How do you manage USB’s?

Posted on October 18, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #4

We love to use USB sticks because they are convenient tools to temporarily store and transfer information. However, because they are small and easily lost or stolen, they also pose a huge risk for your confidential information to fall into the wrong hands.

Unfortunately, we rarely take the time to encrypt our data or use other security features on these drives. And if these drives go missing, it often goes unnoticed, which means the USB memory stick truly is a weak link in our information security.

How would you know if a device was lost?

Would you know what information it contained?

Is it encrypted?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, 15 Day Privacy Challenge, good security practices, Practical Privacy Coach, privacy

Is a Hosted Email Solution For You?

Posted on January 29, 2016 by Jean Eaton in Blog

Is your email secure? Backed up? If you suddenly lose your email, calendar, or contact list, this could either be a speed bump in your busy day, or a nightmare that may take days or weeks and a lot of money to recover.

If you use email as temporary communications or your primary method of business, it needs to be managed securely. When you or your staff use email from multiple devices – such as your desktop computer, smart phone, or website – you have additional privacy and security requirements.

Many small businesses have purchased an email software system like Outlook as part of their desktop software. Unfortunately, recent software updates from Microsoft do not include Outlook; you are encouraged instead to purchase MS Office 365 software where all of your email is stored on the MS Cloud.

Some businesses use free email accounts – like gmail or yahoo – where emails, calendars, and contact information is on the public cloud. It is accessible from any internet connection but is difficult to back up to a local device that you can control.
If you use email to transact business – employee records, business contacts, company newsletters, subscriptions, financial or consumer purchases, or personally identifying messaging – you need to meet privacy and security requirements.

Previous versions of Windows Server Small Business Server (SBS) edition included Microsoft Exchange so small businesses could create their own in-house email server. This is not included in Windows Server 2012 Essential (SBS replacement). But small businesses still have a few options:

Buy the Microsoft Exchange Server full licenses, although it can be quite expensive
Sign up to Office 365 which is a hosted / cloud based Microsoft Exchange service from Microsoft with email hosted in the USA. Offices will need to determine their level of risk using personally identifiable information in emails – including sensitive information like credit card, payroll, health information, and other sensitive content – which will be stored out of Canada and subject to US legislation and uses.
Contract with a Canadian hosted Microsoft Exchange service with a Canadian based cloud service provider. This might be a cost effective solution and permit full access to email in an environment which is backed up and more easily accessible.

Features offered with a hosted email service

There are many features offered with a hosted email service:

Collaboration is easy as you have access to group calendaring and scheduling, shared contacts, folders and calendars, tasks and task delegation, as well as public email folders.
Fully functional email software.
Sync capabilities to your smart phone without worrying about viruses, spam, or malware, and mail archiving is automatic. Store as much or as little email as you need and do so without dealing with annoying ads.
Anti-phishing, anti-virus, and malware software are attached to each email connection.
No data ‘left behind' on the device – all data is securely maintained in the hosted email. If a mobile device is lost or stolen, business email is not compromised.
You can apply business rules – for example, emails can be prevented from being forwarded to an employee's home gmail account. Employees can securely work from home.
All business data is maintained by the business. So if your employee wins the lottery and doesn't come back to work, all business emails have been maintained in the hosted email and not on an employee's home computer.
Data is encrypted during the internet transmission.

To get a Hosted Email, you will need internet access with a data plan. You can continue to use your desktop computer and its cable internet access. When you use mobile devices, you can use your mobile provider data plan (Rogers, Bell, Telus, etc), or connect to a trusted WiFi connection.

You are still responsible for good security practices at your location including:

Unique user ID and password on your computer network – including mobile devices – and
Good password management – complex passwords that are changed regularly
Physical safeguards to ensure that your work locations – including mobile locations – are secure from theft
Common sense awareness – don't open suspicious phishing or spam emails

Business-class Microsoft Exchange email hosting services mean you're always in touch and up-to-date, in the office or on the road accessing your mobile email.

3 Things to look for in a hosted email solution vendor

Canadian provider with data centres only in Canada (Alberta preferable)
Reputable company with proven track record
Contract including:
Termination clause – when the contract terminates, the vendor will:
Notify you in advance of termination
Allow local back up of your data or data transfer
Validate that your data has been completely and securely deleted from the data centre
Encrypted at the data centre – no one at the data centre can read your information and it is secure from someone else hacking into the data centre to steal your data

Confirm your backup plan for your email accounts. If you don't have one, create a plan.

business associate, BYOD, good security practices, hosted email service, mobile devices, MS Cloud, privacy, SBS, security, Windows Server 2012 Essential

Where is Your Encryption Key?

Posted on December 4, 2013 by Jean Eaton in Blog

Good business practices include having regular backup of your key documents, bookkeeping, website, emails, and databases including your Electronic Medical Record (EMR). If your information is personal or sensitive – to you, your client, or your business – the backup should also be encrypted.

Your backup plan should include a backup of your information in a separate location than the source documents. In case of a catastrophic failure – including bad weather, fire, theft – you can access your key information assets quickly. You could manage the backup yourself or outsource it to a remote backup provider.

So here's the question – where is your encryption key? Your encrypted backup files need a ‘key' or algorithm to de-encrypt the files so that you can read and access the information. Have you kept a copy of the encryption key in the same place as your source documents? Or have you kept the key in a separate location – away from the source documents and away from the backup files? Have you recorded in your disaster plan how to retrieve the key?

Carl Young of PlanetCom Inc, an IT Solution company in Sherwood Park, AB reports an increase number of ‘Cryptolocker' attacks to small businesses where business are being held ransom to recover their own data. Hackers embed a virus into an email which is opened by the business. The virus encrypts all of the data on the computer network locking out all authorized users until the hackers are paid to restore the data. The amount of ransom can vary, but is around 1 Bitcoin – which sounds cheap enough, but is actually equivalent to around $1100 USD on the open market.

How can you help yourself? First, make sure that you have regular full backups of your computer network. Routinely run a restoration of your backup so that you are sure that all the information that you need – both the source files and the software applications – is accessible. You can't restore the data unless you have your encryption key!

If your backup is on the same computer network that was hacked – or, perhaps, you backup to an external hard drive device that you keep plugged into the network – you will be locked out of both your source data and your backup.

Carl Young suggests taking these steps to prevent being a victim of ‘Cryptolocker':

Backup your data regularly
Encrypt your backup (where needed) and keep your encryption key in a separate, secure location known to more than one key person in the business.
Rotate your backup so that at least one full backup is kept remotely from the source data
Be cybersmart – know how to detect email virus / phishing / scams and install good anti-virus software on your network and your mobile devices that connect to your network. See our blog post “What Not to Do – Keep Your Backup Device Plugged In” for more info.

backup, encryption, external hard drive backup, good security practices