Hybridandremoteworking,p1
What is Passkey Authentication?, p2
Tips for Designing Great Data Visualization Reports, p3
What is push-bombing & how can you prevent it?, p4
7 Ways to secure your wireless printer, p5
Our Fresh New Look, p6
StaffHighlight,p8 TechnologyUpdate,p9
Cyberresiliencyplan,p10
Entertainment,p11
FeaturedCustomer-Adiversifiedarchitecturalpracticethatoffers afullrangeofarchitecturalservices,p12
Hashybridandremoteworkingleftyouand yourteamrattlingaroundanofficethat’stoo big?
Ifyou’renowinthepositionofoverspendingon rent,utilitiesandcleaning,youmightbethinking aboutdownsizingtoanotherlocation–oreven abandoningtheofficecompletely.
That’ssomethingthatwilltakesomeplanningif youwantasmoothtransitionwithminimal, expensivedowntime.
Movesarealwaysstressful,andrelocatingyour ITsystemstakesabitmorethoughtthan manhandlingadeskupthestairs.
Sohereareourtopthreesuggestionstomakeit easiertoshiftyourITsetuptoanewlocation.
Useachecklist
Treatthislikeanyotherproject.Useato-dolist whereyoucheckoffeachstepsothatnothing’s forgotten.Allocateeverytaskonthelistto specificpeople,soeveryoneknowswho’s responsibleforwhat.
Refertoyourchecklistregularlywithprogress reviewsamonthbefore,aweekbefore,aday before,andonthedayofthemove.Have anotherlistforunpackingattheotherend.
Giveyourinternetprovidernotice
Werelyoninternetconnectionsformostof whatwedo,butit’scommontoallowtoolittle
timeforthistobesetup.Itcantakesixweeksto arrange,installandtesttheconnectionsoit’sready forthedayyoumovein.Allowplentyofnoticeto avoidunwantedstressonthedayofthemove.
Ifit’sanewbuildingorarefit,specifyalltheoutlets andconnectionsyouwant–don’tleaveittothe buildertoassumeasitwillcostmoretomake changeslater.
Useaprofessional
Ifit’sjustacoupleofmachinesitcouldbeaDIYjob. Butformostmoves,it’smore involvedthanjustdisconnectingafew cablesandreconnectingthem.It’stooeasyfor everythingtobecomeconfusingandbecomeover complicated.
AgoodITprofessionalwillhavethisprocessdown toafineartandwilldisconnectandreconnectyour wholenetworkefficientlyandwithminimal downtime.
Ifyou’rethinkingaboutamovetonew premisesandneedhelpplanningforit,wecan help…getintouch.
""YOURMONTHLY YOURMONTHLY NEWSLETTER,WRITTENFOR NEWSLETTER,WRITTENFOR HUMANS HUMANS,NOT,NOTGEEKSGEEKS" "
Passwords are the most used method of authentication, but they are also one of the weakest. Passwords are often easy to guess or steal. Also, many people use the same password across several accounts. This makes them vulnerable to cyber-attacks.
The sheer volume of passwords that people need to remember is large. This leads to habits that make it easier for criminals to breach passwords. Such as creating weak passwords and storing passwords in a non-secure way.
61% of all data breaches involve stolen or hacked login credentials.
In recent years a better solution has emerged –passkeys. Passkeys are more secure than passwords. They also provide a more convenient way of logging into your accounts.
enabled to log the user in
Passkeys work by generating a unique code for each login attempt. This code is then validated by the server. This code is created using a combination of information about the user and the device they are using to log in.
You can think of passkeys as a digital credential. A passkey allows someone to authenticate in a web service or a cloud-based account. There is no need to enter a username and password.
This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses publickey cryptography for user verification.
The user’s device stores the authentication key. This can be a computer, mobile device, or security
One advantage of passkeys is that they are more secure than passwords. Passkeys are more difficult to hack. This is true especially if the key generates from a combination of biometric and device data.
Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location.
This makes it much harder for hackers to gain access to your accounts.
Another advantage of passkeys over passwords is that
(Continued on next page)
(Continued from page 2 )
they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and timeconsuming.
Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds.
Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts.
It also reduces the likelihood of forgetting or
misplacing your password.
Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account.
They click on a link that takes them to a disguised login page created to steal their username and password.
When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.
Data visualization is a powerful tool for communicating complex data.
But it is not enough to simply create a graph or chart and call it a day. To truly make use of information, it is important to create insightful reports.
Creating holistic and insightful reports requires the use of several data points. One tool that enables this is Microsoft Power BI.
What Is Microsoft Power BI?
Microsoft Power BI is a business intelligence tool. It allows you to connect many data sources to one dashboard. Using Power BI, you can easily model and visualize data holistically.
