Posts

The Sunday Brief heatherannemaclean.wordpress.com

The Sunday Brief for Sunday August 20, 2017

For this Sunday Brief I am focusing on the top blogs I enjoyed about privacy. As this is a growing issue, all MarComm Practitioners and business owners should be placing more priority on privacy. In fact, in the industry we say that you should be baking-in privacy planning (as well as cybersecurity) from the very beginning. So, with that in mind, let’s check out the latest Sunday Brief:

Dark Reading

This blog always has insightful information. This time, I am focusing on a post by Kelly Sheridan. The post is entitled 50% of Ex-Employees Can Still Access Corporate Apps. From a privacy and security perspective, this is a disaster waiting to happen. As Sheridan points out, the value of data is significant and the probability of a data breach is much higher when you fail to do one of the number one – and easiest things – to protect your client data – disable access. This is a great read and a ‘must-do’ practice for all organizations.

 IT Security Guru

I find this article really fascinating. I work hard to keep my work and personal lives separate. I have always maintained two phones – one for my personal “stuff” and one exclusively for my work. So, when I saw “Employees rate mobile privacy highly, as less than half prefer to keep work and personal lives separate,” I was somewhat surprised that less than half want to keep their personal lives separate and distinct from their work lives. This blog post was written by Dan Raywood.

Interestingly enough more than 84 per cent of employees rate privacy as a top three concern. However, there is a clear lack of trust in the ability of their employer to manage their mobile security and privacy. That is pretty significant.

This is article is very interesting to me in terms of the lack of trust that exists and secondly that so many people aren’t concerned about keeping their private lives separate from their employers. The two concepts don’t seem to align.

BH Consulting 

This particular entitled Doing privacy ‘rights’ vs doing privacy ‘right’ by Valerie Lyons gives an interesting look at privacy and different roles that individuals, government industry play.

 

All three blogs are a great read. I encourage you to check them out if you are interested in privacy-related topics. And if you are looking for MarComm support for your organization, reach out to us at TaylorMade Solutions.

 

cybersecurity, bell

Three Cybersecurity Lessons from the Internet Outage in Eastern Canada

If you were in Eastern Canada or trying to connect with someone in the region for work or pleasure on August 4th, you might not have succeeded for a period of three hours or so. While this event was NOT tied to a cybersecurity breech or issue, there are three cybersecurity lessons that we can learn from the Internet Outage in Eastern Canada.

One service provider, Bell, confirmed this week that it was a perfect storm of the work of construction crews -unrelated to Bell’s operations – not checking for cables prior to digging that resulted in service to internet, mobile and landlines being impacted. This outage also impacted emergency services in much of Atlantic Canada. (Another good reminder for construction crews to call before you dig.) Bell’s customers were not the only ones affected. Telus, Koodo and Virgin customers also had interrupted services. Thankfully they took action quickly and remedied the situation as quickly as possible.

So, other than an extreme inconvenience to customers, there are some observations we can make from this experience. This outage can really help people think what would happen if there was a major cybersecurity attack in Canada. This is something good to come out of this outage – getting people thinking about what-if scenarios.

1.  Our Economy Depends on the Internet

I feel like this should be a no brainer, but at the same time I do want to reinforce this thought. We typically have such reliable internet services that we don’t give it a second thought. If anything, this outage should have really pounded home the fact that a cyberattack could not only have the same affect, but the likely hood that it would only last a few hours, is slim to nil. The affects would be long-lasting.

This outage impacted not just consumers of these service providers, but businesses in general. If your business relies on the internet for online sales or providing support services, your customers, regardless of where they are located were not able to purchase your products or services for hours. They also were not able to get online support services from you. If they went old school and tried to call you, they were also out of luck. In some cases, this might be enough for potential customers to go to your competitors.

What if you were delivering online training to customers around the globe on that fateful Friday? People who had paid and signed up weeks prior were then either dumped from the online course and/or could not sign-in.

