CapitalTek July Newsletter Vol. 31

Mosteffectiveengagementstrategies,p1

Shady Data Collection Practices from Popular

Shopping App SHEIN, p2

Benefits of Using Microsoft 365 Copilot, p3

How to Fight Business Email Compromise, p4

Best practices for securing your home network, p5

How to handle mobile device compromise, p6

Yourbiggestcybersecurityrisk,p8

TechnologyUpdate,p9

Fakesoftwareadsusedtodistributemalware,p10

Entertainment,p11

FeaturedCustomer-FirstandonlychoiceforOttawaplumbing, heatingandairconditioning(AC/HVAC)-for87years,p12

BOOSTYOURTEAM’S ENGAGEMENTWITHBETTERTECH?

Thestressesandpressuresofthecostofliving crisisarehittingmanypeoplehard.Thatmakes employeeengagementmoreofachallenge thanever.

Asabusiness,youmightbefindingithard yourself Itmaynotbepossibletooffersalary risesthatkeeppacewithinflation

Andatthesametimeyoumightbeaskingmore ofyourpeople,ormakingchangestothe workplacethatarehardforsometoadjustto.

Thelastthingyouwantistolosegoodpeople justwhenyouneedeveryonefiringonall cylinders.

That’swhysomeofthemosteffective engagementstrategiesrightnowinvolve relievingthestressandtediumofrepetitive tasks,andremovingworkplacefrustration–with theaddedbenefitthatyoubecomemore efficientintheprocess.

Mostbusinessesnowoffersomeformofremote working.Butit’scommonforpeopletofeel‘left outinthecold’ifit’snoteasyforthemtokeep communicationchannelsopen.Makingteam interactionsseamlesscanmakeabigdifference tothehappinessofyourpeople–andevento yourcustomers.

Howdoyoudothis?Startwithbetter

collaboration tools. They can improve project management, strengthen relationships, reduce wasted time, and even encourage better feedback. Technology can also automate dull and repetitive tasks. No-one’s going to complain about that, and faster working will provide a productivity boost.

When you respond to your people’s frustrations by providing the right tools, they’ll feel listened to and valued. And if they feel that they’re getting things done, they’ll become more engaged and more motivated.

There’s an overwhelming range of tools available that often make bold claims about their ability to transform your business

We can help to cut through the sales patter and get to the heart of what’s right for you. So if you’re looking at a tech solution to improve employee engagement, let’s talk.

ISYOURONLINESHOPPINGAPP INVADINGYOURPRIVACY?

Online shopping has become a common activity for many people. It’s convenient, easy, and allows us to buy items from the comfort of our homes. But with the rise of online shopping, there are concerns about privacy and security.

ShadyDataCollectionPracticesfromPopular ShoppingAppSHEIN

Recently,securityexpertsfoundapopular shoppingappspyingonusers’copy-and-paste activity.Thisappwastrackingusers’keystrokes, screenshots,andeventheirGPSlocation This raisesthequestion:Isyouronlineshoppingapp invadingyourprivacy?

SHEINistheappinquestion,andit’sapopular shoppingappwithmillionsofusers.Accordingto reports,researchersfoundtheappcollectingdata fromusers’clipboards Thisincludedanytextthat userscopiedandpasted.Thismeansthatifthe usercopiedandpastedsensitiveinformation,the appwouldhaveaccesstoit.

Includingthingslikepasswordsorcreditcard numbers.

Notonlythatbuttheappwasalsofoundtobe trackingusers’GPSlocation.SHEINwasalso collectingdatafromdevicesensors,includingthe accelerometerandgyroscope.Thismeansthatthe appwasabletotrackusers’movements Aswellas collectinginformationabouthowtheywereusing theirdevice.

Theapp’sdevelopersclaimedthatthedata

collecteddatawasonlyusedforinternalpurposes. Butthisexplanationwasn’tenoughtopleaseprivacy experts.Thoseexpertsraisedconcernsaboutthe app’sdatacollectionpractices

TemuDataCollectionPracticesQuestioned

Thisisn’tthefirsttimepeoplecaughtanappgrabbing datawithoutusers’knowledge.Manypopularapps collectdatafromtheirusers,oftenfortargeted advertisingpurposes

ThepopularityoftheshoppingappTemuhasbeen explodingrecently.Sincetheappappearedina SuperbowlAdin2023,peoplehavebeenflockingtoit.

