19 and how the past year’s events have created new considerations in individual data privacy.

0 Comments
0 Comments
Continue reading

Google Knows Where You Are: Here’s How to Stop Them

Google Knows Where You Are: Here’s How to Stop Them

Late in the summer this past year there were several articles written about how Google would continue to track the location of a person’s smartphone after they had chosen to turn off their location settings. A Princeton researcher corroborated those claims for the Associated Press, traveling through New York and New Jersey with locations services off only to be tracked the entire way. Today, we will discuss this issue, and tell you what you need to know to keep Google from tracking you wherever you go.

0 Comments
0 Comments
Continue reading

Smaller Practices are Choosing Cloud-Based EHR

Smaller Practices are Choosing Cloud-Based EHR

The medical field has spawned all kinds of new technology that takes patient care to the next level. Regulations demand that even smaller practices need to make the jump to electronic medical record systems (also known as electronic health records). These EMR/EHR solutions provide an interface that give providers and patients a way to keep themselves connected to each other--a tool to promote a more efficient delivery method for these services. We’ll take a look at these EMR and EHR solutions that are hosted in the cloud, giving your organization more information to make an educated choice on implementing this software.

0 Comments
0 Comments
Continue reading

Monitoring Pros and Cons

Monitoring Pros and Cons

Dealing with other people, whether in the office or a home environment, can often be troublesome. There is always a case of someone trying to be better than someone else, or trying to take advantage of their naiveté. There are solutions out there that make it easier than ever to help keep your home and business safe. Here are some of the best out there.

0 Comments
0 Comments
Continue reading

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

Want to Keep Your “Personal” Browsing a Secret? Scam Says: Pay Up!

A new email scam is making its rounds and it has a lot of people concerned with just how much a hacker can peer into one’s private life. How would you react if a stranger emailed you saying they had inappropriate webcam footage of you?

0 Comments
0 Comments
Continue reading

Some Providers are Offering Blockchain as a Service

Some Providers are Offering Blockchain as a Service

There’s a big risk associated with implementing any new technology solution for your organization. For one, it’s difficult to know how a specific solution will run without first implementing it. This leads many businesses to avoid implementing a new solution for fear that it won’t be worth the investment. On the other hand, if they fail to implement a new solution, they could potentially lose out on valuable new tools they could use to succeed. How can you get around this issue?


One of the most relevant examples is blockchain technology. There are quite a number of great uses for the blockchain in a modern business environment, but the most practical among these might warrant at least a little bit of hesitation.

It makes sense that a lot of organizations might be skeptical about implementing blockchain without taking a closer look at the numbers. Blockchain is still new enough that there will be second thoughts before any organization implements it. According to the 2018 CIO Survey by Gartner, only one percent of CIOs have adopted blockchain technology for business purposes, whereas about eight percent of them have plans to do so in the future. Similarly, 77 percent say that there is no interest whatsoever in implementing blockchain technology.

Those who do plan on adopting blockchain technology soon have found that it will likely not be a simple task. 13 percent of organizations with plans to do so say that in order to implement blockchain technology, they would have to make significant changes to their IT department, whereas 14 percent believe that a culture shift is necessary to accommodate this. 18 percent also found that it was difficult to find staff who were capable of working with blockchain technology, and 23 percent found that blockchain demanded the newest skill development out of any other new technology solution they could implement.

Some service providers have taken advantage of this deficit in use by offering Blockchain as a Service. This type of business model actually saves organizations the pain of adopting blockchain technology by making it so your employees don’t have to have specific blockchain-related skills in order to take advantage of it. Since there is little to no investment in blockchain involved on your end, you can take full advantage of services like these through providers like Amazon, IBM, Microsoft, and more.

There are considerable challenges for this approach, but it’s a much more attractive option for organizations that have limited budgets or workforces. What this accomplishes is that you can take advantage of blockchain without making any huge investment. Of course, this also means that there will be issues related to compliance and regulation to deal with, but it’s easier to think about these when you know you have a solid way of implementing and affording the service in the first place.

How would your business utilize Blockchain as a Service? Let us know in the comments.