Finally, this was a long weekend in Canada. Imagine people travelling and wanting to make last minute hotel accommodations. What happens when they can’t get through to you? Or, what happens when their car breaks down on a highway somewhere and they can’t use their phone for hours to call for help? This was the middle of summer and warm. What would happen if this was the middle of January in Eastern Canada?

These are all very real scenarios that could happen as a result of a cybersecurity attack.

2. Our Safety Depends on a Safe and Resilient Internet

I am fairly certain there were people who dialled 911 or other emergency service numbers on the 4th that were quite alarmed when they could not actually reach help. Whether it is hours or minutes, time matters in an emergency!

3. Security and Privacy, Backup Systems and Processes Must be Baked-In at the Beginning of all Systems

We must never underestimate security, privacy, backup systems and processes being what we call “baked-in” at the beginning of any system development. All new systems must be created with these critical elements a part of the planning, development and execution process.

It is critical to note that this has not always been the case. It’s not that it was left out intentionally, but older systems could have been built at a time when cybersecurity breaches were not the reality. That being said, it is very much our reality now. As a result, all businesses and governments must now revisit and update their systems to ensure that these critical elements are baked-in going forward.

Eastern Canada has been fortunate to have good systems in place run by leading companies. This outage however, was definitely – or should definitely be – a wake-up call for us all to revisit cybersecurity measures to ensure that we protect our citizens and our economy. After all, we need a safe and resilient internet in order to operate our businesses, our emergency services and live life the way we have all become accustomed too.

Cybersecurity is a critical issue that we all face now. If you are interested in learning more about communications protocols around cybersecurity and privacy breeches, get in touch with us.

cybersecurity, cyber security

Four Reasons You Should Have Cybersecurity Insurance

Do you have insurance on your house? Of course you do. So, the question is why wouldn’t you protect your business – your source of income – the same way you protect your home? Cybersecurity insurance won’t stop a breach. It will, however, help raise awareness and cover damages, should you be attacked.

Small or medium-sized business owners should check out these four reasons to have cybersecurity insurance.

GENERAL LIABILITY INSURANCE DOES NOT TYPICALLY COVER CYBERSECURITY ISSUES

Data breaches and other cybersecurity issues such as ransom are not typically covered in general liability insurance policies. It’s essential to understand what is, and what is not, covered in your policy.

COST OF A BREACH IS MORE THAN YOU THINK

The damage caused by a data breach will exceed the cost required to overhaul security procedures or replace lost or stolen laptops. Many business owners and managers fail to consider the costs over and above replacing tangible assets.

For example, the financial impact on corporate reputation could be devastating. Reputation costs range; it could be a few thousand dollars to build new processes and policies to reassure customers it won’t happen again. On a larger scale, it can result in stock prices dropping significantly. In worse case scenarios, approximately 60% of small businesses will cease operations within six months of a breach according to the U.S. National Cybersecurity Alliance.

A final cost consideration is the penalties rendered as a result of a data breach. Canada, like most jurisdictions, continues to modify its privacy regulations. It is anticipated that sometime this year, regulations requiring notifications of data breaches will be implemented in Canada. Fines of up to $100,000.00 could be issued.

YOU ARE STILL RESPONSIBLE FOR DATA PROTECTION EVEN IF YOU OUTSOURCE YOUR IT HOSTING OR USE THE CLOUD

Business owners and managers often fail to understand this important nuance. Just because you outsource IT, have another party host your data or use the cloud, does not remove your responsibility to protect personal data. You have collected the data, therefore, by law you hold the responsibility to protect it.

YOU PROBABLY DON’T HAVE A RISK MANAGEMENT TEAM

Risk management teams are reserved for larger organizations. They have bigger budgets and access to more resources for their overall operations. They look for, and assess, all types of risks, not just cybersecurity or data risks.

Smaller businesses have neither the budget nor the ability to have full-time risk management teams. Insurance providers typically have checklists or a minimum set of standards to follow for coverage. This is very similar to home insurance. If your insurance company recommends a new roof for example, and you don’t comply, don’t expect coverage if you have a major leak.

Cyber insurance is continuing to evolve as cybersecurity issues emerge. The one thing for sure, however, is that cybersecurity insurance can help protect your operation, your employees’ source of income and your client’s data.

