Categories
Industry Insights IT Solutions Managed IT Services

Coronavirus COVID-19 Pandemic Preparedness for Business

Here is a Coronavirus COVID-19 Pandemic Preparedness for Business document to help all organizations play a critical role in protecting the health and safety of employees as well as the public.

All organizations need to create business continuity plans that will minimize impact as well as facilitate a speedy recovery of activities if the business has been forced to scale back or close during the Coronavirus COVID-19 pandemic.

Preparedness is the best way to mitigate the risks posed by a Coronavirus COVID-19 pandemic to your organization, public, family, and Canadian economy.

Should the Coronavirus COVID-19 Pandemic escalate in Canada, here are some of the things businesses need to plan for to ensure business continuity as well as preparedness.

  • You may experience absences due to personal illness and watching children.
  • Disruption to essential services like information, telecommunications, supply, and logistics.
  • A major increase or decrease in demand for products and services.
  • Cancellation or disruption of travel and cross-border movement of people and goods.
  • Cancellation of public meetings and events.
  • Increased public fear that causes citizens to avoid public places.

To help businesses prepare for and manage through a potential COVID-19 escalation in Canada, here is a brief guide designed to assist business planning and continuity efforts.

This will include relevant information as well as best practice tools and resources.

The information is out there, and organizations should take advantage of existing tools, templates, and best practices already developed for the Canadian landscape.

In the case of pandemic or other crisis situations, the Canadian Centre for Occupational Health and Safety has created a business continuity guide to help organizations.

The checklists include:

The Coronavirus COVID-19 Pandemic has been a major disruption around the globe.  Businesses are feeling the impact and putting their preparedness plans to the test.

All organizations should ensure their Business Continuity Plan is up to date and tested. This should include it ranking critical functions and order of importance.  You need to communicate your strategy your staff and business partners such as your managed IT services provider or any other third party in place to support your business.  In addition, always follow the recommendations of Toronto Public Health and take prevention measures to reduce the risk of transmission of flu and respiratory illnesses.

365 iT SOLUTIONS is here to support all organizations and we encourage anyone to reach out to us for assistance when needed.  We will continue to monitor the situation and make changes as needed to protect the health of our employees, public, and customers.

For the most accurate and up-to-date information, visit the World Health Organization (WHO) website and The Centers for Disease Control and Prevention (CDC) website or The Health Canada Website.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Coronavirus COVID-19 Pandemic Preparedness for Business (1)

Categories
Industry Insights IT Solutions Managed IT Services

How to identify phishing emails

Phishing emails are one of the largest cybercrimes which have many wondering how to identify phishing emails to protect themselves and their organization.

Simply explained, phishing emails are created to scam a user by getting a person to click on a link, attachment, or a picture. Once you click, you gave up access.

Here are some examples of phishing emails at their best!

Tech Support Scams

Over the years, many service providers have been upgrading the customer experience by giving their clients more ways to access their team.  Unfortunately cyber criminals are using these methods so users should be aware of bad grammar, colours, odd requests, or other information that can make it look legitimate enough for someone to click.  You should pay close attention in order to outsmart the cyber criminals.

Infected Attachments

Many times, cyber criminals will try to send you malicious .HTML attachments, .JS attachments, .DOC attachments, PDF attachments, or even .XLS documents.  It is important to know that many subscription-based antiviruses put a low risk score on  for antivirus detection since .HTML files are not commonly associated with email-borne cyber attacks.  In addition financial institutions have used .HTML attachments in the past so people are used to seeing them in their inboxes.

Files with Macros

Another big increase has come to malicious macros being put in phishing emails as a common delivery method.  These documents may pass your anti-virus program.  These types of phishing emails contain a sense of urgency to create the illusion that it is important, and the persons is needed. The goal is to get a click.

Social Media Exploits

Whether it be LinkedIn, Facebook, or Instagram, if you receive a message from an account that you are not familiar with, you should already proceed with caution.   These may consist of image files or links looking to spoof real links such as YouTube.

Statistics Say it All

You can ask anyone including organizations, IT departments, managed IT services providers, managed security services providers, and IT consultants, they will all tell you that phishing, and cybercrime is at all-time high.

According to a recent report from Statista statistics website, at 11.69%, most spam emails originated in China while, approximately 9.04% out of United States.  Statista estimates that in 2020, spending on IT services from corporations is expected to reach around 1.1 trillion US dollars worldwide.

So how do these cyber criminals send out all these phishing emails?  One way is that they rely on the lax security protocols from organizations. A great tool and source is HaveIbeenPwned as it is a website that can help you see if your email is on a compromised site.

There is no way to be 100% safe online, but you should try to make it as hard as possible for the cybercriminals.