0 Comments
0 Comments
Continue reading

Tech Term: Encryption

Tech Term: Encryption

Your business data is often quite sensitive, which is why the professional world employs cryptology to keep it secure while it’s in transit. In terms of computing systems, this is called encryption. It’s the ideal way to secure important assets when you send or store information.


Tales from the Crypt-ography
Even ancient rulers and civilizations knew of the importance of protecting sensitive information. Cryptography is a practice that came about during the times of the pharaohs of Ancient Egypt and has lingered ever since in some form or another. Modern cryptography and encryption is still used to keep intercepted messages and data secure, and older forms of this were no exception. The general idea behind cryptography is that there is a cipher and a key to decode the cipher.

The earliest known cipher was used during the time of Julius Caesar. This method substituted letters in the normal alphabet with others a few spaces away. Caesar did this in all of his official communications, allowing only those privileged few who were literate and understood the replacement key, the ability to know what the messages truly meant. Cryptography would continue to evolve over the next 1,300 years, evolving drastically from the cipher Caesar utilized.

Historians have discovered that cryptography developed dramatically over the past 700 years, and it’s all thanks to the invention of polyalphabetic ciphers. Encryption underwent a sort-of “renaissance” of its own in the Venetian city-states of what is now modern-day Italy. In particular, Leon Battista Alberti is remembered as the “Father of Western Cryptography” for the use of his Alberti cipher, a polyalphabetic cipher that used the decoder ring that is most commonly associated with the holiday staple, A Christmas Story. Be sure to drink your Ovaltine.

Encryption in the modern world has since exploded. From the Playfair cipher to the German Enigma machine, these coded messages were a necessity to preserve the integrity of messages during transit. Encryption today is no exception to this rule.

Modern Encryption
Encryption is more important than ever. Computing has evolved considerably over the past 60 years, and encryption has had a lot to do with it. Encryption is a mainstay in some of the most popular technology solutions out there. It’s used every time you make a purchase with a credit card, or make a call or text with your smartphone. Encryption basically still works in the same way by using a cipher and a key, but it’s much more complicated than the more simplistic versions used in the past. We’ll walk you through how two of the more popular encryption algorithms work: symmetric and asymmetric.

Symmetric Key Algorithms
In the case of symmetric key algorithms, the encryption keys are the same for both the process of encryption and decryption. Think of it as the same key working for both the front door and the back door of your house. A better example is that a user can unlock a box with a key, but only if it is the same version of that key configuration, meaning that as long as it’s a copy of that exact same key, the box can be opened.

Asymmetric Key Algorithms
Asymmetric key algorithms work with two different sets of keys: a public key and a private key. Each person who can see the message has access with a public key, but to open the message itself, they need to have a private key exclusive to them. This added layer of security can help to improve privacy. Granted, this is only a very basic explanation of what these complex encryption protocol accomplishes.

Popular Types of Encryption
Here are some of the most popular forms of modern encryption:

  • AES: Advanced Encryption Standard is a symmetric encryption algorithm that uses a block cipher to encrypt data one block at a time. There are three different types of this encryption: AES-128, AES-192, and AES-256.
  • 3DES: Triple Data Encryption Standard is a symmetric encryption protocol that takes advantage of three separate 56-bit keys. It encrypts it three times for a total of 168-bit.
  • Twofish: Twofish is a symmetric block cipher based on Blowfish. It provides up to 256-bit encryption and can be used without restriction.

Where Encryption Sees Use
Chances are that if you’re using the Internet, you’re using some type of encryption. There are a lot of websites that utilize Secure Socket Layer, or SSL, to keep the transfer of data secure and private. This is used to keep personally identifiable information safe, like passwords and credit card numbers, just in the event that the browser you’re using isn’t secured. If the website you’re visiting doesn’t use SSL, chances are that the browser will inform you. Other services also take advantage of encryption, such as email, file transfer, or remote access to your network.

Do you better understand encryption now? To learn more, call us today at (610) 828-5500.

0 Comments
0 Comments
Continue reading

How Your Smartphone Keeps Your Data Safe

How Your Smartphone Keeps Your Data Safe

Smartphones are the predominant mode of communication, as well as the devices most used to access the Internet. With so much depending on the modern smartphone, it has become one of the largest, and most competitive, markets of any consumer item. As a result, manufacturers are building devices with software that is able to encrypt the phone against unauthorized access.