Want to learn more about cybersecurity communications? Contact us at TaylorMade Solutions .

This blog post was previously posted on the CyberNB blog.

cybersecurity, cyber security, Heather-Anne MacLean

What Your Business Doesn’t Know About Cybercrime Will Hurt You

Cybercrime isn’t going away. In fact, it continues to grow. Cybersecurity Ventures predicts that cybercrime will cost the world in excess of $6 trillion annually by 2021. If that number doesn’t alarm you, the fact that 43% of attacks are focused on small business, and that 60% of small businesses attacked go out of business within six months, should.

In April, the Canadian Chamber of Commerce issued a report entitled: Cyber Security in Canada: Practical Solutions to a Growing Problem. This extensive report provides insight on the current cyber landscape, including business costs and business losses due to cybercrime. It also provides information on the growing role of cybersecurity insurance in protecting businesses. It also offers results from their important and timely research detailing significant gaps in five key areas. (Recommendations from the report are below):

  1. Technology;
  2. Public Relations;
  3. General Awareness;
  4. Legislative Requirements; and
  5. Insurance

This report is particularly interesting for small and medium enterprises (SMEs) because of the statistics above. “All companies are targets for cyberattack, and specific solutions change daily. Yet in many companies, there is a lack of ability to recognize these breaches. Today’s attacks are about the data, not the company or person, and they are designed to be invisible.

SMEs continue to believe risk does not apply to them because they believe criminals are targeting large enterprises. While this was certainly the case for a number of years, a shift that emerged beginning in 2013. Especially relevant and noted by Symantec in 2015, was 43% of Small Businesses were the focus of spear-phishing attacks versus 35% of large businesses.

One of the most significant and famous breaches–the Target attack–occurred as a result of a small business. It was an HVAC company working with the retail giant, which consequently had week security. A part of Target’s supply chain, they were ultimately breached and most probably unaware. This meant that criminals were able to breach Target. Three years later reports in the media detail how Target has agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia. This is over and above the total cost of the data breach being $202 million. And what happened to the HVAC company? It went out of business.

Consequently, the Canadian Chamber of Commerce acknowledges in its report, SMEs know they have to do more. With 98 percent of Canada’s economy comprised of SMEs, taking steps to obtain cybersecurity certification, cybersecurity insurance, and more is not something that can be postponed any longer. “For most companies, data is now their most valuable asset. Our goal is to point business in the direction of finding a common sense approach to risk management to protect those assets,” notes Scott Smith, Director, Intellectual Property & Innovation Policy, Canadian Chamber of Commerce.

Recommendations

The Canadian Chamber of Commerce provides nine specific recommendations in this report that merit review and understanding to help mitigate cybercrime.

  1. Government cannot protect everything, but it does have pivotal responsibilities
  2. We need an outcome-based, systemic/cohesive approach and common model of understanding
  3. Develop a “Secure Canada” Approach
  4. Develop a National Cyber Policy Framework
  5. Adopt an Enterprise Risk Management Approach and Collaborate
  6. Increase Canadians’ Cyber Savviness
  7. Government endorsement and support for the deployment of Industry Certification
  8. Incentivize Security Innovations
  9. Both government and industry need to take a proactive approach to the inevitability of Quantum and develop a Quantum-ready Strategy.

For more information download Cyber Security in Canada: Practical Solutions to a Growing Problem.

This post previously appeared on the CyberNB Blog.

An Interview With Cybersecurity Expert: Dr. Natalia Stakhanova

Cybersecurity risk management and mitigation is at the forefront of discussions in boardrooms globally. With an estimated annual burden of up to $1.7 trillion resulting from data loss and downtime (often from security violations), both the c-suite and shareholders have called on security experts to get out in front of the risk.

Researchers and research initiatives are the foundation for accomplishing this. At New Brunswick’s Information Security Centre of Excellence (ISCX), researchers like Dr. Natalia Stakhanova are leading the way with the support of funding, innovative partners, and an unparalleled focus. As one of the leading researchers in the field, Dr. Stakhanova was recognized in 2014 as the first NB Innovation Research Chair in Cybersecurity.

cybersecurity

I had a chance to sit down with Dr. Stakhanova to talk about her work.

