The Raxxos Team, Author at Raxxos Technology Inc. https://raxxos.com/author/roman/ Managed IT Services For Businesses in Surrey, Langley and beyond in the Lower Mainland, BC, Canada. Fri, 24 Apr 2026 22:32:11 +0000 en-US hourly 1 https://wordpress.org/?v=7.0.1 https://i0.wp.com/raxxos.com/wp-content/uploads/2025/09/cropped-0x0-1.png?fit=32%2C32&ssl=1 The Raxxos Team, Author at Raxxos Technology Inc. https://raxxos.com/author/roman/ 32 32 244869986 Why Microsoft Copilot Isn’t Just Rebranded ChatGPT https://raxxos.com/microsoft-copilot-vs-chatgpt-rebranded/ Fri, 24 Apr 2026 22:32:11 +0000 https://raxxos.com/?p=2690 The model behind Microsoft Copilot is the same OpenAI lineage that powers ChatGPT. So why pay $30 a user per month when ChatGPT Plus is $20? Because the model is the smallest part of what makes Copilot useful for a business. The bigger part is everything Microsoft has built around it.

The post Why Microsoft Copilot Isn’t Just Rebranded ChatGPT appeared first on Raxxos Technology Inc..

]]>
We’ve heard a version of this from a few Lower Mainland clients recently: “Copilot is just rebranded ChatGPT, right? Why pay an extra $30 a month per user when ChatGPT Plus is $20?”

It’s a fair question. The language model behind Copilot is in fact from OpenAI, the same lineage that powers ChatGPT. If you only look at the model, the comparison makes sense.

But the model is the smallest part of what makes Copilot useful for a business. The bigger part is everything Microsoft has built around it: identity, permissions, data integration, and security controls that ChatGPT does not have. For a small business in BC trying to deploy AI without creating a data governance problem, that’s the part that actually matters.

How Copilot handles your data differently from ChatGPT

Two data flow paths contrasting external processing with secure in-tenant processing
ChatGPT sends data externally; Copilot keeps it inside your Microsoft 365 tenant.

When an employee opens ChatGPT and pastes in a client contract to summarize, that document leaves the business environment. It goes to OpenAI’s servers. There is no audit log. No data loss prevention rule. No conditional access policy. No way for IT to know it happened.

When the same employee asks Copilot to summarize the same contract, Copilot reads it directly from SharePoint or OneDrive without copying it anywhere. The document stays inside the Microsoft 365 tenant. The permissions on the document still apply. The sensitivity label still applies. The retention policy still applies. If the IT admin runs a Microsoft Purview audit, that interaction shows up.

Same model under the hood. Very different security posture.

Copilot in Sales, Finance, HR, IT, and operations

Five department icons connected to a central AI hub representing cross-business Copilot integration
Copilot layers AI into every department through tools employees already use.

The pitch about Copilot being “integrated across the business” sounds vague until you see it in a real organization. Copilot isn’t one product. It’s a layer Microsoft has stitched into every part of the suite, and each integration handles a different department’s work without people leaving the tools they already use.

  • Sales: Copilot in Dynamics 365 reads CRM records, recent emails, and call notes to draft follow-ups, summarize account history before a meeting, and flag deals that have gone cold. The salesperson doesn’t paste anything into a chat window.
  • Finance: Copilot in Excel can analyze a spreadsheet, suggest pivot tables, identify anomalies, and explain formulas in plain language. For accounting teams that live in Excel, this tends to land quickly.
  • Operations: Copilot Studio lets non-developers build agents that automate repetitive workflows, all inside the existing tenant and with the same permissions model.
  • HR: Copilot reads from Viva and SharePoint to answer employee questions about policies, benefits, and procedures, but only the documents that employee already has access to.
  • IT and security: Copilot for Security reads from Defender, Sentinel, and Entra to help analysts investigate incidents faster, summarizing alerts and suggesting next steps based on the organization’s actual environment.

The thread tying all of this together is Entra ID. The same login, the same MFA, the same conditional access rules. There’s no separate AI account to provision, no separate billing relationship, no shadow IT to discover six months later.

Compliance: PIPEDA, PIPA, and where data lives

The bigger reason businesses in regulated industries are choosing Copilot over ChatGPT for sensitive work isn’t capability. It’s accountability. We covered the privacy implications of both tools in more detail in an earlier guide for Canadian executives.

Under PIPEDA and BC’s PIPA, organizations are responsible for personal information they collect, including how it gets processed by third parties. When an employee uses ChatGPT to handle client data, the business is trusting OpenAI’s processing terms, data residency, and audit practices. Most small businesses don’t have legal teams reviewing those.

Copilot processes data inside the existing Microsoft 365 commercial tenant. The same data residency commitments, the same compliance certifications (SOC 2, ISO 27001, HIPAA where applicable), and the same audit logs that already cover your email and SharePoint also cover Copilot interactions.

Microsoft has been explicit that Copilot does not use customer data to train its foundation models. ChatGPT’s enterprise plan makes a similar commitment, but the consumer version that most employees default to does not.

For a law firm in Surrey, a medical clinic in Langley, or any business handling personal information, that distinction tends to matter more than the price difference.

When ChatGPT is still the better tool

We’re not arguing nobody should use ChatGPT. There are real cases where it’s the right choice.

Standalone tasks where no business data is involved. Personal productivity. Coding help. Brainstorming where the inputs are public information. ChatGPT Plus also has more flexible model options for power users who want to experiment with different reasoning approaches. If you’re still weighing whether ChatGPT alone could meet your needs, our breakdown of whether your business should use ChatGPT is worth a read.

But for an organization that already runs on Microsoft 365 and wants AI woven into how the business actually operates, paying $20 per user for ChatGPT and then trying to bolt on data governance after the fact often turns out to be the expensive option, not the cheap one.

Four questions before rolling out Copilot

Four floating checklist cards with icons representing permissions, sensitivity labels, user targeting, and training
A successful Copilot rollout starts with four critical readiness questions.

Most clients we work with are running Microsoft 365 Business Standard or Premium. The Copilot license adds roughly $30 USD per user per month. That’s real money for a 50-person business, so we usually walk through a few questions before recommending a rollout:

  1. Is your tenant ready? Copilot is only as good as the data it can read. If permissions are too loose, Copilot will surface things you don’t want surfaced. If permissions are too tight, Copilot won’t be useful. A SharePoint cleanup is often step one.
  2. Do you have sensitivity labels in place? If you handle confidential information, Microsoft Purview sensitivity labels are how you tell Copilot what it can and can’t reference. Worth setting up before deployment.
  3. Who actually needs it? A common mistake is buying Copilot for everyone. Knowledge workers who spend hours in email, Word, and Teams get the highest return. Front-line staff often don’t.
  4. What’s the training plan? Copilot only delivers value when people use it. Most teams need a structured rollout with real examples, not just a license assignment and a hope.

We’ve watched a few rollouts go sideways because the business treated Copilot like flipping a switch. The deployments that delivered real value were the ones treated like proper software rollouts, with change management and follow-up.

Why this matters for Microsoft 365 shops

What Microsoft is doing with Copilot is fundamentally different from what OpenAI is doing with ChatGPT. OpenAI is building a powerful general-purpose AI model. Microsoft is building AI integration into the operating system that most businesses already run on.

Both are valid strategies. But for a small business in the Lower Mainland trying to roll out AI safely, with proper governance, without creating new compliance problems, the integrated approach is hard to beat. The model is increasingly a commodity. The integration is the part you can’t easily replicate.

If you’re already on Microsoft 365 and wondering whether Copilot makes sense for your team, this is one of the conversations we have most often. Book a free consultation with Raxxos and we’ll walk through what a sensible rollout looks like for your business.

The post Why Microsoft Copilot Isn’t Just Rebranded ChatGPT appeared first on Raxxos Technology Inc..

]]>
2690
Your Competitor Might Already Have an AI That Answers Their Phone. Here’s What That Looks Like. https://raxxos.com/ai-phone-answering-what-it-looks-like/ Mon, 13 Apr 2026 09:00:00 +0000 https://raxxos.com/ai-phone-answering-what-it-looks-like/ AI phone answering has gone from a novelty to a real business tool, and some of your competitors in the Lower Mainland may already be using it. Here's what the technology actually looks like in 2026, what it costs, and what BC businesses need to know about compliance and limitations.

The post Your Competitor Might Already Have an AI That Answers Their Phone. Here’s What That Looks Like. appeared first on Raxxos Technology Inc..

]]>
Most Calls to Small Businesses Go Unanswered

Call a plumbing company in Surrey at 7 PM on a Tuesday. If you get voicemail, you’ll probably hang up and try the next one on Google. Most people do. Research from Aira suggests roughly 62% of calls to small businesses go unanswered, and according to Dialzara, about 85% of those callers never try again. A significant number just call a competitor instead.

Now imagine calling that same company and a friendly voice answers on the first ring. It asks what you need, checks tomorrow’s availability, and books you a morning appointment. It even sends a confirmation text. You’d assume it was a receptionist. It might not be.

AI phone answering has quietly become a real business tool over the past year or so. And if you haven’t looked into it yet, there’s a decent chance one of your competitors already has.

This Isn’t the “Press 1 for Sales” You Remember

Visual contrast between an old rotary phone and a modern AI-powered voice waveform
Modern AI voice agents are a completely different category from the clunky phone menus of the past.

When most business owners hear “AI answering the phone,” they picture those clunky automated menus from the early 2000s. The ones where you’d say “representative” four times before the system understood you. Modern AI voice agents are a completely different category of technology.

Today’s AI receptionists carry on natural conversations. A caller can say “I need to get my furnace looked at sometime next week, probably Wednesday or Thursday” and the system will parse that, check a calendar, and suggest a specific time. It can answer frequently asked questions about your business, collect caller information, qualify leads based on criteria you define, and transfer calls to a live person when the situation calls for it.

The voice quality has gotten surprisingly natural. Most callers genuinely can’t tell the difference, at least for routine interactions. That said, transparency seems to matter here. Research from COPC found that customers who are told upfront they’re speaking with AI report 34 points higher satisfaction than those who find out later. Being honest about it isn’t just ethical, it actually works better.