ButTemuisanothershoppingappwithquestionable datacollectionpractices.SomeofthedatathatTemu collectsincludes:

Yourname,address,phonenumber

Detailsyouenter,likebirthday,photo,andsocial profiles

Yourphone’soperatingsystemandversion

YourIPSaddressandGPSlocation(ifenabled)

Yourbrowsingdata

Not all shopping apps are created equally. Often people get excited and install an app without checking privacy practices. Apps can collect more data from your smartphone than you realize. Whether you use your phone for personal use, business use, or both, your data can be at risk. So can your privacy. (Continued on next page)

(Continued from page 2 )

Tips to Protect Your Privacy When Using Shopping Apps

Know What You’re Getting Into (Read the Privacy Policy)

Yes, it’s hard to stop and read a long privacy policy. But, if you don’t, you could end up sharing a lot more than you realize.

Turn Off Sharing Features

Turn off any data-sharing features you don’t need in your phone’s settings.

Such as location services. Most smartphones allow you to choose which apps you want to use it with.

Remove Apps You Don’t Use

If you’re not using the app regularly, remove it from your phone. Having unused apps on your phone is a big risk.

Research Apps Before You Download

It’s easy to get caught up in a fad. You hear your friend talk about an app, and you want to check it out. But it pays to research before you download.

Shop on a Website Instead

You can limit the dangerous data collection of shopping apps by using a website instead. Most legitimate companies have an official website.

HOWMICROSOFT365COPILOTIS GOINGTOTRANSFORMM365APPS

Microsoft is one of the biggest players in the office application field It’s at the forefront of introducing transformative technology The company is about to transform Microsoft 365 in a huge way with its new Copilot app

Microsoft 365 Copilot is a new tool designed to help users get the most out of their Microsoft 365 apps This revolutionary tool is an intelligent, personalized assistant

Let’s take a closer look at Microsoft 365 Copilot and the key ways it’s going to improve M365 apps and your business workflows

What is Microsoft 365 Copilot?

Microsoft 365 Copilot is an AIpowered assistant. It helps

users with their day-to-day tasks in M365 apps

It works across all M365 apps This includes:

Word Excel PowerPoint Outlook Teams and more

The tool is currently in testing and should be out sometime soon

How Does Microsoft 365 Copilot Work?

Microsoft 365 Copilot uses AI and machine learning to understand users’ needs It provides personalized help It uses data from users’ interactions with M365 apps. It learns a user’s usage patterns and offers recommendations based on their preferences.

Say that you’re working on a presentation in PowerPoint and struggling with design Microsoft 365 Copilot can offer design suggestions based on your company’s brand guidelines

Microsoft 365 Copilot can also help users with common tasks Tasks such as scheduling meetings and managing emails

Benefits of Using Microsoft 365 Copilot

Personalized Help - Microsoft 365 Copilot provides personalized help based on users’ usage patterns and preferences

Time Saving - Microsoft 365 Copilot can help users save time on common tasks. Such as scheduling meetings and

(Continued on next page)

(Continued from page 3)

formatting documents It can take on many informationgathering tasks, like summarizing meeting notes. Knowledge workers spend an average of 2.5 hours per day searching for information.

Reduced Frustration –Microsoft 365 Copilot can help reduce frustration. It provides solutions when users are stuck on a task The tool can also help users struggling with an Excel chart or table. Instead of having to figureout how to generate it, they can simply give a command to Copilot to do it for them.

Improved Productivity

–Microsoft Copilot handles tasks that go beyond what business apps have historically done. For example, you can use it in PowerPoint to create a presentation for you. Use a command such as, “Create a six-slide presentation based on (this) document.” You can also tell it to find appropriate Microsoft stock photos and insert them.

LEARNHOWTO FIGHT BUSINESS EMAIL COMPROMISE

A significant cyber threat facing businesses today is Business

Email Compromise (BEC). BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat

WhatisBusinessEmail Compromise(BEC)?

BEC is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals They especially target those who perform wire transfer payments.

BEC attacks are usually wellcrafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees online. They gain knowledge about the company’s operations, suppliers, customers, and business partners

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors.

These emails request them to make payments or transfer funds in some form.

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.

According to the FBI, BEC scams

cost businesses about $2.4 billion in 2021.

These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.

How to Fight Business Email Compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.