Consider Your Audience
You should design reporting dash-boards with the end user in mind. CEOs and CFOs are interested in different aspects of the business, make the information interesting to them.
What is it that this audience wants to see?
Are they looking for bottomline sales numbers?
Or do they want to cover insights that can help target productivity gaps?
Many times, less is more. If you
find that your dashboard looks crowded, you may be adding too many reports.
The more you add, the more difficult it is to read the takeaways from the data.
Experiment with presenting your data in different ways.
Flip between bar, pie, and other types of charts to find the one that tells the story the best.
Just don’t go overboard. Keep it simple but interesting.
Power Query is a data preparation engine.
(Continued from page 3)
Take time to learn how to leverage this tool for help with:
Connecting a wide range of data sources to the dashboard
Previewing data queries
Building intuitive queries over many data sources
Defining data size, variety, and velocity
Bing and Power BI integrate, allowing you to leverage default map coordinates Use best practices to utilize the mapping power of Bing to improve your geo-coding.
A typical comment heard often when presenting executives with a new report is, “What am I looking at?” Tell your audience what the data means by using features like tooltips and text boxes to add context.
People usually read left to right and from top to bottom. So put your most important chart at the top, left corner. Follow, with the next most important reports.
Cloud account takeover has
become a major problem for organizations.
Between 2019 and 2021, account takeover (ATO) rose by 307%. Many organizations use multifactor authentication (MFA) as a way to stop fraudulent sign-ins
But its effectiveness has spurred workarounds by hackers. One of these is push-bombing
When a user enables MFA on an account, they typically receive a code or authorization prompt of some type.
The user enters their login credentials.
Then the system sends an authorization request to the user to complete their login.
With push-bombing, hackers start with the user’s credentials and take advantage of that push notification process.
They attempt to log in many times
This sends the legitimate user several push notifications, one after the other
When someone is bombarded with these, it can be easy to mistakenly click to approve access.
Push-bombing is a form of social engineering attack designed to:
Confuse the user
Wear the user down
Trick the user into approving the MFA request to give the hacker access
Ways to Combat Push-Bombing at Your Organization
Educate Employees
Reduce Business App “Sprawl”
Adopt Phishing-Resistant MFA Solutions
Enforce Strong Password Policies
Put in Place an Advanced Identity Management Solution
Additionally, businesses can use identity management solutions to install contextual login policies.
ChatGPT has revolutionized the way businesses interact with their customers. It has also affected how they get things done.
Teams are using it for everything from emails to generating ideas for product names.
The tool’s personalized and informative responses in realtime definitely draw you in. But integrating ChatGPT into your business operations requires careful consideration.
(Continued on next page)
(Continued from page 4)
You want to ensure that things don’t get out of hand with employees using the tool irresponsibly.
Understand ChatGPT’s Weaknesses
Define ChatGPT’s Role
Consider Customer Privacy
Ensure Human Oversight
Integrate ChatGPT Into Your Existing Customer Service
Measure Performance and Optimize
Be Transparent About Using It
Manypeopleworryabout someonehackingtheir computer.Butthey’renotreally thinkingabouttheirwireless printergettingbreached.It’s atoolthatmostindividualsuse sporadically.Forexample,when youwanttoprintouttaxforms ormailinglabels.
Printerstendtobeoutofsight, outofmind.Thatisuntilyou needtoprintsomethingand runoutofink.Well,they’renot outofthemindofhackersIn fact,unsecuredprintersarea classicwayforcriminalstogain accesstoahomenetwork.
1. 2.
KeepPrinterFirmware
Updated
3.Use a Network Firewall
4.Put Your Printer on a Guest Network
5.Disable Unused Ports or Services
6.Unplug It When Not in Use
7.Teach Your Family Cybersecurity Best Practices
Netflix is one of the most popular and well-known streaming services. The platform has become an essential part of many people’s daily entertainment routines. Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking.
Hackers take advantage of “phishing overload.” Once they breach your account, they’re usually quiet for a bit, hoping you’ll mistake the Netflix suspicious login warning for a fake.
Here are some things to do right away if you fear your account is hacked:
1.
2.
Go to the Netflix site & try to log in.
If you can log in, change your
password immediately.
3.If you can log in, remove any strange payment methods
4.Contact Netflix support and let them know that you think you’ve been compromised. (Don’t skip this step)
5.Watch your bank statements.
6.Change the password for other accounts that used the same one as your Netflix account.
Users are more likely to engage with topics they are familiar with or interested in. Let's go over the ways cybercriminals take advantage of this by using these topics to carry out scams.
Cybercriminals create dramatic fake news as clickbait This could be celebrity gossip or stories about serious world events AI-generated articles only help to increase the amount of content that can be pushed out Fore mails containing this type of content, use the SLAM method to analyze the sender, links, attachments, and messaging. For websites, stick to news from trusted sources and look for the "lock" symbol.