What a Typical Setup Looks Like

The mechanics are simpler than most people expect. You sign up with a provider, connect it to your existing phone system (usually through call forwarding or a VoIP integration VOIP phone systems), and then “train” the AI on your business. That training usually means uploading your FAQ, service list, hours, pricing guidelines, and any workflows you want it to follow.

Most platforms are no-code. You’re not writing software. You’re filling out forms and toggling settings. A straightforward setup can be live in under an hour, though getting it properly dialed in (with the right escalation rules, the right tone, the right answers to edge-case questions) typically takes a bit more ongoing effort.

There are a growing number of providers in this space. A few worth knowing about:

  • Dialbox is purpose-built for Canadian businesses, supports 26 languages with real-time switching, and is PIPEDA-compliant out of the box.
  • Upfirst starts at $24.95/month, making it one of the lowest-cost entry points available.
  • Smith.ai runs a hybrid model with AI handling routine calls and real humans stepping in for complex ones, though pricing starts around $600/month.
  • RingCentral now offers an AI Receptionist at $35/month for 100 minutes, with enterprise-grade integrations behind it.

For most small businesses, you’re looking at somewhere between $50 and $300 per month for a solid AI answering setup. Compare that to a full-time human receptionist at roughly $3,750 to $4,000 per month including benefits, and the math gets interesting. On a per-call basis, industry estimates put AI at around $0.40 per call versus $7 to $12 for a human-handled call.

What Callers Actually Experience

Isometric dental clinic surrounded by a day-night cycle with icons for scheduling, text confirmations, and voice interaction
After-hours calls that once went to voicemail now become confirmed appointments in under two minutes.

The best way to understand AI phone answering is to think about what happens on the caller’s end. Here’s a realistic scenario for, say, a dental clinic in Langley using an AI receptionist.

A patient calls at 6:45 PM, after the office has closed. The AI answers with the clinic’s name, asks how it can help. The patient says they want to reschedule their cleaning. The AI pulls up available slots, offers two options, confirms the new time, and sends a text confirmation. The whole call takes about 90 seconds.

For the patient, it felt like talking to a helpful front desk person. For the clinic, that’s a call that would have gone to voicemail (and probably been forgotten about) turned into a kept appointment.

Now here’s where honesty matters. AI handles straightforward, routine interactions well. Booking, rescheduling, answering common questions, taking messages, routing calls to the right person. Current estimates suggest AI can manage 85 to 95% of routine business inquiries accurately when it’s been properly trained on your specific business information.

But it has real limitations. A caller with a heavy accent, someone who’s upset and talking fast, a question that requires judgment or context the AI wasn’t trained on… these are situations where AI can stumble. And when it stumbles, the caller experience can go downhill fast. This isn’t a technology you deploy and forget about. It needs monitoring and tuning, especially in the first few weeks.

This is why most of the businesses we talk to end up preferring a hybrid approach. AI handles after-hours calls, overflow during busy periods, and the routine stuff. Humans handle the complex, sensitive, or high-value conversations. It’s typically not an either/or decision.

How We’ve Seen This Play Out in Dealerships

Kelly, our founder, spent over 20 years in the automotive industry before starting Raxxos, including managing IT for several major Lower Mainland dealership groups like Wolfe Auto Group, Trotman Auto Group, and Preston. One thing he’ll tell you about dealerships: the phone is everything. A missed call on a Saturday afternoon could be a $60,000 truck sale that walks into the competitor’s showroom instead.

Dealerships typically have service advisors, parts counters, sales floors, and F&I offices all fielding calls at the same time. During peak hours, calls get dropped constantly. We’ve seen this across every dealership group we’ve worked with along the Fraser Highway corridor and out to Chilliwack. An AI receptionist that can answer overflow calls, route them to the right department, and take a proper message when someone’s busy could genuinely change the math on lost revenue for a business like that.

And dealerships aren’t unique here. The same dynamic plays out at medical clinics, law firms, real estate offices, and trades contractors across Surrey and the Fraser Valley. Any business where a missed call often means a missed customer is a natural fit for this technology.

Compliance in BC: What You Actually Need to Know

If you’re a BC business, there are two privacy frameworks to think about when implementing AI phone answering: PIPEDA (the federal law) and PIPA BC (the provincial one). BC is one of the few provinces with its own private-sector privacy legislation, and it can be stricter than the federal rules in some areas.

The practical requirements aren’t as complicated as they might sound:

  • If calls are being recorded, you need to disclose that upfront. A simple “This call may be recorded for quality purposes” in the greeting typically satisfies this requirement.
  • Your organization remains accountable for personal information even when it’s processed by a third-party AI provider. Choose a provider that stores and handles data in compliance with Canadian privacy law.
  • Under PIPA BC, the collection of voice data needs to pass the “reasonable person” test: would a reasonable person consider it appropriate for a business to record and process their call in this context? For a receptionist function, this is generally straightforward.
  • Penalties can reach up to $100,000 for organizations under PIPA, so it’s worth getting this right from the start.

Several providers (Dialbox and Voxs, for example) are specifically built for the Canadian market with PIPEDA compliance baked in. If you’re working with an IT provider to set this up AI automation, compliance evaluation should be part of that conversation from day one.

BC Is Behind on Adoption (Which Might Be Your Window)

Abstract glowing bar chart with one rising bar against a British Columbia mountain silhouette
With only 15% of BC businesses actively pursuing AI, early adopters have a clear competitive window.

Here’s an interesting data point. According to a recent report from the Greater Vancouver Board of Trade, only about 39% of BC businesses have even considered adopting AI, and just 15% say they’re actively using it or planning to. That puts BC behind both Ontario and Quebec.

Nationally, roughly 73% of Canadian SMEs haven’t adopted AI at all. The most common reason, cited by 69% of non-adopters, is that they can’t identify a clear business case.

AI phone answering might be one of the clearest business cases there is. The ROI calculation is relatively simple: how many calls are you missing, and what’s each one worth? For a contractor, a missed call could easily be a $5,000 job. For a law firm, it could be a $15,000 file. An AI receptionist that catches even a few of those calls each month can pay for itself many times over.

The BC government’s Regional Artificial Intelligence Initiative also offers grants to help local businesses adopt AI tools, which could offset some of the initial costs. Worth looking into if you’re on the fence.

If You’re Considering This, Here’s Where to Start

You don’t need to overhaul your phone system overnight. A reasonable approach for most small businesses looks something like this:

  1. Figure out your actual missed call volume. Most phone systems and VoIP platforms can surface this data in their call analytics. If you’re missing more than a handful of calls per week, especially after hours, the case for AI answering gets strong quickly.
  2. Decide what you want the AI to handle. After-hours only? Overflow during busy periods? All inbound calls with human escalation for complex issues? Start narrow and expand from there.
  3. Choose a provider with Canadian data handling. For BC businesses, PIPEDA and PIPA compliance isn’t optional. A Canadian-focused provider simplifies this significantly.
  4. Train it properly on your business. The difference between an AI receptionist that impresses callers and one that frustrates them usually comes down to how well it’s been configured with your specific services, pricing, hours, and common questions.
  5. Monitor and tune. Listen to call recordings, check for patterns in what the AI handles well and where it struggles, and adjust. Plan to spend some time on this in the first month especially.

We’ve been helping Lower Mainland businesses with their phone systems and AI integrations AI automation for years, and this is one of the areas where we’re seeing the most interest right now. If you’re curious whether AI phone answering makes sense for your business, or you just want to hear what it actually sounds like in action, we’re happy to walk you through it. Reach out for a free consultation Book a free consultation and we can take a look at your current setup together.

The post Your Competitor Might Already Have an AI That Answers Their Phone. Here’s What That Looks Like. appeared first on Raxxos Technology Inc..

]]>
2677
Your Business Moved to the Cloud. AI Might Be the Reason Some of It Comes Back. https://raxxos.com/cloud-to-on-premise-ai-small-business/ Fri, 10 Apr 2026 23:06:13 +0000 https://raxxos.com/?p=2649 For a decade, the advice was simple: move everything to the cloud. But the rise of AI, private language models, and growing data privacy concerns are creating a new reality where some of that infrastructure makes more sense back on your own hardware.

The post Your Business Moved to the Cloud. AI Might Be the Reason Some of It Comes Back. appeared first on Raxxos Technology Inc..

]]>
Ten years ago, if you ran a small business in the Lower Mainland, there was a decent chance you had a server sitting in a back closet somewhere. Maybe it was under a desk. Maybe it was in a room that got way too hot in August. It hummed along, it held your files, and every couple of years someone had to come out and deal with it when something went sideways.

Then the cloud happened, and the pitch was compelling: get rid of the box, stop worrying about hardware failures, access your stuff from anywhere. For most businesses, it was the right call. We moved hundreds of clients onto cloud platforms over the years, and the vast majority of them ended up in a better spot.

But something interesting is happening now. The same technology wave that made the cloud feel inevitable (AI, specifically) is creating reasons for some of that infrastructure to come back in-house. Not all of it. Not for everyone. But the pendulum is swinging, and it’s worth understanding why.

The cloud era made real sense

Let’s be clear about why businesses moved to the cloud in the first place, because those reasons haven’t disappeared.

Cloud platforms like Microsoft 365, Google Workspace, and AWS gave small businesses access to infrastructure that used to require a full-time IT person and a room full of equipment. Email, file storage, collaboration tools, backups. All of it handled by someone else’s data centre, updated automatically, accessible from a laptop at home or a phone on a job site.

For a 15-person office in Surrey, that was genuinely transformative. No more worrying about whether the backup ran last night. No more drive failures taking down the whole office for a day. The cloud solved real problems, and for most everyday business tasks, it still does.

So why is anything coming back?

Two things changed: AI got useful enough that businesses actually want to run it, and people started paying closer attention to where their data goes when they do.

When you use a cloud AI tool (ChatGPT, Copilot, Gemini, whatever your team has started playing with), your prompts, your documents, and your questions are typically being processed on someone else’s servers. For a lot of use cases, that’s fine. Asking an AI to help draft a marketing email isn’t a data sensitivity issue. (If you’re weighing those tools against each other, we compared the privacy implications of ChatGPT and Copilot here.)