Educate Employees

Enable Email Authentication

Deploy a Payment Verification Processes

Check Financial Transactions

Establish a Response Plan Use Anti-phishing Software

STIPSTOGET READYFORTHE

UNEXPECTED

What would you do if your business suffered a ransomware attack tomorrow? Do you have a contingency plan in case of any disasters? The unexpected can happen anytime, and small businesses can get hit particularly hard.

(Continued on next page)

capitaltek.com

(Continued from page 4)

BEST PRACTICES FORSECURING YOURHOME NETWORK

Intoday’sworld,technologyis ubiquitous,andconnectivityisa must.Securingyourhome networkhasbecomemore criticalthanever.Asecure homenetworkisessentialfor protectingyourpersonaldata fromhackers.

Fromphishingtosmishing(SMS phishing),it’sgettingharderto avoidabreach.

TheNationalSecurityAgency (NSA)hasprovidedsomebest practicesforsecuringyour homenetwork:

ChangeDefaultPasswords andUsernames

HOWTOUSE THREAT MODELINGTO REDUCEYOUR CYBERSECURITY RISK

Today’s offices are digitally sophisticated. Just about every activity relies on some type of technology and data sharing. Hackers can breach these systems from several entry points. This includes computers, smartphones, cloud applications, and network infrastructure.

It’s estimated that cybercriminals can penetrate 93% of company networks.

One approach that can help organizations fight these intrusions is threat modeling. Threat modeling is a process used in cybersecurity. It involves identifying potential threats and vulnerabilities to an organization’s assets and systems.

Here are the steps businesses can follow to conduct a threat model:

Identify Assets That Need

Identify Potential Threats

Assess Likelihood and Impact

Prioritize Risk Management Strategies

Continuously Review and Update the Model

DID YOU KNOW...

OneNote is blocking files

OneNote in Microsoft 365 is blocking more than 100 file extensions to try to prevent malware being distributed through the application. This will include file types .XXL, .ISO, and .BAT.

Other Office programs such as Outlook, Word, and Excel will all follow suit.

MOBILE DEVICE COMPROMISE

SPOTIT

Your passwords or account details have been changed.

Unknown apps are appearing randomly on your device.

Your device is slower than normal.

TIP

Mobile device

compromise can start with a compromised email or social media account, a malicious app, or a malicious website or link. No matter what the method of compromise

When it comes to mobile devices, make sure all passwords are unique and that credentials are not openly stored on the device. Avoid public Wi-Fi as malicious networks could give a hacker access to your device.

make sure to alert your contacts. If your mobile device is used for work, notify your organization, as well. Only keep work files and apps on mobile devices if absolutely necessary.

If you receive an out of-character message from a contact, let them know as it may be a sign they were hacked. If device compromise occurs, make sure to change all passwords once the device is secure.

VILLAINOFTHEMONTH

Each month we highlight a scam that demonstrates tactics criminals are using RIGHT NOW, to better prepare you when the next scam hits.

Natalia has been saving up to buy a house for years. The time has finally come. After looking online and touring houses in-person, she finally found the one for her. Soon after submitting her offer, she got the news it had been accepted!

After her offer was accepted, Natalia received an email from a title agent telling her to wire the down payment so they could finalize the sale. Natalia didn't want to slow down the process or jeopardize the sale, so she wired the payment immediately

A few days later, she received another email from her realtor, and a different title agent named Jane, telling her the date and time of the closing. When she arrived at the closing, Natalia asked if they had received her payment. Her heart dropped when the new title agent told her they had not received any payment. Natalia pulled up the email and Jane told her she had not sent that. Later they found out that Jane's account had been compromised and a cybercriminal was sending fake emails to her clients, pretending to be her

BUSINESSEMAILCOMPROMISE(BEC)TIPS

Especiallyduringexcitingtimeslikepurchasingahouse,make suretoanalyzeemailsbeforeclickinglinksorsendingmoney. Evenifamessageseemsrelevant,verifywithaknownpoint ofcontactin-personorthroughanothermethod

Justbecauseamessagedoesn'tfita"phishy"molddoesn't meanitsentirelylegitimate.

SLAMAnalysis

Sender:

Links: When hovered over, the link does not lead to a legitimate site

Attachments: Random attachment that is not mentioned in the email.

Message: The message is urgent and is generic. It lacks grammar errors but could be written by AI.

The domain says "reality" instead of "realty."

Humanerror. Yourbiggestcybersecurityrisk

Why cyber security awareness training is so important for you and your staff

costthecompanythousands

Thecrookshadgainedaccessto theCFO’semailaccount, interceptedamessage,and changedinformationtoredirecta payment.