And the phishing continues to attack…

Cyber security professionals recently analyzed 55.5 million emails.  They reported that one out of every 99 messages contain a phishing attack and 25% of those phishing attacks bypass default security measures setup by IT departments and managed IT services providers.

The cyber security professionals reported the following four categories:

  • 7 percent had malware
  • 9 percent were harvesting credentials
  • 8 percent were extortion emails
  • 4 percent were spear phishing attempts
  • 7 percent were marked as phishing emails
  • 49 percent were marked spam
  • 5 percent were white listed by admin configurations
  • 25 percent were marked clean and successfully sent to the target user

Phishing emails are bypassing filters with over 323,000 pieces of malware detected daily according to Kaspersky Lab.

According to Kaspersky Security Awareness, approximately 80% of all cyber breaches or cyber incidents are caused by human error and not network setup.  Organizations are losing productivity and money when trying to recover from staff related cyber security incidents.

Unfortunately employees are the weakest link in the cybersecurity process:

  • 52 percent of organizations know employees are the largest threat to cybersecurity
  • 60 percent of employees have confidential data on their corporate device (financial data, email, database, etc.)
  • 30 percent of employees have shared their login and password details with colleagues
  • 23 percent of organizations do not have any cybersecurity rules or policies

Traditional user cyber security training programs fail to achieve behavioral changes in users.  It is important that everyone understands the security threats, and this is accomplished only by an effective educational cyber security training program.

To recap, here are some steps employees can take to protect themselves and your organization from phishing emails:

  1. Check the sender address: It may look legitimate but review the sending address, if it looks odd it is probably spam.
  2. Does the email ask you to click on a link or attachment? Check the sender address and the rest of the email for anything out of the ordinary including spelling, grammar, and colours.
  3. Did you receive the email out of the blue? A company your never heard of or a long-lost relative is trying to send you money? Simply mark as junk and delete.
  4. Does the email contain several misspelled words? It could be a phishing email.
  5. Does the email contain some threat (embarrassment, prosecution for example)? It is a phishing email.
  6. Does the email appear to be from someone you know or an organization you do business with? Call the person at the number you know and not the number provided on the email and verify they sent the email.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

 

 

Categories
Industry Insights IT Solutions Managed IT Services

How Coronavirus is Pushing Communication Technology Solutions Ahead

With the unfortunate outbreak of Coronavirus, many Chinese educators are increasingly turning to communication technology solutions so their students do not fall behind.

In a recent article on Gizmodo, they put together an article of a high school teacher holds class via video chat while under Coronavirus quarantine.   The teacher used a laptop, a $150 webcam, and an account with Zoom video conferencing to connect with his kids.  The class has a microphone that can be passed around the room for kids to ask questions.  They labelled it “distance learning” and it looks promising for the future.

With the release of this article, many organizations are seeing the value behind company group chat and collaboration software such as Microsoft Teams.  We will focus on Microsoft Teams over other comparable software such as Slack.

Microsoft Teams vs Slack How Coronavirus is Pushing Communication Technology Solutions Ahead 365 iT SOLUTIONS (3)

What is the difference Microsoft Teams and Slack?

There are plenty of features, integrations, and options that make them the same however Microsoft Teams has one major advantage over slack, the Microsoft 365 factor.

Microsoft Teams business game-changer is its seamlessly integration with Microsoft Microsoft 365. Microsoft Teams brings every app in the cloud-based Microsoft Microsoft 365 suite into Microsoft Teams in custom tab format.

This gives organizations and employees the ability to add Microsoft Word, Microsoft Excel, Meetings, Notes, OneNote, Planner, PowerPoint, SharePoint, and a host of other third-party apps, all without leaving Microsoft Teams.  What more function, say hello to Microsoft Power BI.   Here you get the ability to use Microsoft Power BI within your team and interact with real-time data visualizations.

 

Why do IT departments and managed IT services provider love the Microsoft 365 factor? Control.

Microsoft gives organizations the ability to control security centrally including encryption of data, messages, and files, in transit and at rest.  You also can integrate two-factor authentication such as Microsoft Authenticator app.

By using the Microsoft Microsoft 365 Admin Center, your organization has control over Microsoft Teams.  This includes the following abilities:

  • Ability to turn on/off Microsoft Teams for entire organization
  • Ability to control user profiles look and feel
  • Ability to turn off video and screen sharing in calls and meetings
  • Ability to control various kinds of content, animated images, and stickers
  • Ability to limit animated images by content rating
  • Ability to turn off support for tabs from Microsoft partners or side-loaded apps
  • Ability to set priority notifications for specific industries
  • Ability to annotate and share images securely with data storage policies set by your IT department or managed IT services provider.
Microsoft Teams vs Slack How Coronavirus is Pushing Communication Technology Solutions Ahead 365 iT SOLUTIONS (2)
Do you want to put Microsoft Teams to the test? Try the Microsoft Teams Interactive Demo.

