Own Your Social Media Presence

Posted on October 30, 2017 by Jean Eaton in 15 Day Privacy Challenge, Blog

You might say that ‘my social media isn't that important'. Maybe that's true, but how important is your identity to you? What if someone else accessed your social media profile and started posting things you would never want connected with your name?

Or, use your social media login to access other logins and accounts?

Own your social media presence – download the infographic from Stop.Think.Connect.

Whenever you have an opportunity to use two-factor authentication, consider this option. Two factors include something you know, and something that you have.

However, if you use your existing social media account (for example, Facebook) to leverage access to another account (for example, Amazon) your activity associated with your Facebook account might also be tracked to your next Amazon purchase.

Some applications or on-line accounts offer two-factor authentication. The account login procedure will automatically generate a random one-time verification code (often a 6 digit number) that is sent to the smart phone that you have registered with your account.

You may need to download a two-factor authentication app to your mobile device. (Examples: Google Authenticator, Authy, Authenticator Plus, and others).

Should your business use social media?

Maybe. Remember, social media isn't about advertising – in fact, using social media just for advertising is a very weak strategy. Social media is about creating a strong digital presence and building relationships – with your clients, with employees and new recruits, and with other colleagues and allies in your field. It's about stirring conversation and debate, and positioning yourself and your company as experts. In short, it's an incredibly valuable resource, if you use it strategically.

If you decide to use social media in your business, you need clear rules about who will authorize messages. You also need a strong social media policy to provide direction and education to your employees about what they can – and can't – say on-line.

Related resources for you:

Are You Trying to Run a Successful Healthcare Practice Without Using Social Media?

Harnessing Social Media to Strengthen Your Pharmacy Business

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, online presence, social media, two-factor authentication

Should You Change Your Passwords?

Posted on October 26, 2017 by Jean Eaton in Blog

Passwords are everywhere! It is the minimum security safeguard for all our devices – from our computers to ATM banking, to voice mail to security alarms.

But how secure are your passwords?

Passwords that are easy to ‘hack' or guess are opportunities for attackers to access personal or sensitive information or install malware (malicious software).

We are plagued by the necessity to remember a multitude of passwords. Some websites have basic complexity requirements and others do not. Some require you to change your password on a regular basis. We need different passwords for banking, social media, shopping, and just about anything online.

Keeping track of all these passwords can be a nightmare and the worst thing you can do is make them all the same.

One solution is to use a password manager. A password manager is a locally installed software applications that you can have on your computer and your mobile devices. It assists you to create and retrieve complex passwords on demand for all of your on-line (and off-line) user accounts from your Fracebook to your bank accounts.

There are a number of password managers that help store all of your accounts such as Dashlane, LastPass, 1Password, KeePass, RoboForm, Keeper Password, Sticky Password, and True Key.

Your password manager account is controlled by a single strong master password to unlock your “vault” of individual account passwords.

What is the best password manager?

David Papp, Your Tech Expert, knows that technology is the key to getting business done!

Join us for the Free 15 Day Privacy Challenge for David's recommendations on the best password manager system AND a free tutorial from My NAMS!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware #15DayPrivacyChallenge

#15DayPrivacyChallenge, #CyberAware, David Papp, My NAMS, password managers, passwords, Practical Privacy Coach

Email Phishing

Posted on October 25, 2017 by Jean Eaton in Blog

Don't get caught on the phish-hook!

