Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Would You Know if There Were Two of You?

Posted on January 24, 2016 by Jean Eaton in Blog

Identity theft is a growing problem but there are things that you can do to protect yourself.

Identity theft happens when someone steals your personal information and uses it without your permission – to make purchases, take out loans, get medical services – and more! Victims can end up with drained bank accounts, destroyed credit, and the enormous task of fixing the problem. The pieces of personal information that can be used to commit identity theft include:your name, Social Insurance Number, birth date, mother's maiden name, credit report, driver's license, and credit card and bank account numbers. It doesn’t take much to create a new identity – often just 3 pieces of information.


Tip: Answer 10 questions about your online activities to calculate your personal identity risk score. (EMC2/RSA). Discover how your online activities – from banking and shopping to the types of social networking sites you visit – may potentially make you more vulnerable to identity theft and fraud. Try the Online Identity Risk Calculator.

Identity Theft and Identity Fraud – RCMP YouTube Channel

The RCMP recommends these steps if you think you are a victim of identity theft or fraud:

  • Step 1 – Contact your local police force and file a report.
  • Step 2 – Contact your bank/financial institution and credit card company
  • Step 3 – Contact the two national credit bureaus and place a fraud alert on your credit reports.
    • Equifax Canada
      Toll free: 1-800-465-7166
    • TransUnion Canada
      Toll free: 1-877-525-3823
  • Step 4 – Always report identity theft and fraud. Contact the Canadian Anti-Fraud Centre

Tip – Be aware and be secure with your personally identifying information.

Illustration from Privacy Commissioner of Canada, www.priv.gc.ca

Illustration from Privacy Commissioner of Canada, www.priv.gc.ca

Instructions

  • Set up a schedule to review your credit card and bank statements – monthly, quarterly – and always have a ballpark in mind of your spending history
  • Once you've reviewed your statements, make sure that you've shredded the paper documents that you no longer need (and keep them in a secure place while you do need them!) By shredding your bank and credit card statements, you can prevent thieves from “dumpster-diving” for the easy information.
  • Set up a Google Alert for your name, business name, and other key identifiers.  You will receive a listing of whenever your name appears in the internet.
  • Limit the amount of personal information that you share on-line, in stores, and on the forms that you fill out.  Ask why they need your information.
  • Install and update anti-virus and malware protection software on your smartphone. Malware and viruses can access and steal personal information, which can lead to identity theft. ‪

Identity theft can happen at work, too.

Waël Hassan notes in his LinkedIn Post, ‘Hacking LinkedIn: The Risk Every HR Department Should Be Talking About’ is the risk of social engineering or spear phishing hacking threats. To prevent this, Hassan recommends three steps that HR departments or managers can do to reduce the risk of spear phishing.

Establish a social media policy, or even a specific policy for business networking and job search sites. Your social media policy should establish that corporate email accounts are not to be used to create or validate social media accounts. It should also specify types of corporate information that should not be published on social media, such as project details, budgets, team members, and technologies used on the job.

Provide employees with instructions on what to do and who to consult if they suspect they have been victims of identity theft. Employees need to know that they will be met with empathy and support if this happens to them.

Review processes for documenting, reporting, and investigating cases of identity theft.

These recommendations make good business sense, too! After all, privacy is good for business.

Resources

EMC2/RSA, Online Identity Risk Calculator 

RCMP  Identity Theft and Identity Fraud, 2015-12-04

Waël Hassan. “Phishing Hacking LinkedIn The Risk Every HR Department Should be Talking About“, LinkedIn, Jan 6 2016.

 

DPD Champ badgeWe are proud to be a Data Privacy Day Champ!
You can be one too! #PrivacyAware

To celebrate Data Privacy Day, Information Managers is offering a free Data Privacy Day Privacy Awareness E-Course.

 

When you register, you will receive one email a day from January 21 – 29 with a privacy tip, easy to follow instructions, and links to additional resources that can be applied at home or in the office.