But the moment you start feeding it client contracts, financial records, employee files, or proprietary business processes, the picture changes. That data is leaving your environment. It’s being processed on infrastructure you don’t control, in a jurisdiction you may not have thought about, under terms of service that can change without much notice.

This is where the on-premise conversation is coming back, and it looks nothing like the old server-in-the-closet days.

What “on-premise AI” actually looks like in 2026

A small device running AI locally in a modern office environment
Modern on-premise AI runs on hardware small enough to sit on a shelf. No server room required.

When we say on-premise now, we’re not talking about going back to a noisy rack in the back room. The hardware has gotten remarkably small and quiet.

A Mac Mini sitting on a shelf can now run a capable AI model locally. Open-source language models (think of them as private versions of ChatGPT that run entirely on your own hardware) have gotten good enough that for many business tasks, they’re genuinely useful. Your team can ask questions, summarize documents, draft communications, and analyze data, all without anything leaving your office network. We wrote a deeper dive on what one of these setups actually looks like in practice.

The setup runs quietly, costs a few dollars a month in electricity, and once it’s configured, your team interacts with it the same way they’d use any other AI tool. The difference is that the data stays on your hardware, in your office, under your control.

We’ve been setting these up for clients who have specific data sensitivity requirements, and the reaction is usually the same: “Wait, this runs here? On that little thing?”

The data sovereignty angle (especially in Canada)

Infographic showing data flowing to foreign cloud servers versus staying within a local office
When your cloud provider is headquartered in another country, your data may be subject to that country’s laws.

This matters more for Canadian businesses than a lot of people realize.

American companies control roughly 60% of Canada’s cloud market. AWS, Microsoft Azure, and Google Cloud dominate. Even when your data is stored in a Canadian data centre, if the provider is headquartered in the US, it may still be subject to American laws like the CLOUD Act, which can compel disclosure of data stored abroad.

Canada’s privacy framework is also shifting. PIPEDA, the federal privacy law, was written before cloud computing was a thing most people had heard of. New federal privacy legislation is expected soon, potentially with fines up to $25 million or 5% of global revenue. And here in BC, we have PIPA, our own provincial privacy law that’s stricter than what most other provinces require, particularly relevant for healthcare, legal, and financial services businesses.

For a law firm in Langley handling sensitive client files, or a medical clinic in Surrey processing patient records, where your AI processes data isn’t an abstract question. It’s a compliance question with real consequences.

This isn’t about abandoning the cloud

Diagram showing everyday tools in the cloud and sensitive workloads on local hardware
The hybrid approach: everyday tools stay in the cloud, sensitive AI workloads run locally.

The important thing to understand is that this isn’t an either/or situation. Almost nobody is ripping out their cloud infrastructure entirely, and that wouldn’t make sense for most businesses.

What’s happening instead is a hybrid approach. Your email, your collaboration tools, your everyday file storage: those stay in the cloud, where they work well. But for AI workloads that touch sensitive data, for processes where you need to know exactly where information lives and who can access it, some of that is moving back onto local hardware.

Industry analysts are seeing this play out broadly. A recent Barclays CIO Survey found that 86% of chief information officers planned to move at least some cloud workloads back to on-premise or private cloud, the highest number on record. Gartner is projecting that 40% of enterprises will adopt hybrid compute architectures for critical work, up from around 8% previously. And organizations that have made strategic moves back are reporting 30% to 60% reductions in infrastructure costs for those specific workloads.

These are enterprise numbers, but the pattern filters down. When the tools get simpler and the hardware gets cheaper (and both are happening fast), small businesses start making the same calculations.

What this means if you run a small business

You don’t need to become a technology expert to navigate this. But there are a few things worth thinking about:

  • Know where your data goes when you use AI tools. If your team is using ChatGPT or similar tools with client data, understand that information is being processed externally. That may be fine for some tasks and not fine for others.
  • Understand your industry’s requirements. If you’re in healthcare, legal, financial services, or any field that handles personal information in BC, your obligations under PIPEDA and PIPA are real. AI doesn’t get an exemption from privacy law.
  • Ask about local options. Private AI running on local hardware is no longer a big-company-only solution. The cost has dropped to the point where it’s realistic for a business with 10 or 15 people.
  • Think hybrid, not binary. The goal isn’t to pick a side. It’s to put the right workloads in the right place. Cloud for what makes sense in the cloud. Local for what needs to stay local.

The pendulum keeps moving

Technology tends to swing back and forth like this. Mainframes gave way to personal computers. Personal computers gave way to cloud. And now cloud is giving way to something more nuanced: a mix of cloud and local that depends on what you’re actually doing with the data.

The businesses that handle this transition well won’t be the ones who pick one approach and stick with it out of habit. They’ll be the ones who actually understand what they’re working with and make deliberate choices about where things run and why.

We’ve been helping Lower Mainland businesses navigate these kinds of infrastructure decisions since 2006, from the server closet era through the cloud migration and now into this hybrid AI world. If you’re starting to think about where AI fits into your business and want to understand your options (cloud, local, or some combination), we’re happy to walk through it with you. Book a free consultation with Raxxos and we’ll take a look at what makes sense for your setup.

The post Your Business Moved to the Cloud. AI Might Be the Reason Some of It Comes Back. appeared first on Raxxos Technology Inc..

]]>
2649
Google NotebookLM: Should Your BC Business Use It? (And What Microsoft 365 Users Should Know) https://raxxos.com/google-notebooklm-business-use-cases-canada/ Thu, 02 Apr 2026 02:11:00 +0000 https://raxxos.com/?p=2572 NotebookLM is free, takes two minutes to start, and lets you have a conversation with your own documents. Here's what businesses are actually doing with it — and what to know before you upload sensitive files.

The post Google NotebookLM: Should Your BC Business Use It? (And What Microsoft 365 Users Should Know) appeared first on Raxxos Technology Inc..

]]>
There’s an AI tool that’s been quietly available for about two years now, costs nothing to start, and solves a problem almost every business has: too many documents, not enough time to read them all.

It’s called Google NotebookLM. And while it’s gotten some attention in tech circles, most small and mid-sized businesses in the Lower Mainland and across BC still haven’t come across it. That gap is worth closing, but with some important caveats for Canadian businesses, especially those of you who’ve made a deliberate choice to keep your data inside Microsoft 365.

What NotebookLM actually does

NotebookLM lets you upload documents (PDFs, Google Docs, meeting transcripts, web pages, audio files) and then have a conversation with them. You ask questions, it answers from the material you’ve provided. It summarizes, cross-references, pulls specific clauses, surfaces key points.

What makes it different from just pasting something into ChatGPT is that it’s grounded entirely in what you’ve uploaded. When it gives you an answer, it cites the specific source and page. You can click through and verify. It’s not mixing in outside information or making things up from its training data. It’s working from your documents and only your documents.

That grounding is the whole reason it works for business use. “Does our service agreement include a limitation of liability clause?” gets you a real answer tied to the actual text, not a generic explanation of what limitation of liability clauses usually say.

Manual document review vs AI-powered document analysis

What businesses are using it for

The use cases tend to cluster around a few areas:

  • Contract and document review. Upload a vendor agreement, lease, or service contract. Ask it to summarize key terms, flag unusual clauses, or explain a section in plain English. Not a replacement for a lawyer on anything consequential, but useful for getting oriented before you spend lawyer time on it.
  • Meeting notes and project follow-up. Upload transcripts or notes from a series of client meetings. Ask it to pull all open action items, summarize what was decided on a topic, or identify themes across the last six months of conversations.
  • Staff onboarding and training. Upload your operations manual, policies, or technical documentation. New employees can ask questions and get answers from your actual materials, rather than interrupting someone senior for every small thing.
  • Research and competitive analysis. Upload industry reports, competitor materials, or market analyses and ask it to compare, summarize, or extract specific data points.

There’s also a feature called Audio Overview that surprises most people the first time they try it. NotebookLM can generate a podcast-style audio conversation between two AI hosts discussing the contents of your notebook. Upload a dense report, click one button, and a few minutes later you have a natural-sounding audio summary you can listen to on your commute. It’s more useful than it sounds.

The question Canadian businesses should ask first

Before you start uploading client files and internal documents to any AI tool, there’s a question worth asking: where does your data go, and what happens to it?

NotebookLM vs Microsoft Copilot data flow comparison

For Canadian businesses, this has real implications under PIPEDA (Canada’s federal private sector privacy law) and under provincial equivalents in BC, Alberta, and Quebec. If you’re uploading documents that contain client personal information, you have obligations around how that information is handled and where it’s processed.

The good news on NotebookLM: Google has stated that your uploaded documents are never used to train its AI models. If you’re accessing it through a Google Workspace account (a paid work account, not a personal Gmail), your uploads and queries are shielded from human review entirely. That’s a meaningful distinction from using a personal account.

The less good news: your data is processed on Google’s servers, which for some regulated industries or clients with strict data handling requirements may not be appropriate. If you’re handling health information, legal files, or anything covered by a client confidentiality agreement, read the terms carefully before uploading.

Which brings us to the bigger question we get from a lot of the businesses we work with.

We’re a Microsoft shop. Is there a NotebookLM for us?

This is one of the principles we follow with the businesses we advise at Raxxos: pick one vendor ecosystem and stay in it. For most BC businesses, that means either Google Workspace or Microsoft 365. And for the majority of our clients, it’s Microsoft.

The argument for staying in your ecosystem isn’t just about simplicity. It’s about security and data governance. Every time you introduce a third-party AI tool that sits outside your primary vendor’s environment, you’re creating a new surface area for data to leave that environment. That’s a manageable risk in some contexts. In others, it’s not worth it.

So if you’re a Microsoft 365 shop and you want what NotebookLM offers, the answer is Microsoft Copilot Notebooks.

Copilot Notebooks is Microsoft’s direct equivalent. It’s an AI-powered workspace where you bring together files, meeting notes, chat history from Teams, links, and other content, and then use Copilot to query, summarize, and work with all of it. Because it lives inside Microsoft 365, your data stays inside your existing Microsoft tenant. The same data governance policies, the same compliance boundaries, the same security controls you’ve already set up apply automatically.