Did you know – 1 in 95 emails sent to small and medium sized businesses (SMB) include malware that can include ransomware or other malicious attacks. (source: Symantec)

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

Employees are still widely considered to be the weakest link in any security infrastructure,so it’s no surprise that phishing remains so popular and effective. The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

Let's look at the most common kinds of cyber assaults:

Spam email includes large amounts of unsolicited emails that can annoy you, cause you to waste time, and slow down your internet communications.
Phishing emails look like they come from a real company you know and trust. The sole purpose of a phishing email scam is to trick you to go to a fake website that looks real, and enter personal information that gives the attacker access to your data.
Spear-phishing is a targeted attack. It looks real because the perpetrators use accurate-sounding information to trick you into providing more of your personal data. The attack may be launched when you open the email or attachment (it looked real, right?), or when you followed an external link. The attackers use malware-compromised systems or credentials to steal data and sell it on the black market.
Ransomware is a cyber attack that often uses phishing to access your network. This attack relies on users to make mistakes even if your network has antivirus software installed. The attackers encrypt your computer network (and any backup devices connected to your network) that prevents you from opening any of your computer data. The attackers hold your data ransom until you pay their hostage demands.

Many businesses admit to being attacked. It only takes one person in an organization to open an attack email, and everyone is impacted – possibly by a data breach, definitely by the time and money it takes to contain and report the attack.

It is essential to train your employees to help them identify an attack and prevent a breach.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, cyber secruity, email phishing, Practical Privacy Coach

Top Tips to Improve Your Computer Security

Posted on October 24, 2017 by Jean Eaton in Blog

Think about a medieval castle. A moat surrounds high walls, protected by soldiers behind battlements. There is likely a drawbridge and a portcullis, and slitted windows for archers. These layers of defences keep the castle safer than if the inhabitants rely on only one strategy for defence.

Your computer is no different.

A password-protected computer, for example, may be compromised if you share the password. But if your data is also encrypted, a potential breach can be averted. Like a moat and a portcullis, layers of protection help to make your computer defenses stronger.

Here are some hints to ensure your computer system is well-defended:

Purchase business-grade computers. Manufacturers embed additional security features into commercial-grade equipment.
If you use multiple operating systems, like Apple mobile devices and Windows-based desktop computers, you need to address another layer of security. Good policies and default settings for one system may not apply to the other. Here is an article about the importance of layers of safeguards when using multiple systems.
Create unique user accounts. Make it easy for multiple users to switch users on the same computer instead of sharing passwords.
Users should have access to data on a ‘need to know' basis. If your computer network uses shared access to files, decide who needs access (and who does not) to each type of file. For example, everyone should have access to the policy and procedure manuals and forms, but only a few people need access to payroll information.
Set permission levels for folders with sensitive information.
Review and update the security settings on your wireless router – and change the WiFi password.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away! Hurry – registration closes soon!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#CyberAware, computer security, Practical Privacy Coach

Do You Have a Website for Your Business or Club?

Posted on October 23, 2017 by Jean Eaton in Blog

If you manage a website for your business or club, you need to ward off hackers with an airtight security system on your website.

From our sponsor, MyNAMS , check out Hacker Attacker with Regina Smola – How to protect your website before and after you have been hacked.

Understand the layers of security needed on your website to protect yourself and your customers.

If you have an online business or a bricks-and-mortar business with a website or social media, these tools will quickly get you from start to smooth sailing.

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away! Hurry – registration closes soon!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#CyberAware, 15 Day Privacy Challenge, computer security, Hacker Attacker, MyNams, Practical Privacy Coach

Secure Computer Backup

Posted on October 22, 2017 by Jean Eaton in Blog

You know that Joni Mitchell song, Big Yellow Taxi? “Don't it always seem to go that you don't know what you've got 'til it's gone.”

This couldn't be more true than when your computer crashes. It's a terrible feeling when your software or hardware suddenly doesn't work, or you can't find an important file you know you had last month. This experience can be a speed bump on your busy day, or a nightmare that takes you days and weeks, and a lot of money, to recover.

Good business practices include having regular backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

Where is your encryption key?

Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Where is your Encryption Key? Information Managers

Cybersecurity is for all businesses – even if you are not using social medial or have a website! Many small business think that they are too small to be attacked – not true! Not reviewing your security practices and keeping up to date can leave your small business vulnerable to attacks.

Remember to change your clocks for daylight savings time – and get into the habit to review your backup. Check to make sure that it includes all the information that it should and that you can restore the backup to a clean machine.