Asisusuallythecasewithcyber crime,itwassimplehumanerror thatopenedthedoortothe crooks.

malicious, but because they’re only human. Without training, they simply don’t know the risks to look out for, or what they can do to keep your business safe.

That’s why good cyber security awareness training –for everyone in your business – is vital.

Read more here...

It was just an invoice. Nothing strange about that. And it didn’t ring any alarm bells that the CFO emailed the accounts team asking for it to be paid urgently to keep a supplier happy. Oh, and they’ve switched banks – so if you could just update their details, that’d be great.

It’s a small company where everyone knows everyone, so there wasn’t a red flag in sight.

But something was very, very wrong.

Those new payment details belonged to a criminal gang. And the email didn’t come from the CFO. This was the final step in a clever phishing scam known as CEO fraud, and it just

Nooneknewtolookforthe warningsignsthatsomething wasn’tright.Andtherewasno policythatrequiredeveryoneto confirmpaymentrequestsin personwhendetailshavetobe changed.

Thiswasafinancialfraud.But everydaythecriminalsareafter morethanjustyourmoney.Your businessdataisjustasvaluable tothem,andthey’llgotogreat effortstogetholdofit

Smallandmedium-sized businessesarethemostlikely targetsforallkindsofcyber attack–notjustphishingscams likethisone.That’sbecausecyber criminalsknowthatthese companiesarelikelytohave weakersecuritymeasuresin placeandwillspendlesstime trainingtheirpeople.

Thecrooksknowthatyour peoplearetheweakestlinkin yoursecuritychain.Not becausethey’ddoanything

Here's where to start

NEWTOMICROSOFT365

Bye bye Teams backgrounds (sort of)

Microsoft’s improving the experience on Windows to make it look like everyone on the call is in the same room.

TECHFACTS

In the original Pac-Man, the ghosts had unique traits The red one was programmed to follow behind PacMan, the pink one in front, but the cyan ghost was designed to be unpredictable

The most efficient keyboard layout is called Colemak, which is designed to reduce finger movements by half. It uses the home row 74% of the time, compared to Qwerty’s 34%

QR codes were invented in 1994. They were first used to track vehicles on the assembly line

Techn logy update

If your business suffered a data breach, your first priorities would be to stop it and minimize the damage caused by the attack.

But would you report it to the authorities?

Reporting security incidents could be key to removing some of the threat to businesses of all sizes. But small and medium sized businesses can be reluctant to reveal what’s happened for fear of bad press or potential repercussions from

attackers.

What do you think about this kind of transparency?

INSPIRATIONAL QUOTE

THE THE MONTH MONTH

It’lluseAItoremove everyone’sindividual backgrounds,andaddthe samebackgroundforevery person.Clever.

FAKESOFTWAREADS

TODISTRIBUTEMALWARE

Google is most people’s first port of call for help or information online –something cyber criminals are using to their advantage.

Specifically, they are targeting Google ads, impersonating campaigns for popular software such as Grammarly, Slack, Ring and many others. This is nothing to do with those companies, but to the untrained eye they look like the real deal… which is how they’re tricking people into clicking the ads.

If you’re not using an ad blocker, you’ll see promoted pages at the top of your Google search results These look almost identical to the non-promoted, down page organic search results, so you or your people could easily be tempted to click.

It’s a complicated scam. Criminals clone the official software websites, but instead of distributing the genuine product, when you click download they install ‘trojanized’ versions. That’s geek speak for malware that disguises itself as real software.

Google is working to protect us by blocking campaigns it’s able to identify as malicious. But criminals have tricky ways around that too.

Ads first take you to a benignlooking website – which the crooks have created This then redirects you to a malicious site that convincingly impersonates a genuine page. That’s where the malware lurks waiting for a click, beyond Google’s reach.

Worse, in many cases you’ll still get the software you’re trying to download, along with a hidden payload of malware. That makes it harder to tell that your device or network has been infected, and may give the malware longer to do its job.

To stay protected, train your team about the dangers and make sure everyone is on the lookout for anything that doesn’t seem quite right.

Encourage people to scroll down the Google results until they find the official domain of the company they’re looking for, and make it a policy that people seek permission before downloading any software – no matter how innocent it may seem.

You could also consider using an ad blocker in your browser. That will filter out any promoted results from your Google search for some extra peace of mind.