Manytypesofentertainmentlikestreaming platforms,sportsevents,oronlinecontestsmaybe usedasbaitinphishingmessages Itisalwaysbest togodirectlytoacompany'swebsiteinsteadof clickingonlinksinemails.
Eventticketscamsareontherise,aswell.Tryto buyticketsfromtheoriginalsellerandavoidbuying throughads.Whetheritisaticket,ajersey,ora streamingplatform,ifthepriceseemstoogoodto betrue,itprobablyis
Cybercriminalshavetakentoappstorestocreate replicasofpopularentertainmentapplications.This couldbestreamingapps,populargames,ormusic platforms
Whilethird-partyappstoresarethemost susceptibletothesemaliciousapps,itisalways besttocheckthenumberofreviewsandthe developerbeforedownloadinganapp.Ifamalicious appisdownloaded,itcouldinfectadevicewith malwareandallowthecybercriminaltoaccessuser data
Each month we highlight a scam that demonstrates tactics criminals are using RIGHT NOW, to better prepare you when the next scam hits.
Rachel was looking for a new skincare product. She started searching the web and saw an ad for a skin care cream used by one of her favorite singers. Rachel was excited, she had just been to her concert and thought this skincare cream must be great if the singer was endorsing it. Rachel clicked on the ad and was taken to the company’s website where she was greeted with more pictures of their products and other celebrities that had tried them
She selected a cream and continued to checkout. After a few weeks, Rachel still hadn't received the cream. She started to get suspicious and tried to find a confirmation email. Rachel realized she never received a confirmation.
When she performed an internet search on the brand, she found many reviews from other customers saying it was a scam. When Rachel checked her credit card, she found multiple fraudulent charges. Luckily, she was able to call her credit card company and get the money back.
Racheltrustedthecompanybecauseofthecelebrity endorsementanddidnotresearchthecompanyfirstbefore buyingtheproduct.
Insteadofstayingonwell-knownwebsites,Rachelclickedonan adtobuytheproduct.
Racheldidnotreceiveaconfirmationemailforherorder,anddid notcheckhercreditcardtransactionsuntilweekslater.
Check the celebrity's social media account to see if they have posted anything about endorsing the product.
Take the time to investigate the company before buying anything. Always use a credit card when making new purchases online.
Takethetimetoinvestigatethecompanybeforebuyinganything Alwaysuse acreditcardwhenmakingnewpurchasesonline.
We are delighted to launch our new logo as part of the ongoing evolution of our company’s brand.
Our professional profile has grown and evolved since we first launched and now it is time to refresh it. We have altered our logo to reflect who we are today and to symbolize our dynamic future.
With a lot of creativity sessions, we have chosen a new logo that is modern with key elements that convey our mission to help companies achieve their goals while remaining true to our longstanding reputation.
ifitistheirproposal,wehavethe teamin-house Weapproach yourITlikepartnerwithaproactiveplantomanageit,notjust respondtoemergencies.
Thisconceptisabouthelping businessestakethenextstep andreachnewheightsby embracingtheevolutionoftech support.
We,atCAPITALTEK,havecertified andexperiencedPCandMac specialistsonstaff,andoncall 24/7.Wedon’toutsourceanything,
Theconceptfocusesontheidea of“time”inallaspects: downtime,uptime,qualitytime, savingtime,timetoswitch providers,etc.,andwillexplain
Every second counts when it comes to keeping your business up and running. CapitalTek gets you back up and running in no time.
Microsoft 365 is helping to reduce print waste and increase privacy with an update to its printing function. It will hold print jobs until you arrive at the printer. Then
youscanaQRcodeonthe MicrosoftOfficemobileapp tostartyourprintjob. Smart,right?It’scalled SecureReleasePrinting, andyoucanaskyourIT partnertogetitsetupfor you.
The Surface Web (the internet visible to search engines) only accounts for 10% of the internet The rest lives in the Deep Web – where pages aren’t indexed, or are encrypted, password protected or behind a paywall. This is normal, legal and very different to the Dark Web… where criminals do business
One of iTunes’ terms and conditions states that you are not to use their devices to create “ … nuclear, missile, chemical or biological weapons”
Only 4.5 billion people around the world have a working toilet. More than 6 billion people have a cell phone
Are you asking ChatGPT the wrong questions?
ChatGPT is incredible, but it still has its limitations. If you find it frustrating and inaccurate, it’s quite likely you’re doing it wrong. Here’s how to get the best out of it...
Be specific A basic question will generate a basic answer. The more specific your question, the more likely it is to create a good answer
Give it context For instance, if you’re asking it to review an email, tell it whose perspective it’s reading it from – an employee, a frustrated client, and so on.
Watch your language It can cope with a few typos and a little slang, but too much and you won’t get the great responses you want.