What will you do to improve your computer backup plan?

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, #NCSAM, computer backup, Practical Privacy Coach, privacy

Why is the cybersecurity hack at Equifax such a big deal?

Posted on October 16, 2017 by Jean Eaton in 15 Day Privacy Challenge, Blog

Do you know who has accessed your personal financial information? You may think you know, but there could have been a privacy breach you might not even be aware of. Remember to monitor your financial information to prevent a privacy breach.

You Can Use This Privacy Breach Example to Review and Improve Your Practices

Equifax made international headlines recently when both the American and Canadian branches of the credit monitoring company experienced a privacy breach, exposing the personal data of hundreds of thousands of individuals. It is believed that as many as 100,000 Canadians may have been exposed, having their names, addresses, Social Insurance Numbers, and, in some cases, credit card numbers compromised.

What happened

It appears that Equifax did not properly fix a known vulnerability on their Apache computer server and the server was hacked. Equifax did not make a public announcement of the breach until after they were hacked a second time, after not fixing the vulnerability.

Equifax will mail notices to all affected Canadian consumers outlining the steps they should take, and it will be providing complimentary credit monitoring and identity theft protection for 12 months for those Canadians impacted by the breach. 1

The Equifax breach is one of the largest to date, and it affects the everyday consumer. It is especially painful because many of the people who use Equifax services have either taken a conscious step to prevent a breach or have already been a victim of a breach and have registered with Equifax so that they can keep tabs on when their information may be used so that they can respond quickly.

Privacy Nuggets You Need to Know

Impacts to Equifax

When a business collects personal information (including sensitive financial information), that business is responsible to ensure reasonable safeguards to protect the privacy, confidentiality, and security of that information.

When a breach occurs, the business can face a variety of penalties, sanctions, and other consequences. In these still-early days in this case, Equifax has experienced:

Considerable harm to its reputation, value of its stocks, and it appears loss of jobs for some key employees.
Class action lawsuits have already been filed against Equifax.
If this breach had occurred in Europe next spring when the General Data Protection Regulation (GDRP) rules will be in effect, Equifax could have been fined up to 4% of the organization’s world-wide operations.
Investigation by the Office of the Privacy Commissioner of Canada was opened in September 2017 and is on-going at this time.

Impacts to individuals

I haven’t seen any reports of the information breached in the Equifax hack being used for malicious purposes, yet. It may take some time before these activities are identified. In the meantime, individuals may experience some anxiety anticipating that their confidential information may have been compromised.

Here are some steps that you can take now to protect your personal and financial information on-line.

What can individuals do now?

When you register for a credit monitoring service, the service is supposed to tell you after your account has been hacked. It seems to me to be counter-intuitive to register with a credit bureau to monitor your accounts now.

If you prefer a pro-active approach, consider using a “credit freeze”. A credit freeze means that you block anyone from accessing your financial information for the purpose of a credit check. This may reduce the risk of exposing your credit information to scammers. There may be a small fee ($3–$5) to request a credit freeze, and you must specifically request this from the credit monitoring businesses (Equifax, TransUnion, Experian).

When you have a legitimate reason to authorize a credit check (for example, when you want to make a major purchase that requires financing), you authorize an un-freeze of your credit accounts. You can re-freeze your accounts after the authorized transaction is complete. There are user fees to un-freeze your account.

Instead of waiting to be informed that your credit accounts have been compromised, you could also consider a service like CreditKarma.com. This is a free credit monitoring service that sends alerts to your phone when a credit check is requested.

Other proactive steps that you can take

Review your bank statements and credit account transactions regularly. Credit card companies can often recognize very unusual activity on your account before you, but you’re responsible for monitoring your own accounts.
Request your own credit reports regularly, and review them for any unusual activities.