Organizations need to see Microsoft Teams as the hub of Microsoft 365.    Microsoft has put together the following experience on how organizations can use Microsoft teams to achieve more while using chats, meetings, files and apps live in a single centrally controlled work space.

With this interactive Microsoft Teams demo, you will get a guided tour of Microsoft Teams.  This will allow you to understand the Microsoft Teams app as well as learn about key features.   It will also allow you to try some real-life actions and help a team make important decisions.

Click here to start your Microsoft Teams Interactive Demo.

Microsoft Teams vs Slack How Coronavirus is Pushing Communication Technology Solutions Ahead 365 iT SOLUTIONS (4)

Microsoft Teams works well for organizations that use Microsoft 365.   It provides fast reliable team chat with a variety of features including optional audio calls, video calls, screen sharing, and built-in task management.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Microsoft Teams vs Slack How Coronavirus is Pushing Communication Technology Solutions Ahead 365 iT SOLUTIONS (5)

Reference article – GIZMODO “High School Teacher Holds Class Via Videochat While in Coronavirus Quarantine”

 

 

 

Categories
Industry Insights IT Security Managed IT Services

Do You Need a New Managed IT Services Provider

As times and technology quickly change, organizations must ask do you need a new managed IT services provider?

Terminating business relationships is awkward however to remain competitive, organizations need to be strategic and proactive to stay relevant.  Many want to give their managed IT services partners the benefit of the doubt without having them hold back their advancement.

Business relationships or objectives can easily change, and you need a managed IT services provider that works in sync with your organization.

Below is a list of some items that may make you ask yourself,  do you need a new managed IT services provider?

1.Two-way partnership trust

When using a managed IT services provider, there must be trust as they have access to your systems, and you must trust they are protecting your privacy and your confidence.  Their goal should be as your outsourced IT to assist with employee terminations, internal investigations, and legal discoveries.

  1. No business about your organization

Is your managed IT services provider aware of your business, business goals, and industry?  It is very important that they understand your organizations purpose, mission, and objectives.  Discuss your operations, your goals, and your key challenges. They should be able to provide valuable feedback as a partner and not a vendor.  Managed IT services provider are supposed to be relationship partners and not transactual.

  1. They cannot scale with your business

Is your business growing or is your current managed IT services provider taking on too much business and it is affecting their performance and service?  If you are waiting hours or even days for tech support help with critical issues, then this  IT support services does not match your business needs.

  1. Are critical IT functions working

The best way to measure up your current network is to have another Managed IT Service provider provide a free network assessment.  This will reveal any neglect like failed backups, unpatched systems, security holes, and outdated antivirus.

  1. You do not enjoy meeting your IT partner

A true managed IT services provider is about long-term partnership and business based on relationship.  You need to be able to relate to them as they may have vital technology recommendations about your IT infrastructure and business processes.  These contribute to a long-term successful business partnership.

Have Your Passwords Been Stolen in a Data Breach? Try our free data breach scan today and start protecting yourself from cybercriminals.

Going to the cloud or worried about security?  We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS  is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesManaged Security ServicesIT Support ServicesIT Outsourcing ServicesTech Support ServicesCloud ServicesBusiness continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.

We Make IT Simple!

Categories
Industry Insights IT Solutions Managed IT Services

How to Improve Your Cybersecurity

The news is flooded with daily data breaches however not many mention how to improve your cybersecurity and protect your organization.

Cybersecurity is one of the top factors that users and organizations need to take seriously.

If you review the top 12 data breaches of 2019, you will see the amount of data as well as  the frightening numbers.

  • Social Media Profiles Data Leak – 4 Billion Records
  • Orvibo Leaked Database – 2 Billion Records
  • TrueDialog Data Breach – More Than 1 Billion Records
  • First American Data Breach – 885 Million Records
  • io Data Breach – 808 Million Records
  • “Collection #1” Data Breach – 773 Million Records
  • Dream Market Breach – 620 Million Records
  • Third-Party Facebook App Data Exposure – 540 Million Records
  • Indian Citizens MongoDB Database – 275 Million Records
  • Chinese Job Seekers MongoDB Data Breach – 202 Million Records
  • Canva Data Breach – 139 Million Records
  • ElasticSearch Server Breach – 108 Million Records

Security Magazine has put together a list of 2019’s Top 12 Data Breaches. In 2018, there were 500 million personal records stolen.

 

Here are few other data breaches reported throughout the year are:

 

 

Curious if your accounts have been compromised? You can do a quick search on the Have I Been Pwned website. Here you will get a list of how many times your personally identifiable information (PII) has been found online and possibly compromised.