“Dataisthepollutionproblem oftheinformationage,and protectingprivacyisthe environmentalchallenge.”
BruceSchneier,Cryptographerand ComputerSecurityProfessional
INSPIRATIONAL QUOTE OF INSPIRATIONAL QUOTE OF THE THE MONTH MONTH
A recent cyber security report found that just 11% of IT budgets go into incident response, disaster recovery, and infrastructure security. This could be a dangerous underinvestment.
While it’s vital to keep your data and infrastructure protected with a layered, multi-stranded approach, no network can ever be protected from 100% of attacks. Even if it were possible, it would make your systems hard to live with, and would certainly destroy productivity
That means you need a cyber resiliency plan to help you respond to any cyber attack that does get past your defenses. It requires different thinking to your other resilience plans around physical disasters.
In the case of a flood for example, your incident response might be to get cleaned up, find a temporary work location and get your systems online again. But in the case of a ransomware attack, you’d need to investigate how the attack
occurred, locate and patch the holes in your defenses, and remove all traces of the attack from your systems
For a cyber attack, you’ll also have a different RTO – a Recovery Time Objective – which defines how quickly you expect to get back up and running. Your resiliency plan should define that RTO, so that you understand what downtime costs you’ll be facing.
Where do you start? We recommend:
1 Improving your security: Hopefully you’ve already ticked this one off Make it as hard as possible for crooks to access your systems, without creating measures that are so hard to live with that they interfere with the smooth running of your business.
2. Monitoring your systems: The sooner you detect an attack, the faster you can respond, which
will minimize any damage. You should always be monitoring for suspicious activity and staff should be trained to spot warning signs.
3. Responding swiftly: Your response plan should be available to everyone in the business, and should include information on who to report a suspected breach to, and all the steps that should be taken.
4. Making recovery easier: Once an attack is under control it’s time to recover. That means having a good backup in place, and a rehearsed plan for restoring your systems
If you need help with cyber resiliency, or other disaster recovery plans, get in touch today.
Thefirstknown computerprogrammer wasawomannamed ADALOVELACE
NEED A LAUGH?
Why did the computer go to art school?
Because it wanted to learn how to draw better "bytes"!
Why does your keyboard have that weird QWERTY layout?
" To slow down typing for original typewriters as the letters would get stuck together if you typed too fast."
What was Google’s name originally a misspelling of? ‘Creeper’ was the name of the first what? What’s the world’s most popular password? What was the first games console to go to space? How much of the world’s currency is now digital?
The answers are below.
Q: My employees use WhatsApp to share work info – should I stop this?
A: If you’re already using a communication tool like Teams, your people should keep all work communication there It’s more secure and can save a lot of time hunting for information
Q: I’ve lost my laptop What do I do?
A: You should have a response plan in place for this type of incident. Report it to the correct person so that data can be wiped remotely to avoid a breach If you don’t have a plan or remote management in place, we can help
Classic design for pen and paper fans, with a digital copy of everything
The classic Moleskine notebook includes a Smart Pen and Notes App. It takes an instant digital copy of every page, so you can handwrite your meeting notes but take your doodles to the next level. Widely available $279
Introducing the Insta360 Flow AI Tracking Smartphone Gimbal Stabilizer!
Say goodbye to shaky footage and hello to buttery-smooth cinematic shots with this compact, lightweight stabilizer
Whether you ’ re an adrenaline junkie capturing extreme sports or a filmmaker seeking that perfect steady shot, the Insta360 Flow Stabilizer has got you covered.
Get yours at: https://store.insta360.com/
bbb architects Ottawa (bbb) is a diversified architectural practice,
offering a full range of architectural services, with a reputation for delivering projects that exceed their clients expectation in all categories: budget, schedule and design.
Since 1985, bbb has been privileged to work for some of the most prestigious public and private sector clients in Canada and abroad. The firm is known
for the diversity of its portfolio, having designed buildings of virtually every typology. The diversity is largely the result of the firm's reputation for exhaustive research into every aspect of their clients' needs. bbb believes that a new client's project should not be a derivative of past projects. Each new client and project should be researched, with respect to the client's specific culture, structure and current precedents in the industry.
This approach has proven to engage their clients, allowing them to participate and enjoy the creation of their project, while
613-227-HELP(4357)
help@capitaltekca capitaltekca
Award-winning managed IT services for small to medium-sized companies in Ottawa. We combine essentials with a comprehensive platform to keep you running worry-free 24/7.
Founder and CEO Sergey Poltev, has been fixing computers since he was a kid. He immigrated to Canada to seek new opportunities, where he launched CALLGEEK (later renamed to CAPITALTEK) in 2008. Sergey was recognized in 2021 with a Forty Under 40 Awards from the Ottawa Board of Trade & Ottawa Business Journal.