The Office of the Privacy Commissioner of Canada recommends these tips if you are concerned that you might be affected by the Equifax breach.2

Call Equifax at 1-866-828-5961 (English service) and 1-877-323-2598 (French service) or email EquifaxCanadaInquiry@Equifax.com. Check for updates on the Equifax Canada website.
Equifax has said that it will not be calling affected consumers. Hang up if someone calls claiming to be from Equifax, as scammers may try to take advantage of the breach – don’t trust the caller ID display as this can be spoofed. Do not provide personal information over the phone or by email.
Monitor your credit cards and bank accounts regularly, and keep a close eye out for any transactions you did not authorize. Report any issues right away.
If you identify a concern involving a theft/crime, report the incident to local police. Report any incidents involving a scam or fraud to the Canadian Anti-Fraud Centre.
If you think you have been targeted by identity fraud, advise your bank and credit card companies. Close any accounts and cancel any cards that may have been compromised.

What about your business?

A privacy breach like this can happen to your business, too. In fact, 44.2% of cyber attacks in Canada targeted the service sector and, most frequently, the business services and health care sectors in 2016.

Many website hosts, cloud-based service providers, and other services use Apache computer servers – maybe even your business. (To find out which computer server your SSL web server on the public Internet host uses, see https://www.ssllabs.com/ssltest/analyze.html for an online tool that you can use to generate a security report and suggestions to fix any vulnerabilities.)

This unfortunate breach is a good reminder for all businesses and clubs to follow-up with your service provider or IT support to ensure that your server has been reviewed recently for vulnerabilities and is updated. In addition:

Many website hosts, cloud-based service providers, and other services use Apache computer servers – maybe even your business. Review your server security.
Use technology and tools to detect a breach and to manage it completely.
If you don’t have the skills to use these tools, purchase qualified managed services to ensure good cybersecurity.

Each businesses should assume that you will be breached sometime. To prepare for this,

Know your “crown jewels” (sensitive information and other information assets) and your vulnerabilities.
Have a privacy breach response plan. If you don’t have one yet, take a look at the online education, 4 Step Response Plan – Prevent Privacy Breach Pain.

There are many privacy breaches in the news each day. The more you know about the breaches and how they can affect you allows you to be more proactive to prevent privacy breach pain.

When we know better, we can do better

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton, Your Practical Privacy Coach

October is Cyber Security Awareness Month! We are proud to be a champion and to host the 15 Day Privacy Challenge. Join us for more tips for your home or business – Free!

1, 2 Office of the Privacy Commissioner of Canada. (2017, September 15). OPC launches investigation into Equifax breach. https://www.priv.gc.ca/en/opc-news/news-and-announcements/2017/an_170915/

References and Resources

Office of the Privacy Commissioner of Canada. (2017, September 15). OPC launches investigation into Equifax breach. https://www.priv.gc.ca/en/opc-news/news-and-announcements/2017/an_170915/

Rendell, M. (2017, August 22). How seriously are Canadian investors taking cyberthreats? Globe and Mail.

Robison, B. (Cylance), Davis, M. (CounterTack), Chenette, S. (AttackIQ), & Flynn, K. (Skybox Security). (2017, September 19). Lessons from the Equifax Data Breach for Improving Cybersecurity

Stewart, K. (2017, September 25). After Equifax hack, time to make sure your identity’s safe. The Daily Nonpareil. http://www.nonpareilonline.com/business/after-equifax-hack-time-to-make-sure-your-identity-s/article_66c4d3f0-a090-11e7-8c16-ef14890b52e8.html

#15DayPrivacyChallenge, #CyberAware, credit freeze, cybersecurity hack, Equifax breach, Privacy Nugget

Email Confidentiality Notice

Posted on October 16, 2017 by Jean Eaton in Blog

October is CyberSecurity Privacy Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #1

Take a quick look at your email address book: how many Jennifers and Toms do you see? Even uncommon names can show up more than once, and it’s easy to send an email to the wrong person by mistake.

Mistakes happen. But from a privacy perspective, it’s important that our email recipients know what we want them to do should we make an error of this sort. So it’s vital to include some guidelines in the form of a confidentiality notice.