The tradeoff is cost. NotebookLM is free. Copilot Notebooks requires a Microsoft 365 Copilot license, which runs around $30 USD per user per month on top of your existing Microsoft 365 subscription. For a team of ten, that’s a real number to weigh.

But for businesses that have made Microsoft their platform and want to keep all their data there (which is the right call for most businesses from a security and simplicity standpoint) Copilot Notebooks is the better choice. You’re not introducing a new vendor, a new set of terms, or a new place for data to land.

Our own team uses it for exactly this kind of work. Georgy Johnson, one of our technicians, recently used Copilot to set up a structured Microsoft OneNote runbook for IT operations, something that would have taken hours to research and design manually. “It gave me a great template to follow,” he notes. That’s the kind of practical, in-workflow use case that makes Copilot worth the investment for a Microsoft-first business.

“The common concern I hear regarding AI tool use is data security, whether what you share is ever used externally. I tell our clients, who are all on Microsoft, to stick to using Copilot instead of other tools, as your data stays within the organization. Of course you need to put some guardrails in place, but overall Microsoft and Copilot have been great for troubleshooting, writing scripts, and assisting with other tasks.”

Georgy Johnson, Raxxos Technology Inc.

Google Workspace vs Microsoft 365 decision for AI tools

How to think about this decision

Here’s a simple framework:

  • You’re on Google Workspace and handle relatively low-sensitivity documents: NotebookLM is free, works well, and is worth trying today. Start with notebooklm.google.com.
  • You’re on Google Workspace and handle sensitive client data: Use NotebookLM through your Workspace account (not personal Gmail), review Google’s data handling terms, and consider whether specific document types should stay out of it entirely.
  • You’re on Microsoft 365 and want to keep everything in your ecosystem: Look at Microsoft Copilot Notebooks. Factor the licensing cost into your decision, but take seriously the security benefit of staying inside a single vendor environment.
  • You’re not sure what ecosystem you’re in or whether your current setup is actually secure: That’s a conversation worth having before you add any AI tools to the mix.

The broader point is that AI tools for document work are genuinely useful and not particularly complicated to start using. The question isn’t whether they’re worth trying. It’s whether you’re trying them in a way that’s appropriate for the kind of data your business handles.

If you want a straight answer on what makes sense for your specific setup, what tools are appropriate, what the actual security and privacy implications are, and how to introduce AI capabilities without creating new problems, that’s exactly the kind of conversation we have with businesses across the Lower Mainland every day. Book a free call with Raxxos and we’ll give you a straight answer.

The post Google NotebookLM: Should Your BC Business Use It? (And What Microsoft 365 Users Should Know) appeared first on Raxxos Technology Inc..

]]>
2572
What Is OpenClaw and What Does It Actually Look Like When a Business Uses It? https://raxxos.com/what-is-openclaw-how-businesses-use-it-canada/ Tue, 24 Mar 2026 00:47:20 +0000 https://raxxos.com/?p=2560 OpenClaw is an AI agent businesses are deploying on Mac Minis and controlling via WhatsApp and Telegram. Here's what it actually looks like in practice — and the risks Canadian businesses should understand before trying it.

The post What Is OpenClaw and What Does It Actually Look Like When a Business Uses It? appeared first on Raxxos Technology Inc..

]]>

⚠ Important Notice from Raxxos

We do not recommend the use of OpenClaw for most businesses. While it is an impressive and capable piece of technology, OpenClaw is a complex, high-risk software platform that should not be operated without extensive cybersecurity experience and careful planning. There are documented cases of OpenClaw instances being compromised due to misconfiguration and security vulnerabilities. If you choose to deploy it, you do so at your own risk. We strongly encourage consulting with a qualified IT security professional before proceeding.

OpenClaw has attracted significant attention in tech circles — 60,000 GitHub stars in 72 hours, comparisons to JARVIS, and a wave of developers ordering Mac Minis specifically to run it. Most of the coverage has been aimed at developers and early adopters. This article is aimed at business owners who want to understand what it actually is, how it works, and — critically — why Raxxos advises most businesses to approach it with caution.

Georgy Johnson, a technician here at Raxxos, says that as of right now he hasn’t had clients come to him directly with questions about OpenClaw — but he’s noticed how fast it’s moving through conversations. “News about it is spreading like wildfire,” he told us. “It’s the hottest topic right now.” That tracks with what we’ve seen: the buzz is real, the questions are coming, and most of the information out there isn’t aimed at helping business owners make a clear-headed decision.

The Hype Machine Nobody Is Talking About

If you’ve been on YouTube recently, you’ve seen the videos. “Everyone should be using OpenClaw.” “Here’s how easy it is to set up.” “I built an AI employee in 20 minutes.” The thumbnails are bold, the energy is high, and the message is consistent: this is the future and you’re already behind.

What most of those videos don’t tell you is who’s paying for them.

A significant number of the most-watched OpenClaw tutorials are sponsored by VPS hosting companies — Hostinger being the most prominent example. The business model is straightforward: get as many people as possible to sign up for a VPS through an affiliate link, earn a commission on each signup. The more people who run OpenClaw, the more VPS subscriptions get sold. The incentive is volume, not accuracy.

One well-known AI YouTuber has publicly stated he was offered $30,000 to promote Hostinger on his channel — and turned it down specifically because he didn’t feel comfortable with the promotional angle. That’s a meaningful data point. For every creator who turned it down, plenty accepted.

The result is a YouTube landscape where the vast majority of OpenClaw content is financially incentivized to make the setup look easy, the risks look manageable, and the audience feel like they’re missing out if they don’t act now. Almost none of it addresses the real security questions in any depth.

We’re not saying OpenClaw is a scam or that everyone covering it is acting in bad faith. We’re saying the information environment around it is heavily distorted by financial incentives, and business owners making decisions based on that content are working with an incomplete picture.

One More Thing Worth Knowing: It Was Vibe-Coded

OpenClaw is open-source software, which means anyone can read the code. People who have done so have noted that significant portions of it appear to have been written with heavy AI assistance — what the developer community has started calling “vibe-coded” software. Code generated quickly with AI tools, iterated fast, shipped fast.

That’s not inherently a disqualifier. A lot of software is built this way now and works fine. But vibe-coded software that is being deployed with broad access to your business systems, your email, your files, and your network — and that has not been through the kind of rigorous security audit that enterprise software typically undergoes — is a different category of risk. The people qualified to evaluate whether a piece of software like this is safe to run in a business environment are cybersecurity professionals who can read the code, understand the architecture, and assess whether it’s been sandboxed correctly. That is not most business owners, and it is not most YouTube tutorial watchers.

What OpenClaw Actually Is

OpenClaw is an open-source AI agent that you install on your own hardware. Unlike ChatGPT or Microsoft Copilot, which are cloud services you log into through a browser, OpenClaw runs locally — on a computer in your office, on your home network, or on a private server you control.

Once it’s running, it acts as an always-on AI coordinator. It connects to the apps and data you already use, takes instructions through messaging apps, executes tasks autonomously, and builds up a memory of your preferences and context over time.

The key distinction from most other AI tools is that OpenClaw doesn’t just answer questions — it takes actions. It can read and write files, send messages, search the web, run scripts, draft and send emails, monitor things on a schedule, and coordinate tasks in the background without you manually prompting it each time.

One important note: OpenClaw is the agent layer, not the AI itself. It connects to AI models separately — either cloud-based ones like Claude or GPT-4, or models running locally on your own hardware. That distinction matters a lot when it comes to privacy and security.

How People Interact With It

You don’t interact with OpenClaw through a dedicated app or dashboard. You talk to it through messaging apps you’re already using — WhatsApp, Telegram, iMessage, Slack, Discord. You send a message the way you’d send one to a colleague, and OpenClaw responds and acts on it.

That interface simplicity is part of what makes it appealing. It’s also part of what makes it dangerous — because the ease of use can obscure how much access the agent actually has to your systems.

What Some Businesses Are Using It For

The OpenClaw community has shared a range of real-world use cases — inbox management, daily briefings, document drafting, research tasks, lead monitoring, and meeting prep. In the right hands, with the right configuration, some of these applications are genuinely useful.

We’re not going to walk through each one in detail here, because we don’t want to get ahead of the more important conversation: whether any business should be running OpenClaw at all without proper security infrastructure in place.

Why Raxxos Advises Most Businesses to Stay Away — For Now

We work with businesses across the Lower Mainland on IT and cybersecurity every day. When we look at OpenClaw through that lens, we see a tool with real capability and real risk — and the risk profile is serious enough that we want to be direct about it.

Georgy described the pattern he sees when businesses move quickly on new technology without thinking through the downstream effects: “A common oversight is failing to consider the broader implications. While the intended outcome may be highly beneficial, the process can introduce unforeseen security, compliance, or reputational risks. In some cases, those challenges only become apparent after significant progress has been made — which makes them much harder to address.” That’s a good description of what we’ve seen with OpenClaw deployments that went wrong.

There are documented cases of OpenClaw instances being compromised. Because OpenClaw is open-source and self-hosted, the security of any given deployment depends entirely on how it’s configured and maintained. Misconfigured instances have been exploited. This isn’t theoretical — it’s happened to real deployments run by people who thought they had it set up correctly.

An agent with broad access is a significant attack surface. OpenClaw is designed to have access to a lot — your files, email, calendar, browser, and the ability to run scripts and execute commands on your systems. That access is where its usefulness comes from. It’s also where a security failure becomes catastrophic. A compromised or misconfigured agent could expose sensitive client data, send communications you didn’t authorize, or make system changes that are difficult or impossible to reverse.

Prompt injection is a real and underappreciated threat. Because OpenClaw acts on instructions it receives and processes content from the web, email, and documents, malicious content in those sources can potentially be crafted to hijack the agent’s behaviour. This attack vector is active and not fully solved in any current AI agent framework, including OpenClaw.