Staying safe and secure does not need to be expensive. It is actually very simple if you have a proper IT department or managed IT services provider.

How to Improve Your Cybersecurity Against Cybersecurity Attacks

It may sound complicated, but it should not be as there are industry best practices to help.

  1. Regular Software Updates – Software and operating system updates are required since the software is bugged, and the vulnerabilities may go public. This is the open door for hackers, cyber criminals, or employees to compromise your accounts to breach your data.
  2. Cyber Security Training for Employees – Hackers and cyber criminals are smart. They effectively attack specific targets within an organization using spear phishing.  Training ensures that your employees are smart and protect you from cyber security threats.  Your employees must understand all the possibilities and details of such ever changing attacks.
  3. Have a Password Policy – This is one of the most basic security policies to protect your organization. This can make your business less open to a data breach.  All this can be automated by your IT department or managed IT services provider based on a schedule.
  4. Two-factor authentication – Another easy straightforward security policy is to enable two-factor authentication. This will offer additional security to all the logins you use, and it simply involves installing an application or registering a phone number, app, or email.
  5. Get rid of unused accounts – Hackers and cyber criminals can access your network you don’t keep you house neat and clean. You should eliminate any account currently not in use as well as create an off-board policy for employees.
  6. Restrict Permissions – With smartphones everywhere, they can easily comprise your network. By restricting access permissions to the fewest resources, functions, and areas necessary, the better the security.

If your organization is less proactive in cyber security defenses,  been a long time since the last upgrade or victim to a recent cyber-attack, you should look at your network

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

 

 

 

Categories
Industry Insights IT Solutions Managed IT Services

Free Tools to Check and Monitor if Your Passwords Are on the Dark Web

As cybercrime continues to increase at an alarming rate, here are some free tools to check and monitor if your passwords are on the dark web.

Most people or organizations do not know that their data has been stolen. If you want to keep pace with cybercriminals hackers on the dark web, here are a few free online tools and notifications that can help with the fight.

The news is full of large breaches resulting in incredible amounts of data being exposed.  Here is a list of a few of the largest data breaches on the internet:

  • io – February 2019 – It has been confirmed that 763,117,241 unique email addresses were part of the data breach including Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, and Physical addresses.
  • Adobe – October 2013 – It has been confirmed that 152,445,165 Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text.
  • Onliner Spambot – August 2017 – The malicious software contained a server-based component located on an IP address which exposed many files containing personal information totaling 711,477,622 unique email addresses with many having passwords.
  • LinkedIn – May 2016 – LinkedIn had 164,611,595 million email addresses and passwords exposed.
  • Collection #1 – January 2019 – It has been confirmed that a large collection of credential stuffing lists with a data list containing 2.7 billion records including 772,904,991 million unique email addresses and passwords.

 

Here are some considerations to think about as you review the information in this article:

  1. You cannot stop websites from getting hacked as this is out of your control.
  2. It is crucial you take proactive security measures to protect your usernames, passwords, and identity.
  3. The longer you have been at an organization or used the same email address, the more likely it will eventually be on a spam list on the dark web.

 

Free Tools to Check and Monitor if Your Passwords Are on the Dark Web (2)

 

Why is it important to check and monitor if your passwords are on the dark web?

Google conducted a recent survey with the The Harris Poll and the results were alarming:

  • Nearly 25 percent of participants have used the following common passwords, or some variation: “abc123,” “Password,” “123456,” “Iloveyou,” “111111,” “Qwerty,” “Admin” or “Welcome.”
  • 59 percent have incorporated a name of their family member, partner, pet, or child for their online account
  • 27 percent have confessed to attempting to guess someone else’s password online.
  • 17 percent of the group above managed to guessed correctly.
  • 43 percent have access to someone else’s active password online.
  • 43 percent admitted to sharing their password for streaming service such as Netflix, their email account, social media such as Facebook, and their online shopping accounts such as Amazon.
  • 57 percent have shared their password with their significant others
  • 11 percent have reported changing their password after a breakup.
  • Only 37 percent use two-factor authentication.
  • 34 percent have admitted to changing their passwords regularly.
  • 15 percent report using a password manager such as LastPass
  • 36 percent admit to tracking passwords on a piece of paper.
  • 38 percent report losing time because of a data breach.
  • Only 45 percent have admitted they would change their password if breached.

 

Free Tools to Check and Monitor if Your Passwords Are on the Dark Web

Here are some free tools to check and monitor if your passwords are on the dark web.  Most of these are reactive and will only alert you after the hack of your stolen credentials on the dark web.

Here’s how to use three free tools to check and monitor if your passwords are on the dark web.