MacLean: You were named the first NB Innovation Research Chair in Cybersecurity, can you tell us about what you want to accomplish in this role?

Dr. Stakhanova: I continue to be very excited about this initiative. Over the next few years we will be facilitating the research that will foster innovation in the field of cybersecurity. An important component will be my team working very closely with local industry to promote further commercialization of products that will benefit companies around the world.

There is already a significant level of expertise right here in New Brunswick. We will be building upon our core expertise and further developing the skills and assets that we have right here. There is a great culture of innovation and entrepreneurship among the people collaborating in this space right now. And the best part is seeing the actual results.

To generate a renewing pool of local talent, I’ll be mostly focused on building student knowledge, expertise and entrepreneurial spirit. I’m hoping that in this endeavor the Dr. J. Herbert Smith Centre for Technology Management & Entrepreneurship (TME) will step in with its programs to give students necessary skills and tools to become entrepreneurs.   

MacLean: How will you be working with other New Brunswick companies, students, and people?

Dr. Stakhanova: A major part of my role is to assess the risks that the local industry has, and to provide the research with practical applications to mitigate those risks. My work facilitates research in both the private and public sectors. Several local players have already come on board and are ready to work in a collaborative environment to focus on such issues as Smart Grid to address security-related challenges. Among these players are IBM Canada, Sentrant, and NB Power. We are also working closely with several startups. I know that through the research there will be additional commercialization.

MacLean: How does New Brunswick stand in this field of research and innovation compared to other regions?

Dr. Stakhanova: There is no question that there is a lot of support in Canada for these R&D centres and we are well positioned here at UNB with other global areas. We have leading expertise, lots of researchers, and interested private sector companies. There is an excellent relationship between UNB and the private sector. This fosters collaboration, innovation and the drive to succeed.

MacLean: What do we have here in New Brunswick that positions us better than other areas?

Dr. Stakhanova: I can’t name any other province that has as many initiatives, activities and investments in play at one time to support the Information Technology (IT) industry. There is just so much innovation and research taking place right here in New Brunswick. We also have a unique solidarity of people here in the province. People want to be here. This is so rare and wonderful.

There are of course developers elsewhere, but the developers that are here have a unique connection to the province and its people. They are loyal and can’t be lured away in the same way that you see happening in other regions. This creates a wonderful stability.

MacLean: Do you see spin off companies emerging or other companies wanting to locate here in New Brunswick to take advantage of the work that you are doing?

Dr. Stakhanova: Absolutely. We are already seeing companies from outside the region that are quite interested in what we are doing. These are still early days, but we are hearing from a lot of people.

MacLean: What made you choose to come to New Brunswick and UNB?

Dr. Stakhanova: I moved to Fredericton in 2007 as a professional Fellow. I fell in love with the region immediately. It is one of the most family-friendly places I have ever encountered. There is also a personal touch at UNB. It is essential and critical when education is involved to be able to collaborate, have mentors and to have access to as many private sector companies as we do.

It is truly a unique experience to find a place to grow professionally, while also having everything you would want for your family.

Cybersecurity is one of the most important issues of our time. If you are a small or medium business, cybersecurity should be more top of mind. We can help you develop your Marketing and Communications strategy to handle communications around a breach. We can train you and your team to be media ready. Be Prepared! Be Trained! Have a TaylorMade Solution – Contact us today.

Editor’s Note: This is a post that I originally wrote for Invest NB’s Blog and has since be reposted to Opportunities NB’s Blog.

3 #Cybersecurity Must Reads for This Week

Cybersecurity is top of mind for a lot of people, and for good reason. Cyber risks and attacks are not only impacting individuals with identity theft, but they are also impacting hospitals and businesses.cyber security, cybersecurity

So, I thought I would compile my fav articles on this very subject that I discovered this week. Let’s take a look:

  1. Want Safer Passwords? Don’t Change Them So Often, by Brian Barrett

I say ‘hooray’ to this one. I can’t tell you how often I have forgotten passwords. Everything needs its own password and the love of God, I can’t remember them all!