Most setups transmit data to US servers. OpenClaw runs locally, but the AI models it connects to usually don’t. If you’re using cloud-based models like GPT-4 or Claude — which most people do — the content of your tasks, conversations, and file contents is transmitted to servers in the United States. For businesses handling sensitive client data under PIPEDA or BC’s PIPA, this is a compliance issue that needs a clear answer before deployment, not after.

Nobody is monitoring it by default. Like any software running on your infrastructure, OpenClaw needs to be kept updated, monitored, and troubleshot. Logs should be reviewed. Permissions should be audited. If something behaves unexpectedly, someone needs to notice and respond. Most small businesses don’t have the internal IT capacity to manage that ongoing vigilance — and without it, problems tend to compound quietly until they become serious.

There is no vendor accountability. OpenClaw is open-source software maintained by a community. There is no company standing behind it with a support line, an SLA, or liability if something goes wrong. You are on your own in a way that is fundamentally different from using an enterprise software product.

Who Should Be Running OpenClaw

Developers, security professionals, and technically sophisticated early adopters who understand what they’re taking on and have the skills to configure it safely. Specifically: people who can read and audit the source code, understand how to properly sandbox an application with broad system access, and have the expertise to evaluate whether a rapidly-developed, AI-assisted codebase meets the security standards required for their environment.

That is a small group. It does not describe most business owners, and it does not describe most people watching YouTube tutorials about how to set this up in an afternoon.

The way Georgy thinks about new technology decisions reflects how we approach this with clients generally: “My mindset is that you only need just enough tech to get the job done — nothing less, nothing more.” OpenClaw may well be the right tool for certain businesses eventually, as the ecosystem matures and security tooling improves around it. Right now, for most businesses, it’s more tech than the job requires — and more risk than the benefit justifies.

If that’s not you or someone on your team, we’d encourage waiting. The AI agent space is moving fast. Tools that deliver similar capabilities with better security guardrails, vendor accountability, and easier configuration are coming — and some already exist within platforms like Microsoft 365 Copilot that are built with enterprise security from the ground up.

If You’re Still Interested

We’re not here to tell you what to do. If you’re curious about OpenClaw and want to understand whether there’s a version of this that could work securely for your business, we’re happy to have that conversation. We can help you evaluate whether the use case makes sense, what a responsible deployment would actually require, and whether the risk-benefit calculation adds up for your situation.

What we won’t do is set it up for a client without that conversation happening first. The exposure is too significant for us to treat it as a routine implementation.

Book a free conversation with Raxxos if you want a straight answer on whether this is right for your business — and if not, what alternatives might get you where you want to go.

The post What Is OpenClaw and What Does It Actually Look Like When a Business Uses It? appeared first on Raxxos Technology Inc..

]]>
2560
Windows 10 End of Life: What BC Businesses Should Do Now https://raxxos.com/windows-10-end-of-life-what-to-do-bc-business/ Sat, 21 Mar 2026 17:31:59 +0000 https://raxxos.com/?p=2554 Windows 10 support ended in October 2025. Here's the honest, nuanced advice we give clients who are still running it — and what the upgrade actually looks like.

The post Windows 10 End of Life: What BC Businesses Should Do Now appeared first on Raxxos Technology Inc..

]]>
Windows 10 officially reached end of life on October 14, 2025. Microsoft is no longer releasing security patches for it. No fixes, no updates, no protection against newly discovered vulnerabilities.

Five months later, a lot of businesses are still running it.

We’re not going to tell you that’s automatically catastrophic. But we are going to tell you what we actually tell our clients — which is a more nuanced conversation than most of what you’ll read about this.

What “end of life” actually means

When Microsoft stops supporting an operating system, it stops patching security vulnerabilities. New ones get discovered all the time, and attackers find out about them just as fast as anyone else. The difference is that on a supported OS, there’s a fix coming. On Windows 10 right now, there isn’t.

That doesn’t mean your computers will immediately get hacked. It means the risk profile is different, and it will keep getting worse over time as more unpatched vulnerabilities pile up.

Where things actually stand with our clients

Georgy Johnson on our team has been tracking this closely. “Right now we’re down to 3 clients and a total of 16 computers still on Windows 10,” he says. “Most of those computers are still getting updates because we applied the Extended Security Updates — ESU — so they are protected.”

The ESU program is worth knowing about if you’re in a position where upgrading right now genuinely isn’t possible. Microsoft offers paid extended security updates that keep the patches flowing for a limited period while you plan and execute a proper migration. It is not a permanent fix — but it buys time without leaving machines completely exposed. If you have a managed IT provider, they should already know whether this applies to your situation.

Why most businesses haven’t upgraded yet

We talk to a lot of businesses across the Lower Mainland who are still on Windows 10, and the reason is almost never cost or complexity. It’s that they don’t fully believe the risk applies to them.

And honestly, that’s understandable. If you’ve never been through a ransomware incident, it’s genuinely hard to feel the weight of one. You can read statistics but they tend to bounce off. The mental math of “this probably won’t happen to me” feels more real than the math of “if it does happen, here’s what it costs.”

The businesses we see take security seriously are almost always ones that have been through something. A colleague got hit. Their own files got encrypted once. They lost a week of work to a breach. That kind of experience changes how you think about risk in a way that statistics don’t. So when we’re having this conversation with a skeptical prospect, we try to make it concrete rather than just citing numbers.

Georgy put it plainly: “I have not seen a security incident occur because a client was still on Windows 10 — but only time will tell.” That is the honest answer. The risk is real and it grows over time, but it hasn’t bitten every business yet. The question is whether you want to wait until it does.

The honest advice: it depends on your risk tolerance

Here’s what we actually tell businesses who are still on Windows 10.

What would it cost your business if your computers were inaccessible for three days? A week? What if your files were encrypted and you had to decide whether to pay a ransom or rebuild from backup? Add up the realistic number. Then compare it to the cost of upgrading. That’s not rhetorical — it’s a real calculation, and it’s different for every business.

If you’d lose serious revenue from a few days of downtime, the answer is pretty clear. Upgrade now.

If you think your business could absorb it — or if the timing genuinely doesn’t work right now — there are ways to reduce your exposure in the meantime. A robust firewall, a decent third-party antivirus solution, and regular security awareness training for your team can meaningfully lower the chances that a vulnerability gets exploited. None of that makes Windows 10 safe. But it’s better than nothing while you plan. And if ESU applies to your situation, that’s worth exploring too.

What the upgrade actually looks like

The assumption most businesses have is that it’s going to be painful and disruptive. It doesn’t have to be.

We’ve been doing Windows migrations for 15-20 years across our clients here in the Lower Mainland, through every major version release. When it’s planned properly, it’s smooth. For businesses that need high uptime, we can migrate machines over a weekend or overnight. For most, a tiered approach works well — a few computers at a time, working through the fleet over a few weeks without disrupting day-to-day operations. Every client we’ve taken through this has said the process was painless.

The thing that makes upgrades complicated is when they’re reactive. Waiting until something goes wrong and then urgently migrating 20 computers while also dealing with an incident is a genuinely bad situation. Doing it on your schedule, with some lead time, is a completely different experience.

A note on managed IT relationships

For businesses with a managed IT provider, transitions like this should be largely a non-event. Keeping clients ahead of end-of-life deadlines is a core part of what a managed IT relationship is supposed to do. Most of our clients are already on Windows 11 or have a migration scheduled.

If you’re a managed IT client somewhere and your provider hasn’t brought this up, it’s worth asking why.

The short version: running Windows 10 isn’t automatically a crisis, but the risk grows over time and the upgrade is easier than most businesses expect. If you’d like to know which of your machines are still on Windows 10, whether they can run Windows 11, and what a realistic migration looks like for your business, we’re happy to take a look.

The post Windows 10 End of Life: What BC Businesses Should Do Now appeared first on Raxxos Technology Inc..

]]>
2554
2026 Tax Season Phishing Scams In British Columbia https://raxxos.com/2026-tax-season-phishing-scams-in-british-columbia/ Fri, 20 Mar 2026 17:57:01 +0000 https://raxxos.com/?p=2549 Canadians lost $704 million to fraud in 2025. Every tax season, CRA impersonation scams and fake T4 emails surge across BC. Here's how Surrey, Langley, and Lower Mainland businesses can protect themselves.

The post 2026 Tax Season Phishing Scams In British Columbia appeared first on Raxxos Technology Inc..

]]>

Every February, something predictable happens across Canada. Millions of people start thinking about taxes. And thousands of criminals start thinking about those people.

Tax season is the single most productive window of the year for phishing attacks. The Canadian Anti-Fraud Centre reported that Canadians lost $704 million to fraud in 2025 — and authorities estimate that only 5% to 10% of fraud actually gets reported. The real number is likely several billion dollars.

For small businesses in Surrey, Langley, and the Lower Mainland, the risk is compounding. You’re not just a potential victim as a taxpayer. You’re a target as an employer, a payer of invoices, and a custodian of employee and client data. Attackers know this, and they’ve built their playbook around it.


Why Tax Season Is Different

Phishing works best when it rides an existing expectation. And between February and April, every Canadian expects to receive tax documents, CRA correspondence, and financial paperwork. That expectation is the exploit.

The Ontario Provincial Police issued a warning in March 2026 about a surge in CRA-themed scams — fake emails, deceptive text messages, and impersonation phone calls designed to steal personal and financial information. The OPP isn’t issuing that warning because these attacks are rare. They’re issuing it because they work.

Here’s what makes tax season phishing particularly dangerous for businesses: the attacks don’t just target the owner. They target anyone who touches money or data — your bookkeeper, your office manager, your payroll administrator. One employee clicking one link can open the door to everything.


The Three Attacks Hitting BC Businesses Right Now

1. Fake T4 and Payroll Emails

This is the corporate version of the CRA refund scam, and it’s more sophisticated.

An employee in your office receives an email that appears to come from your payroll provider or accounting software. The subject line reads something like “2025 Employee Tax Documents Ready” or “Updated T4 Slips — Action Required.” The email contains an attachment or a link to download what looks like a tax document.