 

Register Here – Don’t miss out on this free E-course!

 

#PrivacyAware, Data Privacy Day, identity theft, Practical Privacy Coach, Practice Management Mentor, privacy awareness, security

Computer Cookies and Privacy

Posted on January 22, 2016 by Jean Eaton in Blog

Hungry?

Cookies may sound good when they're filled with chocolate chips, but when cookies are used to track your online activity, they can result in behavioural tracking (OIPC) that advertisers use to target products to you.

You may be okay with this when it leads you to your next great shoe sale, but if you use a shared computer and search for something more private, the next person to browse the web may get bombarded with ads for the next best fungus cream – something you didn't want them to know.

A silly example, but if you use the internet for activities that require more personal information – such as online banking or shopping – cookies can save and remember your account number, credit card number, mailing address, phone number and more.

To learn more about cookies watch this video.

Cookies can create privacy challenges, but there are steps that you can do to try to control your personal behaviour tracking when you are on the internet. See Cookies: Following the Crumbs.(OIPC).

Google Chrome internet browser now allows you to use ‘incognito’ access to webpages. Pages that you view in incognito tabs won’t stick around in your browser’s history, cookie store or search history after you’ve closed all of your incognito tabs. It won't stop other sources from seeing your browsing activity, including:

  • Your internet service provider
  • Your employer (if you're using a work computer)
  • The websites you visit themselves

 

Tip: Delete your cookies! Especially if you use a shared computer or if you are doing activities that require your personal information. This may be more difficult than it sounds – third-party cookies, flash cookies, and super cookies all exist and are hard to find and remove. However, you can still set settings on your browser to clear cookies after use. Visit the settings on your internet browser to see what it does with cookies.

Resources and References

Office of the Privacy Commissioner of Canada. “Every Move You Make…Advertisers are tracking your online behaviour”.October 2011

Ibid. Cookies – Following the crumbs. May 2011

Wall Street Journal. How Advertisers Use Internet Cookies to Track You. July 2010

 

DPD Champ badge

We are proud to be a Data Privacy Day Champ!
You can be one too!  #PrivacyAware

To celebrate Data Privacy Day, Information Managers is offering a free Data Privacy Day Privacy Awareness E-Course.

 

When you register, you will receive one email a day from January 21 – 29 with a privacy tip, easy to follow instructions, and links to additional resources that can be applied at home or in the office.

 

Register Here – Don’t miss out on this free E-course!

#PrivacyAware, cookies, Data Privacy Day, Practical Privacy Coach, Practice Management Mentor, privacy awareness, security

How to Protect Your Privacy at Home and at Work

Posted on January 11, 2016 by Jean Eaton in Blog

60% of small and medium business owners go out of business within 6 months after a privacy and security breach. (Experian)

81% of hospitals and health insurance companies have suffered a data breach (KPMG)

125% increase in data breaches caused by criminals (now outnumber accidental breaches!) (Ponemon)

Free! Data Privacy Day E-course

There are a lot of statics about the cost of a privacy breach. Anyway that you look at it, preventing a privacy breach is your best investment.

Privacy awareness training for your staff is an effective way to prevent privacy breach.

  • Need easy-to-implement privacy awareness training for your office?
  • No cost, on-line privacy awareness training?
  • Need short, simple training messages on your schedule?

Here is your opportunity to receive useful privacy and security tips, tools and templates that you can use right away.

Did you know that Data Privacy Day is on January 28th, 2016?

Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.

As a Data Privacy Day Champion, Information Managers Ltd. recognizes and supports the principle that organizations, businesses and government all share the responsibility of being conscientious stewards of personal information by respecting privacy, safeguarding data and enabling trust.

To celebrate Data Privacy Day, Information Managers is offering a free Data Privacy Day Privacy Awareness E-Course.

When you register, you will receive one email a day from January 21 – 29 with a privacy tip, easy to follow instructions, and links to additional resources that can be applied at home or in the office.