When a person, who doesn’t have access to a device, tries to get into the device through one of the options, whether it be code, pattern, or biometric access, he or she is repelled. Without entering the credentials or biometric data that allows for a device to open, it will remain closed to the user. In fact, most modern smartphones won’t actually connect to a Wi-Fi network without the proper credentials. This is handled differently on the different mobile platforms.

Apple
The iPhone ships with 256 AES encryption. It is not stored on the phone (which could result in more successful hacks), a correct passcode combines with data stored on the Secure Enclave chip to generate a key that unlocks the device. This chip also holds biometric data (fingerprint and facial recognition) that can be used to open the device or use Apple Pay. Any Apple product, that has the incorrect access controls entered repeatedly, will lock, stopping unwanted parties from getting into your iPhone.

Android
Since so many more people use the Android mobile OS, Google did not make device encryption standard until devices that run their Android 6.0 Marshmallow mobile OS. If your new Android device runs 6.0 Marshmallow or better, it now ships with encryption enabled. Since Google’s implementation of encryption depends on the manufacturer, some phones will use a key generation system similar to the iPhone’s, while others will use a more complex system called file-based encryption. File-based encryption allows for varying levels of decryption and provides unauthorized users access to a limited number of the features on the device.

In the News
Over time, there has been a push for mobile OS developers to build in “backdoors” to ensure that law enforcement can get into a device if/when needed. Companies like Apple, Microsoft, and Google have had to field their fair share of criticism, but strongly defend their position. Apple CEO Tim Cook states the following, “In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks - from restaurants and banks to store and homes. No reasonable person would find that acceptable.”

Encryption is for the user’s benefit. If you would like more information about modern digital cryptography or any other mobile security, visit our blog.

0 Comments
0 Comments
Continue reading

According to Study, Only 28% Utilize Two-Factor Authentication

According to Study, Only 28% Utilize Two-Factor Authentication

2FA, or two-factor authentication, is a simple and effective means of boosting your cybersecurity. Despite this, a study performed by Duo Labs suggests that 2FA has not been adopted as much as one might expect, or as much as it should be.


Using data from Survey Sampling International, the researchers at Duo Labs created a survey to determine the adoption rate of 2FA. This survey was designed to mimic patterns throughout different regions to give an impression of how much 2FA was adopted, and was also targeted to a sample that is proportional to the entire US population. The results of this survey provided some invaluable insights.

However, a few insights were more surprising than others. For example, only 28% used 2FA, and under half of all participants had ever heard of 2FA before taking the survey.

Yet of those who had heard of 2FA, 54% had adopted it voluntarily, and only 20.8% had first used it in their work environments. Considering the number of applications and services that encourage users to utilize 2FA as a security measure, these relatively high numbers make sense. What makes less sense is the fact that the researchers found that less than half of these voluntary adopters used 2FA at every opportunity.

Despite this, some of the survey’s results were a little more positive for the future of 2FA. Analysis of the current state of 2FA has shown a shift in how users authenticated their identities between 2010 and 2017, that shift indicating a reliance on more secure, safer methods. Hard tokens, or physical devices that a user carries to confirm their identity, have seen a decrease in use of about 50% in the time covered by this analysis. These tokens are relatively insecure, as they only need to be lost or stolen to potentially undermine the use of 2FA, so this decrease in their use shows an increase in security awareness and risk management.

Perhaps most importantly, this research provides real insights into the behavior of the user, and what they considered the most important reason to use certain 2FA methods.

Most users indicated that when they compared different approaches to 2FA, they held simplicity and convenience as their most important factors. This helps to explain why 84% of respondents ranked security tokens as the most trustworthy form of 2FA, when the security risks and issues are well-known by users.

Still, the saddest truth revealed by this survey is that too few users utilize 2FA as they secure their devices, both personal and work related. The very real risk of data loss, and how network security can prevent it, is pushed further into the public consciousness by news of repeated security breaches and cyberattacks.

The question now becomes, are your business resources protected by 2FA? If you want professional assistance in implementing it, and other critical security needs, give CTN Solutions a call at (610) 828-5500.