 

Option 1 – Mozilla’s Firefox Monitor 

Mozilla’s free Firefox Monitor allows you to find out if you have been part of a data breach.  It gives users the ability to sign up for free alerts about future breaches.  They also offer free security tips to keep your accounts safe online safe.

Feel free to add all your accounts including work and personal.

  1. Click on Mozilla’s free Firefox Monitor page.
  2. Enter your email work or personal email address and tap Check for Breaches.
  3. Click on More about this breachto see what steps Mozilla recommends protecting yourself such as updating your password.

In addition, Mozilla’s free Firefox Monitor allows you to sign up to monitor and notify you if your email is involved in a future cyber security data breach.  It will actively monitor your entered email addresses against known data breaches.  If compromised, it will alert you if your email was involved.

To sign up for alerts about new cyber security breaches, please follow the following steps:

  1. On the Firefox Monitor page, click on the Sign up for Alerts button
  2. You will need to create a free Firefox account.
  3. Click Sign into see a breach summary for your email.
  4. Once complete, scroll to the bottom of the webpage, you can add additional email addresses to monitor.

 

Option 2 – Google Password Checkup

Google recently launched a new service called Google Password Checkup.   The great free service will check your saved passwords to see if they have been leaked or compromised in any recent cyber security breaches.

  1. You need to use Google password service to keep track of your login credentials
  2. Log into Google Password Checkup
  3. Click on Check Passwords.
  4. It will ask you to enter your Google account.
  5. Once complete, Google Password Checkup will display any issues including compromised, reused and weak passwords.
  6. The good part is that next to each reused or weak password, you can click on the Change password

 

Option 3 – Have I Been Pwned?

Have I Been Pwned is not a new security tool but still great.  The developer created the website after the large Adobe breach.  He constantly did a post-breach analysis of user credentials.  He discovered that the same accounts kept exposing their security with the same password.

  1. Go to Have I Been Pwned in a browser.
  2. Enter your email address
  3. Click on the Pwned? Button
  4. It will then display if that email account was part of any cyber security breach

 

What are some security tips to protect yourself from hackers?

Data breaches are becoming more common therefore you should have a laundry list on what needs to be handled.

It is easy if you use a password manager or a Google account to maintain all your usernames and passwords.

 

One option to prevent this is to use two-step verification (2SV) or two-factor authentication (2FA) solution.  It is a security process that provides users two different authentication factors to verify themselves in order to better protection. There are many options including text messages, Microsoft Authenticator, Duo Two Factor Authenticator, and many more.

 

Stop password reusing even thou it is common.  This is extremely risky as it increases your chances of being hacked. Cyberattacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.  They can also use brute force attacks.

 

Phishing or whale phishing are increasingly common.  Cyber criminals impersonate a service or company you trust so they can take advantage of the human factor.  It’s not only your organization that can be compromised, these emails can even come from one of your contacts, partner companies, vendors, or suppliers.  They look like the real thing because they mimic the design of authentic emails.  The trick here is to have you enter your email password.

 

Very Important. Most online services will not ask you to enter your login info directly from an email. If they do, to be safe, go directly to their website to log in and reset your password.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

How do you make your company hard to hack?

With cybercrime increasing at an alarming rate, many organizations are asking the hard question of how do you make your company hard to hack?

CTV News recently reported that 19 million Canadians have had their data breached in eight months.  The Office of the Privacy Commissioner of Canada (OPC) reported that approximately 59 per cent were a result of unauthorized access such as a hacker or phishing scam.   They also reported that an additional 22 per cent were from accidental data breach data disclosures such as information being sent to the wrong person.

How do you make your company hard to hack 1

These are just a few but most IT security reports have shown that the number of Canadians affected by a data breach is well over 28 million including the recent large data breaches including Desjardins and Capital One.

 

  1. Layered security increases your online safety

Layered security is also known as defense in depth.  It is very important that you ensure your IT department or managed IT services provider is using it to protect your network.  Layered security is not new as it is an old concept.  Even thou it is old, applying layers of security is very relevant today.  You need to understand and choose the correct layers as it is paramount.  Security defense gets you to handle risk mitigation by applying multiple layers of control across your IT environment.

Layered security does not guarantee cyber-attack prevention.  It will however slow down cyber criminals and help protect your organization against those cyber-attacks.  If you implement layered security properly, it will not only buy you more time, it will also give you more time to respond effectively to any cyber-attack attack and mitigate a potential data breach.

 

  1. Proactive protection includes network visibility

Proactive protection can make your company hard to hack.  By having network visibility, this enables you to scan everything as well as spot anomalies and apply policies.   Security event monitoring of this kind can be very cost effective in providing meaningful analysis that leads to proactive protection of infrastructure and the data within it. Network visibility helps you fight off the cyber criminals by spotting them before they get started.  There are free network visibility tools that can be used such as Alien Vault’s ThreatFinder.   It will check for compromised systems and malicious communication by correlating the created log file data against the live OTX database.