2. A typo partially stopped hackers from stealing $1 billion from a Bangladesh bank, by Loren Grush

Maybe we should intentionally use typos as a protection tool?

3. Pay up or else: Ransomware is the hot hacking trend of 2016, by 

I think this one speaks or itself. Definitely a serious issue that is not going away.

Well, these were my top picks for the week. What would you add?

Information Security: What Small Businesses Don’t Know Will Hurt

Personally and professionally, we were not prepared for the growth of the Internet and the resulting information security needs.  For the vast majority of us, we still aren’t.  We’re human beings using advanced digital communication systems, and as users of these systems, we are defined by behaviours.  This is the single reason why organizations are failing; from small shops with two systems that make up their IT department through to enormous enterprises.  

Adam Mosher

Adam Mosher

Our behaviours towards information security remains stagnant. 

We are all familiar with the big stories of the day;

  • Privacy breaches;
  • Systems compromised; and
  • Inadequate security controls within organizations whose core business revolves around collecting and storing our personal data.   

As we’ve been thrown into this unknown world, we’re already behind in understanding the significance of how these threats affects us all.  It’s far more than just the inconvenience of having our email addresses leaked or our usernames and passwords exposed.  It’s what’s occurring behind the scenes with this information.  This is where and why malicious individuals are always ahead.  They know what the value of our systems and data are worth and they profit off of our behaviours towards our systems and data.   

These behaviours have left us ignoring fundamental concepts.

Fundamental concepts are easy.  Let’s look at a simple example; you lock the doors to your house because you want to protect your persons and belongings.  This simple concept translates into the business world, where belongings are classified as assets.  You lock the front door to your office because you want to protect your assets. 

These assets include:

  • Intellectual property;
  • Confidential company data; and
  • Clients’ personal financial and health information.

We move these concepts into the digital era.  Firewalls have become our doors and anti-malware solutions have become our alarm systems.  The list is enormous with Vendors offering hardware and software solutions for just about any issue one could think of.

Information Security

While some of these solutions serve a valid purpose, the one constant throughout the growth of the Internet is us and our behaviours.

Let’s look at some of the current threats, from Drupal’s SQL issue, the SSL v3 vulnerability and the highly publicized Heartbleed, it’s certain that our behaviour created these.  Rushing through the software development lifecycle where security has a very high percentage of being neglected until last minute, if at all.  Not patching systems or properly responding to threat notifications.

Vulnerabilities and risks throughout the systems do not happen by themselves, nor do malicious individuals accidentally retrieve our personal information.    

We have to stop looking at our failures as a way to shift blame onto someone.  This is another behaviour; we don’t blame something, such as a firewall or a software application, we blame someone.  With Brand names in jeopardy and as the blame to point the finger rises the corporate ladder, now is the time to look at these failures as a great opportunity for improving our behaviours towards information security.  It’s not to say all bad things that happen are intentional.  However, negligence and ‘I didn’t know’ are inadequate responses for cyber breaches.  Ownership falls on the responsibility of the business.    

There’s a current theme for professionals working in the information security realm; you pay for security now or you pay for it later.  When you’re a multi-billion dollar a year enterprise, you can absorb cyber breaches.  Still, when you’re financially responsible for distributing out in the hundreds of millions in costs because of a breach, is this not enough to change our behaviour towards information security?

So how do we change our behaviour towards information security?  How about we start with setting expectations?  We reward personnel for meeting sales targets and praise them for client satisfaction.  How about we reward them for not clicking on a phishing email by reporting it to the IT person in charge?  Or we reward them for not spending a copious amount of hours on social media sites in the workplace, although our acceptable use policy states ‘reasonable amount of time’?

It’s about bringing security to the forefront in your workplace.  Discuss it, reward it and it will become a workplace behaviour.  This is a behaviour worth expecting.    

Want to learn more about how this impacts your marketing efforts? Click here to connect with TaylorMade Solutions.