Protecting your networks, devices, applications and data for attack, damage or unauthorized access.
Cyber security issues were more severe than last year. The number of attacks and breaches increased as did the tools and processes for defending against them.
The number of police-reported cybercrimes in Alberta has increased by 185% between 2014 and 2017, according to a recent Statistics Canada report. This represents the largest increase in Canada.
Here are some of the numbers for 2018:
- Marriott Starwood Hotels reservation system, personal information of 500 million customers over four years
- Bell Canada hackers accessed personal information of around 100, 000 customers
- Bank of Montreal and CIBC’s Simplii Financial were hacked
- Ransomware attacks on the municipalities of Wasaga Beach and Midland, Ontario, along with Mekina, Quebec
More challenges require us to adopt multiple tactics.
- Have a Plan: Know how you will recover from ransomware because we are all targets.
- Create a Security Culture: Make security a core value. Building security in at the start, leaders that are engaged, and holding teams accountable for compliance are part of creating the culture.
- Adopt MFA: Multi-factor authentication is needed beyond more than just VPNs and privileged accounts.
- Use a Password Manager: This will ensure unique passwords across platforms and ensure business credentials are different from personal ones.
- IT and Business Aligned: Ensure the team managing your IT security has solutions aligned with the RTO (recovery time objective) and RPO (recovery point objective) that meet your business needs.
We have to fight against complacency and keep working at it.
- Statistics Canada. (2019, January 3). Table 35-10-0002-01 Police-reported cybercrime, by Census metropolitan area, Canada, provinces and territories. Retrieved January 3, 2019, from https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=3510000201
- Solomon, H. (2019, January 2). Cyber security predictions 2019: Watch for these four important Canadian privacy reports. Retrieved January 3, 2019, from https://www.itworldcanada.com/article/cyber-security-predictions-2019-watch-for-these-four-important-canadian-privacy-reports/413456
- Graney, J., Bloom, D., & Koletic, V. (2018, December 10). Alberta police-reported cybercrime doubles over four years: Statistics Canada. Retrieved January 3, 2019, from https://edmontonjournal.com/technology/personal-tech/alberta-police-reported-cybercrime-doubles-over-four-years-statistics-canada
The security breach was announced on September 28 by Facebook and affected at least 50 million users. The attackers exploited bugs in the platforms “View As” privacy feature, which occurred in July 2017, when Facebook introduced a new video uploader.
The uploader feature appearing as active in the “View As” feature and created an access token, which was not supposed to happen. Access tokens provide a key to keep users logged into their accounts and to provide access to other platforms. This is a convenience to reduce the need to enter login credentials.
What to do now? Reconsider the use of the Facebook login feature. Using the login feature of platforms or reusing the same password across various is not work the risk taken for the small amount of convenience.
Check your privacy settings and credential recovery options on Facebook and your other platforms. Ensure you know how they are configured and update them. Facebook had a security update post in their developer’s blog suggesting user visit the “Security and Login” tab on the sites settings menu to review platforms connected through Facebook.
Change your password to something hard to guess and unique. This breach apparently did not get passwords but access tokens instead. It will do no harm to update your password on Facebook and your other platforms.
Enable 2FA (two-factor authentication) using a third party app like Google Authenticator or Authy, both of which are free. Two-factor authentication requires you do something to verify identify beyond supply a password. There is the option to receive an e-mail or text message but using an app may reduce the risk from the 2FA messages being intercepted.
Turning on notifications for every login to your accounts across platforms could seem like over kill, in the beginning. It does settle down once you establish the pattern of where and when you login. Knowing that helps to keep you informed.
- Image: Pixabay, LoboStudioHamburg
Imagine this. You’re scrolling the internet and your instant messaging pops up. It’s someone you talk to quite frequently, and they’ve sent you a link telling you to check it out. You click the link, and suddenly your files start changing and you can’t open anything. Suddenly you’ve become a victim of a phishing scam.
What just happened?
You sit there confused, but in the back of your mind you understand the link you clicked was not what it seemed to be, and are now wondering what it will take to get the information back?
Phishing is a common cyber crime that has hit many unsuspecting people, and sometimes the results are harmless. Sometimes you are only locked out of your online accounts for few minutes. But other times serious damage can begin the minute your mouse clicks the link.
Hackers target companies and individuals by email, and most people see a link in an email and don’t even consider it is going to be detrimental to click.
A good rule to follow is to limit the links you do click in email messages. Remember, when protecting yourself from phishing scams, pay attention to the where the link is going to take you, be skeptical of email attachments and pay close attention to the sender email address.
If something looks suspicious, taking the time to check and be sure makes sense.
Getting to a place where you understand how to protect yourself takes effort and some training. This training has come a long way over the years.
Find out how a few quick and focused training sessions can help you and your team improve your skills. Ask us about some options for effective cyber security training.
How secure are you?
Passwords are your first line of defense when it comes to protecting your private systems and information. Having a strong password in place leaves you just that much more secure.
On May 3, 2018, we celebrated World Password Day, and the facts are simple; most people either don’t understand the importance of a secure password, or don’t want to take the time to ensure information is protected in the simplest way.
I don’t know about you, but I’m just as guilty as the majority of the population for having the same password across the board, changing up one number or letter per platform. Just like you, I’ve left myself extremely vulnerable to hackers of any level.