  1. Web protection is always policy driven

Web protection is a very open term. You can make your company hard to hack however it should be policy driven.  This is an essential layer of security as it provides a window into controlling, monitoring, and enforcing web policies.  Network devices can be controlled from a central policy that can be edited and scaled to suit a range of such devices rather than having device-level settings across the board. This enables website filtering by time, web content, and bandwidth. End result, this will help protect your organization against legal liability and exposure.

  1. Proactive patch management make security better

Ask any successful IT department or managed IT services provider, you can scan for cyber-attacks and apply policies, but cyber vulnerabilities change daily, and it is a challenge for any IT security professional to keep up.  Proactive patch management is not the final answer to as it will not prevent zero-day exploit vulnerabilities from hitting your network, but it will help close the gaps.   Most IT departments and managed IT services providers will proactively update your network with the latest patches. They will test the patches prior to launching them to ensure they are stable. If you were to use an unstable patch on a live network without testing, it can do more damage to your business.

  1. The importance of data encryption

Many think that data encryption is an extreme step as they think it is complex, expensive, and a bit much. The truth is that data is the most valuable and important item to your organization.  Data encryption is strong enough to keep most cyber criminals and hackers at bay.

Here are several options when it comes to data encryption:

  • Tablets and smartphones come firmware encryption built into their OS.
  • Websites using Hyper Text Transfer Protocol Secure (HTTPS) encrypt information between it and client browsers.
  1. Create a corporate culture to authenticate

Authentication can make your company hard to hack. Use tools such as password managers and multifactor authentication.  Microsoft Authenticator, LastPass, and Duo are great examples.  Strong passwords are a no-brainer however users are challenged by length and complexity making it very difficult for users to remember.  Then users are faced with trying to remember multiple secure passwords which result on complete memory loss, confusion, or using the same password on all systems. A password manager or authenticator will handle these issues for you. Many of these tools allow you to manage a password policy from the cloud and generate truly secure passwords or add another layer of authentication to the mix.

  1. Secure erasure is not the same as hitting delete

It is very important to understand the difference between secure erasure (secure file deletion) and hitting the delete key.  Hitting delete or formatting a hard drive does not permanently delete it.  It is forensically possible to retrieve data easily and cheap if required.  You should ensure your hard drive is encrypted as Windows 10 has a free feature called bit locker. If you really want to ensure no recovery of data, you can always shred hard drives.

Many IT departments are turning to managed IT services providers for additional support. For small business owners, this gives them access to a wide variety of external technology experts.  These teams are constantly available to proactively monitor, manage, and fix your IT infrastructure.  Managed IT services provide organizations with access to a wide array of tools that are normally only available to large organizations.

How do you make your company hard to hack

Want to make your company hard to hack? Let IT consultants manage your IT infrastructure so you can keep your network protected against the latest security breaches, as well as reap the benefits of a large enterprise-class IT team for the fraction of the cost.

With proactive remote monitoring and management of the network, technology and support issues are resolved before they can disrupt your business with significant network downtime. This increased efficiency leads to increased employee productivity and optimized return on investment (ROI).

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

Remembrance Day is a day for all Canadians

Remembrance Day is a day for all Canadians to remember the men and women who served and sacrificed for our country. It is a day we encourage every individual, young and old, to pause, to give thanks and to remember.

It is hard to find the words to express to veterans what Remembrance Day has given each one of us however we must unite and be thankful for all the sacrifices made.

Remembrance Day is more than war and all those we have lost.

Remembrance Day is about our ideals and what Canada stands for united.

Remembrance Day is about respecting our past and looking toward the future.

Remembrance Day is about thanking those who have served to protect us and our freedoms.

Honour and Remember

The Remembrance Day Ceremony has played a major role in Remembrance since 1931. Every year, at the eleventh hour of the eleventh day of the eleventh month, we gather in memorial parks, community halls, workplaces, schools and homes to stand in honour of all who have fallen. Together, we observe a moment of silence to mark the sacrifice of the many who have fallen in the service of their country, and to acknowledge the courage of those who still serve.

The Act of Remembrance

Canada Remembrance Day (1)

They shall grow not old, as we that are left grow old;
Age shall not weary them, nor the years condemn.
At the going down of the sun and in the morning
We will remember them.
We will remember them.

 

Here are 10 Quick Facts about Remembrance Day curiosity of Veterans Affairs Canada.