0 Comments
0 Comments
Continue reading

Data Security Has to Be A Priority For Your Organization

Data Security Has to Be A Priority For Your Organization

Since January 1st of this year, there have been over 10 million personal information records lost or stolen each day. Odds are that you, or someone you know, has had records compromised by a data breach. Individuals and businesses, who never received notification that their records were included in a breach, assume that they are not at risk of identity theft or unauthorized account usage. Unfortunately for them, that is not always the case.


The fact is that there is a significant chance that your personal or non-public business information has been compromised in some way. However, the company that lost your information was not legally obligated to make you aware of the event. For your own benefit, understanding what your rights are when it comes to data breach laws is the first step in protecting your data. For example, do you know what information is considered ‘personal’? Are there ways that your data could have been lost or stolen but the offending entity was not compelled by law to notify you for some reason? The answer is yes.

Legal Definitions of Personal Information
Each state has its own laws and policies regarding data breaches and notification requirements. However, there is a consensus on the basics of what elements, or combination of elements, constitutes as ‘personal information’ in the eyes of the law. At a minimum, personal information includes:

  1. First name or first initial and last name
                        AND
  2. One or more of the following elements: social security number, driver’s license, or state ID number, financial account numbers.

As mentioned, this does make up the foundation of most secular legislation on data breaches. Many states go a step further, and consider account information requiring a pin or password as having been compromised, if the required pin or password was included with the record that was stolen. That is, if the use of a debit card requires a pin for a transaction, you will not be notified of the data loss unless both your debit card number and the pin are accessed.

A few of the more progressive states, like North Carolina and Nebraska, include biometrics and fingerprint information as part of their definition of personal information. Similarly, some states, like Missouri have more specific, detailed laws, limiting the legal maneuverability that comes with ambiguity in statutes.

Even though laws regarding the majority of health and medical information and data policies are covered under the United States’ federally mandated Health Insurance Portability and Accountability Act (HIPAA), a few states do include health-related information in their definition of personal information.

One more thing that the some of the state laws address is that, once a relatively high number of records have been stolen, the information holders must also notify consumer reporting agencies in addition to the Attorney Generals of all states that have affected residents. The number of records lost that trigger reporting to a consumer reporting agency tend to number between 1,000 and 5,000.

When it comes to sectoral legislation, the current statutes are, in general, skewed in favor of protecting the corporate information holder, as opposed to the individuals who have their information compromised.

  • Encryption: In many states, there is specific language that if the personal information was redacted or encrypted at the time of the unauthorized access, then no breach or loss of data has occurred. The laws do not address the policy and notification standards for encryption that is broke post-theft.
  • Questionable Non-Personal Information: Depending on the state, some questionable information might be included as non-personal information. For example, the last four digits of your social security number may not be counted as personal information, despite the quantity of accounts that require you to confirm these four digits before making changes to your account.
  • Good-faith Acquisitions: Nearly every state lists ‘good faith acquisitions’ as exemptions to the data breach laws. A ‘good faith acquisition’ is defined a data loss event where the recipient of the personal information in question is employed internally or with a trusted vendor or partner - and is therefore not likely to be misused or further exposed. It’s important to note that businesses are not required to notify anyone in the event that the data breach meets ‘good faith’ requirements.
  • Risk of Harm Analysis: About half of the United States has laws to allow the information-holding entity to run a ‘Risk of Harm’ analysis to determine the likelihood that the personal information compromised will be abused or used in unauthorized transactions by the parties that have obtained it, or may obtain it, in the future. If the risk of harm is found to be minimal, then they are not required to notify the state's attorney general, nor do they need to notify the parties whose personal information was lost.

For most small and medium-sized businesses, a data breach has the potential be catastrophic. Working with CTN Solutions, we can help you take proactive data and network security measures and significantly reduce the chance that your network will fall victim to cybercriminals. Contact us at (610) 828-5500.

0 Comments
0 Comments
Continue reading

October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month

Cybercrime is the fastest growing criminal activity in the world. From the largest enterprise to the individual, it can affect anyone, anywhere. To help ensure the cybersecurity of American citizens and their businesses, the Department of Homeland Security (DHS), United States Computer Emergency Readiness Team (CERT), the Federal Bureau of Investigation (FBI) and other agencies work together every October to raise awareness about the threats people face online through a series of educational events and activities.