With digital platforms filling up most of your spare time, it’s important to adhere to the rules and suggestions. Each of these platforms ask for a different sequence of characters, for good reason.
According to Entrepreneur Online, a survey was conducted by TeleSign a few years ago, which polled approximately 2,000 consumers throughout the U.S. and the U.K. The study concluded about 3 out of 4 people use duplicate passwords, some of which haven’t been changed in years.
Good to know I’m not the only one who could lose everything.
In the past year alone, about 40% of people received noticed of personal information being compromised, accounts being hacked, or have had a password stolen. Data breaches are inevitable. Therefore, why aren’t you taking better measures to protect your information.
When is the last time you changed your password? In the same survey, mentioned above, about 21% of people still use passwords they created 10 years ago. If you can’t remember the last time you changed your password, I highly suggest you take the time today to do so.
Keep them long, complicated, a sequence of numbers and letters. You can even generate up passwords for free online. Whatever you do, your password should not be something that can be guessed. No birthday’s please. Pet names are out too.
The next step you can take is to add another level of security. Two-factor authentication is a great way to significantly decrease the risk of any hacker. This method requires an additional type of identification, of which the user has on them at the time.
Passwords are inevitably a part of everyday life, and to be careless with them is simply asking for the worst to happen. Whatever method you use, being aware of how secure you are is detrimental for a future dealing with technology.
If you are curious as to how secure your password is visit www.howsecureismypassword.net. Enter in a password SIMILAR to the one you currently have and sit back and see how long it would take a hacker to enter your system.
“Click yes to submit your information.”
This is a common sentence read on most social media platforms, regardless of how often you sign in. It can be scary to users, not understanding just exactly how privacy settings work.
People have, in a sense, all but signed their life away to these online platforms. For all those who don’t seem to care about the privacy settings, there are many more who do.
You often hear of a data breach and wonder if you should be cancelling your credit cards, or worrying about a stolen identity. With so much news circling through the media it can be overwhelming. Especially if you don’t understand what to do to keep yourself safe.
Platforms like Facebook, or even Google to some extent, aren’t nefarious in nature. The goal isn’t to convince you to sign up and sign over all your private information. The site algorithms are designed to make a user friendly feed that gives you exactly what you want, be it fitness ideas, food recipes, or simply an add for that perfect car you’ve been searching for online.
By signing up for these platforms, you are giving the providers permission to use your personal data in any way they see fit. This doesn’t mean you have to stop using Facebook. Personally, it is a great tool to use for business outreach, communication with family and friends, and many other more mundane research; but it is a tool that should be used with caution.
Here are a few tips, for those who enjoy the use of social media, to keeping your personal and private life just a bit more secure:
- Restrict your personal information – any personal information online can be used. It’s public and anyone will see it as such. A birthday or birthplace can be used to access accounts, or that post saying you’re away traveling could be a perfect in for thieves looking to score.
- Control what strangers see – the more available information for those not in your friends list, the more vulnerable you become. Simply restricting your settings can be a sigh of relief.
You can do this by going to Settings and Privacy and go to “Who can see my stuff?”
As you play around with your settings you can always preview your profile to get a good idea of just exactly what it is you’re sharing.
- Control what friends see and do on your page – Strangers are one thing, but you can control what happens between you and your friends as well. When posting and reposting, there are options to show the public, only those on your friends list, close friends, etc. This gives you complete control on who can comment, share, or interact with your information. All this can be done on each individual status alone, or through Settings and Privacy as well.
- Disable Location Tracking and be careful of interaction with third party apps – Every interaction with any app that links through Facebook is just another way that your information is being constantly collected. Once again, through Settings and Privacy, you can check off which apps you are okay with, and which ones you want to disable.
Facebook is constantly updating it’s features, and how it interacts with you. It’s important to not only monitor the things you share, and those who get to see it, but also that the settings you’ve put in place haven’t been disabled. Familiarizing yourself with all privacy settings allows you to understand, to a greater extent, what is being put out into the interweb. It allows you to control it also.
The MyFitnessPal app suffers a data breach. What does that have to do with your business? You need to make sure you continue to educate your work team about the importance of having different passwords for accounts you use for work vs accounts you use personally. If a member of your team used the same password to access MyFitnessPal as is used to access websites related to work, you could be at increased risk.
The 3 things you need to do:
- Discuss passwords with your team. Moving from awareness to action improves when you can make it real. This is real.
- Have a common sense security policy that is understood, implemented and test it. Moving to compliance starts with education and repeat offenders need to be treated seriously.
- Review your security strategy. If you don’t have a strategy for cyber security you will only be able to react. Being proactive gives you more options.
According to an article published by www.hackread.com, a hacker, using the alias NullHumanity, has identified a flaw in the customer login system of Freedom Mobile. With approximately 2,000 accounts at risk, the hacker explained he does not plan to exploit them.
The article mentioned that although this hacker has no plans to access the accounts for any reason but to inform Freedom of this flaw, there are others who wouldn’t be so kind.
“If a hacker manages to access secondary API through guessing the phone number and PIN combination, then he can expect to get sensitive details like date-of-birth, full name, phone number, email IDs, full call history, and billing-related information.”
Principled change – accelerated. Our mission is to help businesses, who depend on information technology, deliver on their customer promises through a more stable, efficient, and secure IT solution.
9-2280 39 Avenue NE
Calgary, AB, Canada