  1. Remembrance Day was first observed in 1919 throughout the British Commonwealth. It was originally called “Armistice Day” to commemorate armistice agreement that ended the First World War on Monday, November 11, 1918, at 11 a.m.—on the eleventh hour of the eleventh day of the eleventh month.
  2. From 1921 to 1930, Armistice Day was held on the Monday of the week in which November 11 fell. In 1931, Alan Neill, Member of Parliament for Comox–Alberni, introduced a bill to observe Armistice Day only on November 11. Passed by the House of Commons, the bill also changed the name to “Remembrance Day”. The first Remembrance Day was observed on November 11, 1931.
  3. Every year on November 11, Canadians pause in a moment of silence to honour and remember the men and women who have served, and continue to serve Canada during times of war, conflict and peace. We remember the more than 2,300,000 Canadians who have served throughout our nation’s history and the more than 118,000 who made the ultimate sacrifice.
  4. The poppy is the symbol of Remembrance Day. Replica poppies are sold by the Royal Canadian Legion to provide assistance to Veterans.
  5. Remembrance Day is a federal statutory holiday in Canada. It is also a statutory holiday in three territories (Yukon, Northwest Territories and Nunavut) and in six provinces (British Columbia, Alberta, Saskatchewan, New Brunswick, Prince Edward Island and Newfoundland and Labrador).
  6. The national ceremony is held at the National War Memorial in Ottawa. The Governor General of Canada presides over the ceremony. It is also attended by the Prime Minister, other government officials, representatives of Veterans’ organizations, diplomatic representatives, other dignitaries, Veterans as well as the general public.
  7. In advance of the ceremony, long columns of Veterans, Canadian Armed Forces members, RCMP officers, and cadets march to the memorial lead by a pipe band and a colour guard. At the end of the ceremony, they march away to officially close the ceremony.
  8. Some of the 54 Commonwealth member states, such as Canada, the United Kingdom and Australia, observe the tradition of Remembrance Day on the eleventh hour of the eleventh day of the eleventh month. Other nations observe a solemn day but at different dates. For example, ANZAC Day is observed in New Zealand on April 25. In South Africa, Poppy Day is marked on the Sunday that falls closest to November 11.
  9. Many nations that are not members of the Commonwealth also observe Remembrance Day on November 11, including France, Belgium and Poland.
  10. The United States used to commemorate Armistice Day on November 11. However, in 1954 they changed the name to Veterans Day.

Remembrance Day is about showing our respect and gratitude to the serving and previous members of our armed forces who have sacrificed for our country.

For all who gave and those you continue to give, thank you for our freedom!

Donate to the Poppy Fund under The Royal Canadian Legion.

 

Categories
Industry Insights IT Solutions Managed IT Services

What has a Full Year of Mandatory Data Breach Reporting in Canada Produced?

It has been a full year since Canada launched mandatory data breach reporting.  Here is what businesses need to know as well as statistics.

Starting November 1st, 2019, all Canadian businesses became subject to new mandatory cyber security breach reporting regulations.  This is all under The Office of the Privacy Commissioner of Canada federal private sector privacy law better known as the Personal Information Protection and Electronic Documents Act (PIPEDA).

What has a Full Year of Mandatory Data Breach Reporting in Canada Produced (2)

All organizations are subject to Personal Information Protection and Electronic Documents Act (PIPEDA).  They are required to report any cyber security breaches to The Office of the Privacy Commissioner of Canada.  This would be regarding security safeguards involving personal information that pose a real risk of significant harm to individuals.  Organizations that have been affected all are required to notify affected individuals about those cyber security breaches as well as keep all records of all cyber security data breaches within the organization.

Prior to the mandatory data breach reporting, all data breach reporting to The Office of the Privacy Commissioner of Canada was done on a 100% voluntarily basis.

Starting November 1st, 2019, the number of cyber security data breach reports has skyrocketed in Canada.  This gives the public complete transparency and trust that organizations are being held accountable.  Some of the recent mandatory cyber security breaches have included some well-known corporate names however there has been a significant increase in volume from the small- and medium-sized business (SMB) market.

According to a recent CTV News report, 19 million Canadians have had their data breached in eight months.  Of the 446 breaches reported to The Office of the Privacy Commissioner of Canada (OPC), approximately 59 per cent were a result of unauthorized access such as a hacker or phishing scam.  Another 22 per cent were from accidental data breach data disclosures such as information being sent to the wrong person. Approximately 13 percent of mandatory data breach reports were from loss of data such as a loss of a USB drive.  Finally, 6 percent was the result of a physical theft of things like computers, drives, or even paper files.

Since November 1st, 2018, there have been approximately 680 cyber security breach reports. This is an increase of six times the volume during the same period one year earlier.  The recent reports have revealed a clear picture of the challenges faced by Canadian businesses when it comes to cyber security.