On March 19, 2026, Microsoft Threat Intelligence published a report documenting a campaign that sent tax-themed phishing emails to approximately 100 organizations in manufacturing, retail, and healthcare. The emails used the subject line “2025 Employee Tax Docs” and contained a Word document attachment with a QR code pointing to a credential-harvesting page. Each document was customized with the recipient’s name, and the phishing URL contained their email address — meaning every employee received a unique, personalized attack.

This isn’t spray-and-pray anymore. It’s precision targeting at scale.

2. The CEO Payroll Request

This one is a classic business email compromise (BEC) attack, and tax season gives it a perfect cover story.

Your payroll administrator receives an email that appears to come from the owner or a senior manager. The message is short and urgent: “Can you send me copies of all employee T4s? Need them for the accountant before end of day.” The email address looks right. The tone sounds right. The request makes sense — it’s tax season, after all.

The FBI has identified this type of BEC attack as one of the most financially damaging cybercrime categories affecting organizations. BEC attacks increased 171% in 2025, with an average loss per incident exceeding $160,000 before recovery. In Canada specifically, the average BEC loss was $21,000 — lower than the global average, but devastating for a 15-person company in Langley.

The employee sends the T4s. Now the attacker has every employee’s full name, address, social insurance number, and income. That’s enough to file fraudulent tax returns, open credit accounts, and sell the data on dark web marketplaces.

3. CRA Impersonation — The Business Version

Most people think of CRA scams as those robocalls threatening arrest. Those still exist, but the business-targeted version is more subtle.

A business owner receives an email or text that looks like it’s from the CRA, stating there’s an issue with the company’s GST/HST remittance, payroll deductions, or corporate tax filing. The message includes a link to “resolve the issue” before penalties are applied. The fake CRA portal looks convincing. The business owner enters their credentials. The attacker now has access to the real CRA account — or worse, the login credentials the owner reuses across other systems.

The CRA itself published a warning in 2026 about AI-generated tax scams, noting that generative AI has become “the most prevalent type of AI used in relation to tax scams and fraud.” The old tells — broken English, fuzzy logos, clumsy formatting — are disappearing. AI produces clean, professional-looking fraud.


The AI Problem Is Getting Worse

A year ago, we wrote about AI-powered attacks in Canada’s 2025 Cyber Threat Assessment. Since then, the problem has accelerated exactly as predicted.

The Government of Canada’s October 2025 report on financial fraud stated that “artificial intelligence is making the problem worse by allowing fraudsters to produce more convincing impersonations, fake communications, and deceptive marketing tactics.”

For tax season specifically, that means:

  • Phishing emails that read like your accountant wrote them. AI can match tone, use correct terminology, and reference real deadlines. The days of spotting a scam by its grammar are over.
  • Voice cloning on phone calls. An attacker can clone someone’s voice from a few seconds of audio — a LinkedIn video, a voicemail greeting, a podcast appearance. Imagine your bookkeeper getting a call that sounds exactly like you, asking them to wire a tax payment.
  • Fake CRA portals that are pixel-perfect. AI can generate professional-looking websites in minutes. The phishing page your employee lands on may be indistinguishable from the real My CRA login.

A 2025 Insurance Bureau of Canada survey found that 72% of Canadian small business owners are concerned that AI and new technology will complicate cyber protection — up from 65% the previous year. They’re right to be concerned. But concern without action doesn’t stop an attack.


The Numbers That Should Keep Business Owners Up at Night

Here’s where things stand for Canadian small businesses heading into the 2026 tax season:

  • 73% of Canadian small businesses have already experienced a cybersecurity incident (BDC).
  • Only 22% of Canadian SMEs carry any form of cyber insurance. Just 12% have a standalone policy (IBC, 2025).
  • Only 48% have implemented any form of cyber defense (IBC, 2025).
  • Only 45% have policies and training to help employees spot AI-generated scams (IBC, 2025).
  • Canadian businesses spent $1.2 billion on recovery from cyber incidents in 2023 — double the $600 million spent in 2021 (Statistics Canada).

Read those numbers together. Nearly three-quarters of small businesses have been hit. Fewer than half have any defenses. Fewer than a quarter have insurance. And the attacks are getting smarter every month.

Tax season just concentrates all of this into a six-week window where everyone is distracted, stressed, and dealing with legitimate financial paperwork that looks a lot like the fraudulent kind.


What Your Business Should Do Before April 30

You don’t need a six-figure security budget. You need a few specific things done right, done now.

1. Brief your team — specifically about tax season scams.

This isn’t a generic cybersecurity training. This is a 15-minute conversation with anyone who handles payroll, finances, or sensitive documents. Tell them what to watch for:

  • Any email requesting T4s, tax documents, or employee information — even if it appears to come from you.
  • Any “CRA” communication that includes a link or requests login credentials.
  • Any request involving urgency and money during tax season.

Establish a simple rule: any request involving tax documents, money transfers, or sensitive data gets verified by phone before anyone acts on it. Not by replying to the email. By picking up the phone and calling the person directly using a number you already have.

2. Lock down your payroll and accounting access.

Who in your organization can access employee T4s, social insurance numbers, and banking information? That list should be as short as possible. Every person on that list should have multi-factor authentication enabled. No exceptions.

If your payroll system allows it, set up alerts for bulk downloads or exports of employee tax documents. If someone downloads all your T4s at once, you want to know about it immediately.

3. Turn on multi-factor authentication everywhere.

If you’ve been putting this off, tax season is your deadline. MFA on your email. MFA on your CRA My Business Account. MFA on your accounting software. MFA on your payroll platform.

The Microsoft campaign we mentioned earlier specifically targeted credential theft. If those stolen credentials are protected by MFA, the attacker’s phishing page gets them a username and password that don’t work without the second factor. That’s the difference between a close call and a catastrophe.

4. Verify the CRA’s communication channels.

The CRA will never:

  • Send refunds via e-transfer or text message.
  • Ask for your social insurance number by email or phone.
  • Request banking details through email.
  • Threaten arrest or deportation.
  • Demand payment via cryptocurrency, gift cards, or prepaid credit cards.

Print that list. Put it next to the phone. Make sure every employee who answers calls or reads company email has seen it.

5. Check your CRA My Business Account directly.

If you receive any communication claiming to be from the CRA, don’t click the link. Open a browser, type canada.ca yourself, and log into your account directly. If there’s a real issue, it will be there. If it’s not there, the communication was a scam.

This one habit neutralizes the vast majority of CRA impersonation attacks.


The Insurance Gap

Here’s a number that deserves its own section: 78% of Canadian small businesses have no cyber insurance at all.

That means if a phishing attack during tax season leads to a data breach — employee SINs stolen, client records exposed, ransomware deployed — most small businesses are paying for the response, the recovery, the legal fees, and the regulatory penalties entirely out of pocket.

Under PIPEDA, if employee personal information (like the data on a T4) is disclosed through a phishing attack, businesses may be required to report the breach to the Privacy Commissioner and notify affected individuals. In British Columbia, PIPA imposes additional obligations.

Cyber insurance doesn’t prevent attacks. But it can be the difference between a business surviving a breach and shutting its doors. If you don’t have a policy, get quotes before tax season ends. Many insurers will require basic security measures — like MFA and endpoint protection — as a condition of coverage. Those requirements aren’t arbitrary. They’re the minimum.


The Real Cost Isn’t the Ransom

When people think about cybercrime costs, they think about ransom payments. The actual financial damage is broader and quieter.

A successful phishing attack on your business during tax season might cost you:

  • Direct financial loss from fraudulent wire transfers or misdirected payments.
  • Employee trust when their personal information is compromised because your systems weren’t secure.
  • Client trust if the breach extends to client data.
  • Regulatory costs from mandatory breach reporting under PIPEDA and PIPA.
  • Recovery costs. Canadian businesses spent $1.2 billion on cyber incident recovery in 2023. For a small business, even a fraction of that is existential.
  • Operational downtime while systems are investigated, cleaned, and restored.

The average BEC loss in Canada is $21,000. That’s the average. For some businesses, a single incident costs far more — and for a company with 10 to 20 employees, $21,000 is a brutal hit to absorb in a single event.


This Is a Seasonal Problem With a Year-Round Fix

Tax season scams peak between February and April, but the defenses that protect you during this window protect you all year. MFA doesn’t expire in May. Employee awareness doesn’t become irrelevant in June. Proper access controls on your payroll system don’t stop mattering after the filing deadline.

The businesses that get through tax season without incident aren’t the ones who panicked in March. They’re the ones who built basic security into their operations months ago and maintain it consistently.

That said, if you haven’t done those things yet, today is better than tomorrow. And tomorrow is better than the day after your bookkeeper clicks a link in a fake T4 email.


How Raxxos Protects Lower Mainland Businesses

At Raxxos, we manage IT and cybersecurity for small businesses across Surrey, Langley, and the Greater Vancouver area. During tax season, we see these attacks hit our clients’ inboxes every single day. The difference is that our clients have the defenses in place to stop them.

Here’s what that looks like in practice:

  • Email Security and Phishing Protection: Advanced filtering that catches fraudulent tax emails, CRA impersonation attempts, and BEC attacks before they reach your employees.
  • Multi-Factor Authentication Setup: We configure MFA across your email, accounting software, payroll platform, and CRA accounts — and we make sure it actually stays turned on.
  • Employee Security Awareness Training: Ongoing training that includes simulated phishing attacks so your team learns to recognize the real thing. We update the training scenarios for tax season every year.
  • Endpoint Protection: If someone does click a malicious link, endpoint detection catches the malware before it spreads.
  • 24/7 Monitoring: We monitor your systems around the clock. If something suspicious happens at 11 PM on a Tuesday, we catch it before your team arrives Wednesday morning.
  • Incident Response: If something does get through, we have a response plan ready. Containment, investigation, recovery — all handled so you can focus on running your business.

We respond to support requests in an average of under 15 minutes. Our office is in Cloverdale, on the Surrey/Langley border, which means we can be on-site fast when you need us. And we price everything on a flat monthly rate per user — no surprise bills, no per-incident charges that punish you for calling when something looks wrong.

If your business doesn’t have these basics in place and tax season is making you nervous, we offer a free 30-minute IT consultation to assess where you stand. No obligation, no pitch. Just an honest look at your setup and what needs attention.