You can share this information with your friends, family, and co-workers.

Data Privacy Day E-course might qualify for CPE credits, too!

Use this Data Privacy Day E-course as part of your privacy awareness training program.

Tweet This!

Tweet This!

Celebrate Data Privacy Day with Information Managers Ltd!

What to do next: Sign up for the Data Privacy Day E-Course!

Register Here – Don't miss out on this free E-course!

E-course ends Jan 29.

* indicates required


Email Format

 

#PrivacyAware, Data Privacy Day, Data Privacy Day Edmonton, Practical Privacy Coach, privacy, privacy awareness, security

Who Can Authorize Payments in Your Healthcare Practice?

Posted on November 18, 2015 by Jean Eaton in Blog

Can your boss send the bookkeeper or clinic manager an email to authorize payment?

You might want to re-think that.

Read this CBC investigation report, “Ransomware, bogus emails from your ‘boss' mark growing skill of cyber-criminals” to understand the risk to small businesses from targeted phishing attacks.

There are many creative ‘cyber bad guys’ who love to trick you into providing your personal information or use social engineering to trick you to take action – like making a payment to ‘Mr. Smith'. It is essential to train your employees to help them identify an attack and prevent phishing attacks and prevent a privacy breach. If you are breached, learn how to spot and report it.

Set up clear policies in your healthcare practice about authorizing payments to legitimate vendors. Consider having one person responsible to create the cheque and another person to sign the cheque. Don't rely on email to authorize payments, especially to new accounts.

Related Posts:

Is Your Patient’s Health Information Protected from Cyberextortion?
Email Phishing

cyberextortion, healthcare procedures, phishing, security

National Cyber Security Awareness Month Champions

Posted on October 1, 2015 by Jean Eaton in Archive

We are proud to become a Champion of National Cyber Security Awareness Month (NCSAM) 2015, joining a growing global effort among colleges and universities, businesses, government agencies, associations and non-profit organizations to promote online safety awareness.

Celebrated every October, National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure everyone has the resources needed to stay safer and more secure online. As an official Champion, Information Managers recognizes its commitment to cybersecurity and online safety.

Register for the 15 Day Privacy Challenge

Information Mangers is hosting a fun, no-cost privacy awareness event that starts October 15. Participants receive a daily privacy challenge to help them review their existing policies, create new polices, and improve privacy and security best practices. The challenges require ‘entry-level’ skills and are applicable to both office and personal use.

Register for the 15 Day Privacy Challenge

Do you Twitter chat?

The first Twitter chat of National #Cyber #Security Awareness Month (#NCSAM) is Thursday Oct 1!

STOP. THINK. CONNECT., the global cybersecurity awareness campaign, is hosting Twitter chats each Thursday in October at 3 p.m. ET/12 p.m. PT.

Use #ChatSTC to join the conversation, focusing on how to build a safer, more secure and more trusted #Internet.

The schedule and more information are available at National Cyber Security Awareness Month (NCSAM) website.

cyber security, National Cyber Security Awareness Month, Practical Privacy Coach, privacy, security

15 Day Privacy Challenge October 2015

Posted on September 10, 2015 by Jean Eaton in Blog

October is Cyber Security Awareness Month!

Information Managers is proud to host the 15 Day Privacy Challenge  – a fun, no cost educational opportunity on privacy and security. A privacy awareness training program for work and home.

How it Works:
Each day, for fifteen days, participants receive an e-mail with a privacy challenge. The task is a privacy or security best practice that can be used in home or business. Each email includes a short description about why this is a good practice, how to start it, and links to additional resources. Each challenge will take about 15 minutes to complete.

 

Register me for the Free 15 Day Privacy Challenge

We invite you to share this great opportunity with your colleagues.

Help your clients with useful tips, tricks and resources to make their jobs easier.

The 15 Day Privacy Challenge begins October 15, 2015.

Email me my Privacy Challenge!

Use the 15 Day Privacy Challenge as part of your privacy awareness training for your organization.  Send us an email to request promotional materials.