According to those reports, the number of Canadians affected by a data breach is well over 28 million. That number includes some of the large data breaches including Desjardins and Capital One.

Here are some important steps to reduce data privacy breach risks:

  1. Where is your Information located?

It is important to know what personal information you have, where it is located, and what you are doing with it. You need to understand your data before you can protect it from a data cyber security breach.

  1. What are your vulnerabilities?

It is important that organizations conduct risk and vulnerability network assessments at a minimum on their organization.   An additional step can be to do a penetration test within your organization to ensure that cyber threats to privacy are identified and fixed immediately.   This goes beyond technical vulnerabilities as you should look at safeguards, risks, and privacy responsibilities.

  1. Do you know about your industry?

Do you watch your industry for data breaches or cyber security risks? You should be aware of data breaches in your industry.  Hackers often re-use the same cyber-attacks against multiple organizations within the same industry.  You need to pay attention to alerts and other information from your industry, so you are not the next target.

What has a Full Year of Mandatory Data Breach Reporting in Canada Produced (1)

Mandatory data breach reporting has shown much more interesting information including a significant rise in cyber security data breaches affecting a small number of individuals.

Another interesting trend has been employee snooping and social engineering as key factors.  Approximately one in four cyber security incidents involved social engineering attacks such as phishing and impersonation.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Categories
Industry Insights IT Solutions Managed IT Services

How do I Identify Cybersecurity Risks on the Dark Web?

The dark web is a place where cybercriminals exchange data and it is important to ask yourself, how do I identify cybersecurity risks on the dark web?

It is rare that cybercriminals work alone and many of them are linked to criminal affiliations.   Adapting to these trends is essential. Many organizations are now looking for the ability to extract threat intelligence by data-mining the dark web to achieve a significant IT security advantage.

What is the Dark Web?

The dark web is a part of the internet that is not indexed by search engines such as Google and Bing. The dark web is a network of untraceable online activity and websites on the internet. These are hidden and cannot be found using search engines.  In order to access them, you will need specific software, configurations, and authorization credentials with some of them. They are used by lots of different cyber criminals and hackers to keep their web activity hidden.

Therefore, so many organizations are trying to identify cybersecurity risks on the dark web.

How do you identify cybersecurity risks on the Dark Web?

Most IT security experts look for patterns on the dark web as it can reveal multiple things such as a cyberattack in progress, a cyberattack being planned, cyber threat trends, and other possible types of IT security risks.

Signs of a cyber threat can emerge quickly, as financially driven cyber criminals use stolen data to make a profit quickly from the moment they gain entry to an organization’s network.

Based on a study from the Cost of a Data Breach Study from the Ponemon Institute, the average time it takes to identify a cybersecurity incident is 197 days.   In addition, any organizations that can contain a breach within 30 days have an advantage as they can lower their financial exposure.

How do I Identify Cybersecurity Risks on the Dark Web (1)

How do I Identify Cybersecurity Risks on the Dark Web? Here are 5 steps to consider.

  1. Is your organization or industry part of a discussion?

Many organizations keep an alert out to see if they are mentioned on the dark web.  This may include certain risk factors including an organization’s name, website, or employees.  By analyzing this data, an organization can determine whether a cyber threat is being planned or if data has been stolen.  Another factor would be to see if they is mention of a certain niche, industry, or vertical that can compromise your organization.

  1. Are you looking for personal identifiabexhanle information exchange?

When a cyber security breach has occurred, it can usually be tracked back to the sale of personal identifiable information (PII) including personal health data, financial data, or other sensitive information.  The compromised data is usually sold in massive amounts such as credit card numbers as it can turn a huge profit quickly.

  1. Are you looking for credential exchange online?

Have you ever wondered if your credentials have been stolen?  You can probably find your usernames and passwords online however you need to determine whether this is a recent compromise or recycled data from a prior cyber security incident.  A great tool to check with is Pwned Passwords.

  1. Is there signs of phishing attack coordination?

Phishing attacks also known as whaling attacks are becoming more sophisticated daily.  There is deep web threat intelligence that can reveal popular cyber security risks.  Hackers become actors as they can purchase phishing-as-a-service software kits on the dark web.

  1. Are there trade secrets?

Trade secrets are huge and worth a lot of money.  Market intelligence can signal cyber security risks to cyber criminals. Look for information on your organization, product, market, and much more. Anything that can identify your organization.

How do I Identify Cybersecurity Risks on the Dark Web? Stay proactive with your IT security policy and procedures.

It is important to understand that not all intelligence sources can capture the full scope of a cyber threat.  If your organizations rely on outdated technologies, they may fail to mitigate important cyber security risks.

Our complimentary network and security assessment can put your IT infrastructure and business to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.