Consider the following elements of a well-crafted confidentiality notice:

State your email privacy policy.
Encourage the recipient to inform you should an error occur.
Thank them for letting you know about any mistakes.
State that you believe their privacy is important, and that you will take every step necessary to correct the error to prevent it from happening again.

Does your email signature block and fax cover sheet include these points?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

#15DayPrivacyChallenge, #CyberAware, e-mail confidentiality statement, Practical Privacy Coach, privacy

Do Your Club Volunteers Protect Your Privacy?

Posted on October 12, 2017 by Jean Eaton in 15 Day Privacy Challenge, PMN Replay

Your family is busy! Kids have sports teams, social clubs, and classes. Parents are involved in clubs and networking too–and, sometimes, you are the volunteer manager and snack co-ordinator, too.

But – do your club volunteers know how to protect your privacy?

Maybe more sensitive information like dates of birth, street address?

Do you have a policy to mask email addresses to members?

Who has a control of the club's financial information?

Do you have written policies and training for your volunteers to protect this information?

If your club is like thousands of others, you don't have good practices in place to protect your valuable personal information.

It only takes a little time and effort now to dramatically reduce the likelihood of a privacy breach in the future.

Club Privacy Policy templates ready for you to use right away!Click To TweetDoes your club collect email addresses or phone numbers?

Discover the 3 simple practical tips every club can use to prevent a privacy breach. This works for every type of club – toastmasters, Scouts, soccer team or book club!

Join the live webinar to discover the 3 simple practical steps every club needs to improve your club's procedures and prevent complaints, fines, and even jail time!

Practical tips that you can use right away to protect your privacy! with Jean L. Eaton, Your Practical Privacy Coach!

30 Minute Live Webinar followed by Q&A

Recorded Live Thursday, October 19, 2017

Replay is available for a limited time!

This webinar is a special presentation in the 15 Day Privacy Challenge E-Course. Your FREE webinar registration also includes access to the FREE 15 Day Privacy Challenge.

Webinar replay will be available in your E-course but join us live – because that's the only way that you get the Q&A!

When you register for the webinar, you will also receive the 15 Day Privacy Challenge. This is a fun, FREE online educational opportunity on privacy and security that you can use at home or at work. Enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches when you use these practical tips, tools, and resources.

This free online course is ideal for businesses, healthcare practices, or clubs and their privacy officers, employees, and their families.

We are official champions of the National Cyber Security Awareness Month (NCSAM). October is Cyber Security Awareness Month and Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.

#CyberAware, 15 Day Privacy Challenge, privacy, protect your privacy, webinar

What Are You Doing to be More Cyber Aware?

Posted on October 3, 2017 by Jean Eaton in 15 Day Privacy Challenge, Blog

Did you know

44.2% of cyberattacks in Canada targeted the service sector and, most frequently, the business services and health care sectors in 2016.
80% of all privacy breaches are caused inside the business.
Most of these breaches are the result of error or mistakes by employees.
60% of small and medium business owners go out of business within 6 months after a privacy and security breach.

**What are you doing in your business or home to be more cyber aware?**

October is Cyber Security Awareness Month and Information Managers is celebrating by hosting their annual 15 Day Privacy Challenge.

This is the perfect way for businesses, employees, and their families to make small changes easily to improve the privacy and security of their information right away!

The 15 Day Privacy Challenge starts October 15th, for fifteen days.

Each challenge includes a privacy and security tip, a short description about why this tip is important, how to get started, and links to additional resources. Each challenge will take approximately 15 minutes to complete.

At the end of the challenge, you will receive a printable certificate of completion. Successful challengers might also find that this qualifies for CPE credits, too!

If you have been wondering what you can do to improve your privacy and security program, provide great training to your employees and save time, money and your reputation, you won’t want to miss this!

Register right away while this is fresh in your mind! You won’t want to miss a single one!

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, cyber aware

1 2 3 4