Book your free consultation or call us at (604) 260-6869.


Further Reading

  • CRA: How to Recognize a Scam
  • Canadian Anti-Fraud Centre — report fraud or check current scam alerts
  • Canada’s 2025 Cyber Threat Report: What BC Small Businesses Need to Know
  • Free Employee AI Usage Policy Template
  • Restaurant Cybersecurity Guide for Lower Mainland Operators
  • CRA: What You Need to Know About AI-Generated Tax Scams

Published: March 2026. For the most current scam alerts, visit CRA Scams and Fraud or contact the Canadian Anti-Fraud Centre at 1-888-495-8501.

The post 2026 Tax Season Phishing Scams In British Columbia appeared first on Raxxos Technology Inc..

]]>
2549
No, You Don’t Need to Worry About Windows 12 Yet https://raxxos.com/no-you-dont-need-to-worry-about-windows-12-yet/ Fri, 06 Mar 2026 11:21:57 +0000 https://raxxos.com/?p=2537 You may have seen some headlines recently about Microsoft launching Windows 12, possibly with a subscription model and new hardware requirements. The short version is that Microsoft has not actually announced Windows 12. The reports were based on a speculative article that the publisher later retracted, saying it “should not have been published.” Multiple sources […]

The post No, You Don’t Need to Worry About Windows 12 Yet appeared first on Raxxos Technology Inc..

]]>
You may have seen some headlines recently about Microsoft launching Windows 12, possibly with a subscription model and new hardware requirements.

The short version is that Microsoft has not actually announced Windows 12.

The reports were based on a speculative article that the publisher later retracted, saying it “should not have been published.” Multiple sources familiar with Microsoft’s roadmap have confirmed there are no plans to release it in 2026, and the company is not working on a subscription-based operating system.

Part of the reason the story gained traction is that AI-powered content sites picked up the original article, rewrote it, and republished the same claims as news. Those sites then cited each other as sources, which made everything look more credible than it was. It’s also worth noting that a lot of Windows users are frustrated with Microsoft’s recent push toward AI features, so the story lined up with what people were already expecting. That combination made it spread quickly.

Windows 11 is Still Solid For Years To Come

For those already on Windows 11, nothing about the Windows 12 coverage changes anything. Windows 11 is stable, supported, and receiving regular updates.

BUT, if any of your business’s computers are on Windows 10 – Microsoft ended support for Windows 10 in October 2025, which means machines still running it are no longer receiving security updates.

Newly discovered vulnerabilities won’t be patched on those systems, and that gap grows over time. Businesses that haven’t moved to Windows 11 yet, may want to prioritize that.

On the hardware question

One of the claims in the retracted story was that Windows 12 would require a dedicated AI chip that most current computers don’t have. That particular claim was not substantiated, and it’s not something to base purchasing decisions on, at least for now.

When Microsoft does release a new version of Windows, which most credible sources place at late 2027 at the earliest, there will be clear guidance on hardware requirements well in advance. Microsoft has historically given businesses extended timelines for major transitions, and there’s no reason to expect that to change.

AI features like Copilot are part of Windows now, but they’re optional. You can use them or not. If that changes down the road, there will be time to plan for it.

How stories like this spread

Tech headlines and actual product roadmaps don’t always line up. In this case, a speculative article turned into a Reddit post with thousands of comments within hours, and by the time it was corrected, fewer people saw the update.

It’s a pattern that’s becoming more common as AI-generated content sites make it easier for unverified claims to circulate quickly.

We hope this article clears up any confusion for business owners who might’ve been worried about the headlines.


Raxxos has been helping BC businesses plan Windows migrations, manage security, and sort real tech developments from noise for over 15 years. If you’re not sure where your machines stand or whether your Windows 10 migration is complete, that’s exactly the kind of thing we help with.


Sources

The post No, You Don’t Need to Worry About Windows 12 Yet appeared first on Raxxos Technology Inc..

]]>
2537
Restaurant Cybersecurity: A Practical Guide for Vancouver, Surrey, and Langley Operators https://raxxos.com/restaurant-cybersecurity-a-practical-guide-for-vancouver-surrey-and-langley-operators/ Fri, 16 Jan 2026 00:56:10 +0000 https://raxxos.com/?p=2501 If you own or manage a restaurant in Vancouver, Surrey, Langley, or anywhere in the Lower Mainland, your business is a target. Not because you’re famous. Not because you’re processing millions. But because you’re processing credit cards, managing customer data, and running systems that attackers know how to exploit. According to Rogers Cybersecure Catalyst, over […]

The post Restaurant Cybersecurity: A Practical Guide for Vancouver, Surrey, and Langley Operators appeared first on Raxxos Technology Inc..

]]>
If you own or manage a restaurant in Vancouver, Surrey, Langley, or anywhere in the Lower Mainland, your business is a target. Not because you’re famous. Not because you’re processing millions. But because you’re processing credit cards, managing customer data, and running systems that attackers know how to exploit.

According to Rogers Cybersecure Catalyst, over 30% of hospitality businesses suffered at least one cyberattack in 2025, with breaches costing upwards of $3.4 million each. And HSB Canada reports that 46% of restaurant cyber losses come from malware and hacking alone.

The restaurant industry has embraced technology faster than almost any other sector. Online ordering. QR code menus. Integrated POS systems. Digital reservations. But as Trish Dyl from Rogers Cybersecure Catalyst puts it: “The restaurant industry is moving quickly to absorb digital innovations while missing the most essential step — cybersecurity.”

Here’s what you need to know to protect your business.


Why Restaurants Are Prime Targets

Restaurants check every box on a cybercriminal’s wishlist:

  • High transaction volume: Toast reports that 88% of restaurant transactions are paid by credit card. Every swipe is data that can be stolen.
  • High staff turnover: New employees mean new training gaps. According to IBM, 95% of security incidents involve human error.
  • Complex technology stacks: Your POS system talks to your payment processor, which talks to your reservation platform, which connects to your delivery apps. Each integration is a potential entry point.
  • Limited IT resources: Most restaurants don’t have dedicated IT staff. Technology decisions often fall to managers already juggling a dozen other responsibilities.
  • Extended hours: Restaurants operate when most IT support doesn’t. A problem at 10 PM on a Saturday can’t wait until Monday.

This combination makes restaurants attractive to both sophisticated criminal organizations and opportunistic hackers using automated tools.


The Real Threats Facing Lower Mainland Restaurants

Let’s look at what’s actually happening to restaurants in our region and across Canada.

POS System Attacks

Your point-of-sale system is the heart of your operation and the primary target for attackers.

In 2014, a strain of malware called JackPOS compromised nearly 700 credit cards in Canada, with 400 of those coming from Vancouver alone. The attackers used a simple technique: they created a list of common passwords (POS1, Administrator, 123456789) and brute-forced their way into systems with remote access enabled.

More recently, the BlackCat ransomware group attacked Aloha POS software, impacting thousands of restaurants and stealing sensitive credentials.

The lesson: if your POS system is accessible remotely and protected by a weak password, it’s only a matter of time.

Ransomware Targeting Restaurant Chains

In 2018, Recipe Unlimited (the parent company of Swiss Chalet, Harvey’s, Milestones, Kelseys, Montana’s, and East Side Mario’s) was hit with a ransomware attack that forced multiple locations to close and left others unable to process credit or debit transactions.

The attackers claimed they had encrypted the company’s files “with the strongest military algorithms” and demanded Bitcoin payment. Every day of delay cost an additional 0.5 Bitcoin (over $4,000 CAD at the time).

This isn’t ancient history. In July 2025, Colabor Group, a major food wholesaler in Quebec, announced a cybersecurity incident. When your suppliers get hit, your supply chain gets disrupted.

The BC Hydro Scam Targeting Vancouver Restaurants

The Vancouver Police Department has warned about a scam specifically targeting local restaurants: callers claim to be from BC Hydro, saying the business has an outstanding electricity bill. They threaten to cut power within hours unless the restaurant makes immediate payment via cryptocurrency.

It’s a simple scam, but it works because it exploits the pressure restaurant staff feel to keep operations running. The lesson: legitimate service providers never demand cryptocurrency payments, and they don’t threaten to cut power without warning.

Internal Fraud and POS Manipulation

Not all threats come from outside. A BC Business Magazine investigation documented widespread fraud in BC restaurants, with investigators reviewing 1,500 POS transactions from roughly 300 local establishments.

One case: a server earned $32,000 by recycling a single bill throughout her shifts. Another: a former maître d’ at Vancouver’s 900 West returned wine bottles for cash refunds, stealing cases worth over $400 each.

The technology that makes your restaurant efficient can also be manipulated by those who understand it. Proper access controls and monitoring aren’t just about outside hackers. They protect you from internal threats too.


The AI Factor: Why Threats Are Getting Worse

As we covered in our analysis of Canada’s 2025 Cyber Threat Assessment, artificial intelligence is making attacks more dangerous across the board.

For restaurants, this means:

Better Phishing Emails

Attackers are using AI to craft personalized, grammatically perfect emails. That “urgent message from your landlord” or “complaint from a health inspector” might look completely legitimate. Your staff can’t rely on broken English or obvious formatting errors anymore.

Voice Cloning Scams

AI voice models have become good enough to spoof someone’s voice in real time. Imagine your staff receiving a call that sounds exactly like you, instructing them to wire money or share login credentials. This is happening now.

Automated Target Selection

Attackers use AI to scan for vulnerable systems at scale. They’re not picking your restaurant specifically. They’re identifying every business with an exposed POS system or unpatched software and attacking them all simultaneously.


Five Steps to Protect Your Restaurant

Here’s what you can actually do, starting this week.

1. Secure Your POS System

Your POS is your biggest vulnerability. Protect it:

  • Change default passwords immediately. The JackPOS attacks succeeded because restaurants used passwords like “123456789.”
  • Disable remote access unless absolutely necessary. If you need it, require multi-factor authentication.
  • Keep your POS software updated. Vendors patch vulnerabilities regularly. If you’re running outdated software, you’re running with known security holes.
  • Segment your network. Your POS system shouldn’t be on the same network as your guest Wi-Fi.