For help and advice with training and software policies, give us a call.

TheFunnies

DID YOU KN W

The first-ever email was sent in 1971 by computer engineer Ray Tomlinson.

NEED A LAUGH?

Why was the computer cold at the office?

Because it left its Windows open!

TECHNOLOGY

Who invented the first digital camera?

TechQuiz Q&As

1. 2. 3

4.

5.

Which search engine almost bought Google in the 90s? What was the world’s first widely-used web browser? In computing history, who were the dirty dozen? What are Android releases named after?

In old PCs what was the function of the Turbo button?

The answers are below.

5) Strangely, it made the computer run slower, so it could run software designed for slower machines

Q: Should I use the password manager that comes with my browser?

A: We recommend investing in a standalone password manager instead. Browser-based password managers are not as safe If someone can access your device, they have instant access to all your accounts Standalone password managers need a master password, and do a lot more than just save your credentials

4)

3) Engineers who created the first IBM PC

Q: How can I make sure remote workers follow our security rules?

A: As well as setting out the risks of not using your security tools and procedures, create a policy that explains exactly what is expected of your people, and the consequences if they’re found to break the rules.

Businessgadgetofthemonth TimekettleWT2Plustranslator

Real-time, simultaneous AI translation with support for 40 languages Stick one of these in your ear, give one to the other person and talk normally to each other in your respective languages, while the Timekettle translates like a real life Babelfish. I mean… wow.

$359.98. Ships worldwide from www.timekettle.co

AnkerMake M5 3D Printer

The

It is a fantastic investment for anyone looking to explore the world of 3D printing. With its userfriendly interface, high-quality prints, and efficient design, it’s the perfect tool to bring your creative visions to life

Get yours at https://www ankermake com/

TRIVIA

AnkerMake M5 3D Printer is a cutting-edge device that brings your creative ideas to life in three dimensions It’s like having a mini factory right at your fingertips!

With a reputation for quality, cleanliness and courtesy, it is no wonder that home and business owners alike make Francis Plumbing and Heating their first and only choice for Ottawa plumbing, heating and air conditioning (AC/HVAC) It’s their reputation for quality plumbing, heating & air conditioning that has kept them in business over 87 years – no other Master plumber in Ottawa has been around as long as Francis Plumbing.

1990’s logo

(a licensed Master Plumber & hydronic heating specialist) & his wife Kay Francis (a community advocate & communication specialist), has the licensed plumbers and gas fitters with the expertise and equipment to get your job done whether it is blocked drains, drain cleaning, minor leak repairs, water purification, water heater repairs, tankless repairs, boiler maintenance or repairs or a complete plumbing system or heating system upgrade including boilers, radiant floor heating and more.

They can also take care of your forced air system – whether heating, air conditioning, split ductless, HRV, heat pumps, or combi hybrids we have the expertise to care for your equipment or replace it with more

energy efficient solutions (HVAC energy efficient solutions (HVAC division was previously directed division was previously directed by Mark Francis the original by Mark Francis the original founder of Francis Home founder of Francis Home Environment who retired in 2019 Environment who retired in 2019 to spend more time with his to spend more time with his family. Today, HVAC Manger is family. Today, HVAC Manger is Don Byers who worked closely Don Byers who worked closely with Mark Francis for many with Mark Francis for many years and is a well known expert years and is a well known expert in the HVAC industry who has in the HVAC who has been loyal to the Francis family been loyal to the Francis family company for decades). company for decades).

613-227-HELP(4357)

help@capitaltekcom capitaltekcom

25-174 Colonnade Road

25-174 Colonnade Road South Ottawa, ON South Ottawa, ON K2E7J5 K2E7J5 (613) 932-7978 (613) 932-7978

office@FrancisPlumbing.com office@FrancisPlumbing.com

Setupa15minutediscoveryvideocallat www.capitaltek.ca/talk-to-an-expert

Award-winning managed IT services for small to medium-sized companies in Ottawa. We combine essentials with a comprehensive platform to keep you running worry-free 24/7.

ABOUTFOUNDER&CEO,SERGEYPOLTEV

Founder and CEO Sergey Poltev, has been fixing computers since he was a kid. He immigrated to Canada to seek new opportunities, where he launched CALLGEEK (later renamed to CAPITALTEK) in 2008. Sergey was recognized in 2021 with a Forty Under 40 Awards from the Ottawa Board of Trade & Ottawa Business Journal.