As the pandemic advanced and many countries adopted obligatory stay-at-home orders, the rapid digital transformation caused hackers to have more opportunities to exploit companies, especially since most employees started using personal devices and networks.

There are still companies that take cybersecurity for granted and are in denial that it’s likely that an attack could happen to them. In reality, it’s only a matter of time when a cyber felon will attempt to exploit existing vulnerabilities. While such tools as password management or VPN solutions are important for enhanced security, companies should also focus on employee education, investing in such services as cybersecurity awareness training.

We invited Simmer Principio, the Cyber Security Analyst of E-Tech – a company that offers system support and information technology consulting services, to discuss cybersecurity trends, threats, and how to handle them in the most efficient way.

E-Tech has grown exponentially since its launch in 2005. What was your journey like?

I have been with E-Tech since 2019 right before the pandemic hit. I was hired as the Cyber Security Analyst for the company. Since then, I have seen a huge growth in the number of companies seeking Cyber Security Awareness Training (CSAT), Dark Web Monitoring, Vulnerability Scans, Penetration Testing, and Security Audit Services. My journey has been amazing. E-Tech has been extremely successful these past years I have been with them. We have been awarded by Acquisition International two years in a row as the Leaders in Cyber Security Awareness Training for Canada in 2020 and 2019 and we ranked #1 In Canada and #14 in the World among the World’s Most Elite 501 Managed Service Providers.

We’ve put a lot of time and effort into perfecting our CSAT program. It is a continued success and our customers appreciate being proactive to train their employees before a crisis happens. Our team of CSAT experts has grown over the past two years and this is due in large part to my persistent dedication and hard work along with the rest of the E-Tech team.

Can you tell us a little bit about what you do? What are the main challenges you help navigate?

I am the main person in charge of the Cyber Security Awareness Training, Dark Web Monitoring, Vulnerability Scans, Penetration Testing, and Security Audit services. I help our clients by educating them on the best cybersecurity practices and generating assessment reports for improvements to their organization’s overall security and resilience plan. Because of the pandemic, many companies changed their views and realized that they need Cyber Security Awareness Training due to the simple fact that there are so many malicious and phishing scams out there. And since everyone transitioned from in-office to remote work, they are even more susceptible to falling victim to these scams, causing companies major financial consequences.

Out of all your services, dark web monitoring may be lesser known by the general public. Can you tell us more about this practice?

When we talk about dark web monitoring, a lot of people still do not know what the dark web is in general. To understand what the dark web is, you need to have a basic understanding of how the Internet works. The Internet can be broken up into two parts, the surface web or open web, and the deep web. The surface web is anything on the Internet that can be accessed for free; things that can be found using a search engine. But the deep web is the part of the Internet where you typically need credentials to get to. A great example of the deep web that people use every day is their email. The dark web falls in an even deeper part of the deep web. Dark web websites are only accessible using a special browser software – the most common being the Tor browser.

Dark web websites are very safe for criminals because the fundamental aspect of them is the anonymity of the users. The dark web is a huge marketplace for illegal activity, including stolen credentials from major data breaches. This is where dark web monitoring comes in. There are multi-millions of stolen credentials being sold at any given time on the dark web. It is critical to know if and when your credentials have been bought and sold so you and your company can take proper precautions towards cyber theft. Dark web monitoring is a crucial aspect of cybersecurity, and it often gets overlooked. You can have the most secure systems, but all it would take is having the administrator’s credentials stolen, and all the safety precautions you took would come crumbling down.

What was it like providing IT services during the pandemic? Were there any new challenges you had to adapt to?

Not only did Covid-19 force organizations to accelerate their digital transformations, it also caused worker transformation. Most organizations had to urgently implement work-from-home business solutions and a large majority of organizations were forced to rely on devices the company did not own and could not manage or trust. This, of course, provided a lot of urgent work for our team. Not only did we have to change our policies in which we transitioned to a remote working team, but we were also asked to implement the change for a multitude of clients transitioning as well. The increased workload led us to expanding our team. Our talented managed IT support team continues to grow in size as well as skill.