0 Comments
0 Comments
Continue reading

How Do You Feel About ISPs Selling Your Internet Browsing History?

How Do You Feel About ISPs Selling Your Internet Browsing History?

In October of 2016, the Federal Communications Commission designed a set of rules known as the Broadband Consumer Privacy Proposal. These rules had intended to flip the status quo and require Internet service providers (ISPs) to gain their customers’ permission before they harvested their browsing histories to sell to advertisers. This proposal is now moot with the establishment of a new law that passed through Congress and was signed by President Trump in April 2017.

0 Comments
0 Comments
Continue reading

Eliminate Webcam Worry With a Piece of Tape

Eliminate Webcam Worry With a Piece of Tape

Even webcams are susceptible to infestation from RATs, though they may not be the same creatures that haunt subway tunnels or dank basements. Remote Access Tools can be troublesome and, in some cases, invasive. RATs can be used to remotely access a computer and perform any number of functions, including turning on a device’s webcam.

0 Comments
0 Comments
Continue reading

Why Internal Threat Detection is Just as Important as External Threat Protection

Why Internal Threat Detection is Just as Important as External Threat Protection

We all know the dangers of doing business with the Internet. Even a small business has sensitive information that could potentially be stolen. While it’s important to take preventative measures to keep threats out of your infrastructure, it’s equally as important to have measures put into place that can detect threats within your infrastructure.

0 Comments
0 Comments
Continue reading

Is Your Company’s Data Encrypted? It Should Be

Is Your Company’s Data Encrypted? It Should Be

Data might be the most important aspect of your organization, but how well do you protect it throughout your network? Every organization has data like personally identifiable information and financial credentials stashed away somewhere on the network, so security isn’t something that you can ignore. One of the best ways you can safeguard your data is through the use of encryption.

0 Comments
0 Comments
Continue reading

Tip of the Week: Shop Safe While Online With These 3 Common-Sense Tactics

Tip of the Week: Shop Safe While Online With These 3 Common-Sense Tactics

It seems that you can find absolutely anything while shopping online, but unfortunately, this also includes cyber threats. No deal is worth the risk of a hacking attack, but some best practices can help you stay safe while searching for that great bargain.

0 Comments
0 Comments
Continue reading

Your Network Needs a Virtual Bouncer to Keep Threats Out

b2ap3_thumbnail_security_firewall_400.jpgFirewalls are one of the most common IT security measures on the market today, and for good reason. They act as the first line of defense against any incoming threats, and without them, your organization would have to deal with one data breach after another. Of course, that’s only if you’re taking advantage of a proper firewall; if not, you should seriously consider doing so as soon as possible.

0 Comments
0 Comments
Continue reading

How Sloppy Security Practices Put Companies at Risk

b2ap3_thumbnail_identities_400.jpgIn today’s online business environment, security is nothing to scoff at. Yet, there are many businesses that don’t play by the rules when it comes to monitoring account security on a shared network. This puts both themselves, and their businesses, in danger.

0 Comments
0 Comments
Continue reading

Alert: Malware Locks Up Your PC and Offers Fake Tech Support Phone Number

b2ap3_thumbnail_hack_attack_400.jpgThere’s an intrusive malware on the Internet that locks a user out of their PC and directs them to a fake IT support phone number. In addition to being inconvenient, it can lead to the theft of sensitive information. If this happens to you, whatever you do, don’t call the fake phone number!

0 Comments
0 Comments
Continue reading

Mobile? Grab this Article!

QR Code

Latest News & Events

Drew was pleased to present a gift of financial assistance to the Joy of Life program in Sarajevo, Bosnia on behalf of his non-profit ABLE (American Balkan Leadership Enterprise) and my company CTN Solutions. Unfortunately in many countries...

Latest Blog

In managing business technology, we are always talking about downtime--how expensive downtime is, how downtime hurts productivity, how there are a multitude of separate situations that can cause downtime. That kind of doom and gloom may not...

Contact Us

Learn more about what CTN can do for your business.

Call us today
(610) 828-5500

610 Sentry Parkway
Suite 110
Blue Bell, Pennsylvania 19422