2. Train Your Staff (Seriously)

With 95% of security incidents involving human error, your team is both your biggest vulnerability and your best defense.

Train staff to:

  • Verify unexpected requests. Any call or email asking for payment, credentials, or sensitive information gets verified through a separate channel. Call the person directly using a number you know, not the one they provided.
  • Recognize phishing attempts. Modern phishing looks professional. Train staff to be suspicious of urgency, unusual requests, and anything that “just doesn’t feel right.”
  • Report incidents immediately. The faster you know about a potential breach, the faster you can respond.

This isn’t a one-time training. It needs to be ongoing, especially given high turnover in the industry.

3. Separate Guest and Business Networks

Your customers expect Wi-Fi. But that guest network should be completely isolated from your business systems.

  • Guest Wi-Fi: Separate SSID, separate VLAN, no access to internal systems.
  • Staff network: Protected, monitored, with proper access controls.
  • POS network: Ideally isolated from both, with strict firewall rules.

This prevents a customer with malicious intent (or malware on their device) from accessing your business systems.

4. Implement Proper Backup and Recovery

If ransomware hits, backups are your lifeline. But only if they’re done right:

  • Automated, regular backups of all critical data.
  • Offsite or cloud storage that attackers can’t reach if they compromise your main systems.
  • Tested recovery procedures. When was the last time you actually restored from backup? Do it before you need to.

5. Get Cyber Insurance

Even with the best defenses, breaches happen. Cyber insurance provides a safety net for:

  • Data breach response costs
  • Business interruption losses
  • Legal fees and regulatory fines
  • Customer notification and credit monitoring

Review your policy carefully. Many require specific security measures (like multi-factor authentication) as a condition of coverage.


The Heritage Building Challenge

Many of the Lower Mainland’s best restaurants operate in heritage buildings. These spaces have character, but they also have infrastructure challenges.

We’ve worked with restaurants like Brix & Mortar in Yaletown, where 1912 brick walls hide decades of mixed wiring. Running modern, secure technology in these environments requires planning: hidden cabling, limited space for equipment, and the need to maintain reliable systems without disrupting service.

It can be done, but it requires experience with both the technology and the unique constraints of heritage properties.


Multi-Location Complexity

If you operate multiple locations, your security challenge multiplies. Each location needs consistent policies, standardized systems, and centralized monitoring.

We’ve supported over 20 Joseph Richard Group locations across Surrey and Langley. The key is standardization: same security policies, same POS configurations, same monitoring across every location. When something goes wrong at one site, you need to know immediately and be able to respond.


What to Look for in an IT Partner

Most restaurants don’t need (and can’t afford) full-time IT staff. But you do need a partner who understands the unique demands of the industry.

Look for:

  • 24/7 monitoring and support. Problems don’t wait for business hours. Your IT support shouldn’t either.
  • Restaurant experience. Generic IT providers don’t understand POS systems, kitchen display integration, or the pressure of a Saturday night service.
  • Proactive security. You want issues caught before they disrupt service, not after.
  • Local presence. When you need someone on-site, they should be able to get there quickly.

For more on selecting the right partner, see our guide on how to choose a managed IT provider in Vancouver.


The Bottom Line

Cybersecurity isn’t glamorous. It doesn’t bring customers through the door or improve your Yelp rating. But a breach can close you down. A ransomware attack during your busiest season can cost you thousands in lost revenue. A data breach can destroy customer trust you’ve spent years building.

The good news: the basics work. Strong passwords. Multi-factor authentication. Network segmentation. Staff training. Regular backups. These aren’t expensive or complicated. They just need to be done consistently.

The restaurants that thrive in this environment are the ones that treat cybersecurity as part of operations, not an afterthought. Just like you invest in food safety, staff training, and customer experience, security deserves attention.


How Raxxos Supports Lower Mainland Restaurants

At Raxxos, we’ve been providing managed IT services to restaurants in Surrey, Langley, and across the Lower Mainland for over 15 years. We understand that downtime during service isn’t an option and that your technology needs to work as hard as your staff.

Our restaurant clients get:

  • 24/7 System Monitoring: We catch problems before they affect your kitchen or front-of-house.
  • POS Support and Security: Proper configuration, monitoring, and protection for your point-of-sale systems.
  • Secure Wi-Fi Management: Separate networks for guests and staff, with proper security protocols.
  • Staff Security Training: Ongoing education so your team recognizes modern threats.
  • Backup and Recovery: Immutable backups designed to recover from ransomware.
  • Multi-Location Support: Consistent security across all your sites.

Whether you’re a single location or expanding across the region, we provide flat-rate, predictable IT support that scales with your business.

Contact Raxxos today for a free security assessment. Let’s find out where you’re vulnerable before someone else does.


Further Reading


Published: January 2026. For the most current threat information, visit cyber.gc.ca or contact the Canadian Anti-Fraud Centre.

The post Restaurant Cybersecurity: A Practical Guide for Vancouver, Surrey, and Langley Operators appeared first on Raxxos Technology Inc..

]]>
2501
Cybersecurity Tips for Local Surrey and Langley Businesses in 2026 https://raxxos.com/cybersecurity-tips-for-local-surrey-and-langley-businesses-in-2026/ Fri, 09 Jan 2026 02:28:02 +0000 https://raxxos.com/?p=2489 First off, why do we always say Surrey and Langley? It’s because our office is in Surrey (Cloverdale) but closer to downtown Langley than downtown Surrey. Meaning we have pretty much a 20 minute driving radius that covers all of Surrey and Langley. We want more clients in Surrey and Langley. We should really get […]

The post Cybersecurity Tips for Local Surrey and Langley Businesses in 2026 appeared first on Raxxos Technology Inc..

]]>
First off, why do we always say Surrey and Langley?

It’s because our office is in Surrey (Cloverdale) but closer to downtown Langley than downtown Surrey. Meaning we have pretty much a 20 minute driving radius that covers all of Surrey and Langley. We want more clients in Surrey and Langley.

We should really get a name that covers both cities. Like Surlang. Let me know what you think in the comments.

Also, since the area is so new, it has a larger proportion of new businesses and startups than the Vancouver area. Less years of business experience unfortunately equals more risk.

So, it’s expected that cybersecurity is going to be a major challenge for Surrey and Langley BC in 2026 and beyond, especially while we’re currently seeing possibly the most exponential change in technology ever with the development of AI.

The baseline security we put in place for clients

Here’s what we do for our clients.

Take notes so you can DIY it into your business, make sure your current IT company is doing it, or just call us and we’ll take care of it for you.

For our clients, we start with a basic security stack that gives them a solid foundation, and while the exact setup can vary between businesses, the core pieces tend to stay pretty consistent.

That stack usually includes an enterprise-level firewall to protect the physical office from internet-based attacks, along with a unified system like Microsoft 365 or Google Workspace so company data stays contained inside a controlled environment instead of being scattered across personal accounts and devices.

On top of that, we deploy specialized antivirus that we can manage and monitor from a central portal, and that software goes on every company-owned laptop, PC, and server so nothing slips through the cracks.

We also make sure multi-factor authentication is enforced on as many systems as possible, because even simple extra steps can significantly reduce the risk of unauthorized access.

All of these things are relatively easy for us to implement and don’t require much ongoing effort from the client side, which most business owners appreciate, because once everything is set up, it just runs in the background.

Where attacks are actually getting through now

The harder part, and the part we see becoming the most important going into 2026, is employee security awareness, because more and more attacks are succeeding without doing anything technical at all.

One of the biggest examples of this is phone impersonation attacks, where AI voice models have become good enough that an attacker can spoof someone’s voice in real time and make the call sound exactly like a person the victim already knows.

In some cases, the attacker can even spoof the phone number, which removes another layer of suspicion and makes the situation feel normal in the moment.

We’ve already seen this work on both business users and home users, and it’s been surprisingly effective because it relies on trust instead of exploiting a system vulnerability.

CEO and finance impersonation is a major risk

A common version of this type of attack involves someone impersonating a CEO and calling a CFO with a request for a wire transfer, often framed as urgent and time-sensitive so there’s pressure to act quickly.

Because the voice sounds real and the request feels familiar, people sometimes follow through before stopping to verify, and unfortunately this has worked many times across different organizations.

That’s why employee awareness training has become such a big focus for us, because these attacks don’t rely on breaking into networks or bypassing software controls, they rely on convincing a real person to take action.

What awareness training actually looks like

Security awareness training does take time from the company and from employees, and that part can be inconvenient, but these risks can’t be ignored anymore.

Some of the safeguards we recommend are straightforward and practical, like approving large transactions in person, hanging up and calling a trusted number to verify a request, or adding additional approvers so financial decisions don’t rest with just one person.

For larger transactions, we often recommend having both the CEO and the CFO involved in the approval process, because even small delays and extra checks can stop an attack before any money leaves the business.

These steps don’t require advanced tools or complicated systems, they just create enough friction to prevent most impersonation attempts from succeeding.

Why cyber insurance still matters

Even with strong technical protections and trained employees, no system is ever 100 percent secure, and that’s just the reality of running a business today.

That’s why having a cyber insurance policy is still important, because if something does get past the protections, insurance can help cover the financial impact while the business works through recovery.

It’s not a replacement for security measures, but it does provide a level of protection when something unexpected happens.

How we think about cybersecurity for Surrey businesses

Cybersecurity today is layered, and it works best when each layer supports the others instead of standing on its own.

It includes the firewall and systems that protect the network, the way employees respond to requests and verify information, and the insurance coverage that’s there if something still goes wrong.

All of those pieces matter, and leaving any one of them out creates a gap that attackers are more than willing to take advantage of.

For local Surrey and Langley businesses (Surlang), the goal isn’t to overcomplicate things or overwhelm people with tools, it’s to put the right protections and habits in place so the business can keep operating smoothly even when something unexpected happens.

But no matter what, do something, and always be improving.

Stay safe!

The post Cybersecurity Tips for Local Surrey and Langley Businesses in 2026 appeared first on Raxxos Technology Inc..

]]>
2489