What security risks do new business owners often fail to take into account when launching their website?

Some important things to remember when launching a website are:

1. To constantly run updates on your website or else it could get easily infected with threats like SQL injections or viruses.
2. Lack of security products, such as a firewall or SSL certificate. If your website is secure, it should start with ‘HTTPS’ before the website link so a secure connection can be established.
3. Improper server setup/configuration. Security misconfiguration gives hackers access to private data or features and can result in a complete system compromise.

It is important to keep everything in your website, from the theme to the plugins to the SSL certificates, updated – it must all be current to the technologies of today.

What cybersecurity threats do you think can become a prominent problem in the near future?

Ransomware continues to be the number one threat to businesses of all sizes and industries. Damages from ransomware are expected to be more than $20 billion US by the end of 2021, according to Acronis Cyberthreats Report 2022. Phishing also continues to be a major threat vector along with malicious emails still being at an all-time high. Cyberattacks are currently on the rise in the World due to the recent Russian invasion of Ukraine that started on February 24, 2022. To counter Russian abilities, Ukraine has called on global hacktivists and cyber experts to join its international “IT army” to help defend the Cyber front. Due to this people should be more vigilant and remember to:

1. Think before you click and don’t believe everything you see online
2. Use strong and unique passwords
3. Use a VPN on the public internet
4. Update everything – including software
5. Turn on multi-factor authentication

Additionally, what are the best cybersecurity tools do you think everyone should have in place to combat these threats?

Use a multi-layer approach to protect your organization’s data and information. Install security software on your business computers and devices to prevent infection, including:

1. Malware solutions to weed out malicious emails coming through
2. Endpoint protection to protect devices against known infections
3. Firewall to protect networks against unauthorized access

Keep systems updated, ensuring operating systems and security software are kept up to date automatically (or manually, if necessary). Enroll your organization in Cyber Security Awareness Training and phishing simulations to test and train good security habits. Also, make sure you have contingencies in place, including data protection and disaster recovery plans, in the event of a disaster. And very important – use a password manager application to help create, manage, and protect your credentials.

And finally, what’s next for E-Tech?

The luxury of working in the IT industry is that even amidst natural disasters, like Covid-19, there is always work as well as the opportunity for growth. Since 2005, our primary sector of focus has been the not-for-profit sector and small business, but we are starting to see heavy increases in other industries as well. Over the past couple of years, we have begun taking our first steps in the entertainment industry with website designs for award-winning director and actor Karena Evans, and world-renowned choreographer and creative director Tanisha Scott. Also in the past few years, we have seen a huge increase in the health services industries, where we now supply managed IT support for over 20+ long-term care homes. We believe this is also just in the beginning stages of potential revenue. As industries continue to become more technically advanced, businesses like ours will always have opportunities to explore in terms of cybersecurity services and managed IT services.

As your organization continues to move forward and grow, you typically cycle through many staff and volunteers, which can also extend to the administrative level. Whether an administrator is let go, leaving for another opportunity, retiring, etc., the issue remains that they have access to sensitive data.

Here, we outline a guide on how to disable the access of an administrator in iMIS:

We would advise you not to delete the user from IMIS. In certain scenarios, deleting the user would affect records that were updated by the user in the past. Instead, disable the user’s account in iMIS or change the user type from ‘full’ to ‘public’. This will allow the user to still login to the system from public websites and update their profile, but any administrative level access would be revoked.

You can do this by going to the staff site -> community -> security -> users and finding all users. Find the account you wish to change and click on the logon name. Scroll down to staff access and modify the permissions. Make sure the account no longer contains a ‘SysAdmin’ role if it had it before. Change the manager’s password (If the user had access to the manager’s account). If the user had access to any of the other staff passwords, please update those passwords also. Changing passwords for the account can be done by simply entering in a new password and pressing the save button in the bottom right corner.

At E-Tech, we are iMIS experts with over 25+ years of experience in consulting, hosting, and maintaining clients. E-Tech was also awarded Authorized iMIS Consultant of 2020 in Canada by Advanced Solutions International (ASI). Please Contact Us for more information or if you need any assistance with iMIS.