Want to know more?  Listen to the interview with Jean.

Practical Privacy Coach, Practice Management Mentor, privacy, privacy awareness, privacy officer, security, security awareness, training

Do your staff work alone?

Posted on May 9, 2015 by Jean Eaton in Blog

In our Practice Management Nugget series, on July 31, 2014,we spoke with Dave Rodwell of D.E. Rodwell Investigative Services Ltd. on “Corporate Security – A Must for Any Organization”. Here are a few security tips for your healthcare practice.

What is the most devastating thing that could happen to your business?

Your employee is physically assaulted on the job by a stranger. A car drives through your office window. A shouting match between a patient and your employee. Internal theft of your cash box. Identifying those devastating events is the first step to prevent those events and to prepare your incident plan. Then,

  1. Document the plan
  2. Share the plan with your staff
  3. Practice the plan

This will help your organization to prevent incidents that could impact your business.

“Cash is a tempting target for an employee who is having financial difficulties.” Dave Rodwell

We want to be able to trust the people that we work with. We try to hire good people, but circumstances change and a plain unlocked cash box that everyone uses is a tempting target. You should have written procedures in place to limit the amount of cash in the office and controls in place to make the cash less tempting to steal.

20_60_20_Theory_Information_Managers20% of the general population will never steal under any circumstance

60% of the general population may be tempted to steal if there is an opportunity and that there is a reasonable chance that they won’t get caught

20% of the general population will steal whenever they have an opportunity

Incident management and internal investigation

Every organization should have a crisis response checklist including a plan to conduct an internal investigation of an incident. This includes creating an objective report that can be presented to senior management, who makes a decision on how to respond to the incident. The investigator – internal or external to the business – needs to be perceived as objective, fair, and thorough so that the decision made by senior management is respected.

Do your staff work alone?

You might have an employee who works alone for part of their shift in your practice. Maybe employees work at the same time but at opposite ends of the office.

 

If an employee cannot be seen or heard by co-workers who can offer assistance, they are considered ‘working alone’.

The employer is required to conduct a hazard assessment and must establish an effective strategy to reduce the risk of harm. Most provinces have legislation that requires a business to conduct a ‘work alone assessment’. The assessment includes:

  • Identify individuals who work alone
  • Identify risks to individuals work alone
  • Identify reasonable risk mitigation strategies to prevent harm to employees
  • Provide training to the employee that safeguards the employee (make sure you document the training!)

We want to keep our employees safe from harm and are willing to take reasonable steps to protect and train the employees. If you don’t take steps to meet work alone legislative requirements and an incident occurs it could impact your insurance coverage. An investigation into the incident could find that your business ‘operated contrary to the laws of the land’ and your insurance coverage may be null and void.

Working Alone Safely handbook is available from Government of Alberta to help businesses implement work alone strategies.

Employers and employees have a responsibility to ensure a safe workplace. Get started on your incident plan by taking a risk survey. Then select one or two risk areas that you can quickly and easily prevent and develop your incident response plan.

The replay of this interview is now available as a member benefit. Try out a Trial Membership to Information Managers Network to access this Practice Management Nugget interview and other webinar replays and resources. And if you’re already a member, just log-in and enjoy!

Trial Membership Information Managers Network Information Managers Network Login corporate security, Dave Rodwell, incident plan, Practice Management Mentor, Practice Management Nugget, risk management, security, work alone

What computer network server are you using?

Posted on February 5, 2015 by Jean Eaton in Blog

Windows Server 2003 is being retired in July 2015. If you have a Windows 2003 server, you need to work with your IT vendor to plan a successful retirement.

Why should you care?

  • Security updates and patches won't be available – leaving your computer network with a known security risk.
  • Third party products used in combination with Windows Server 2003 will likely also no longer be supported or function adequately.
  • It's time – hardware software has a best before date and the server is reaching that time. If you haven't updated your hardware or software for many years you can be pleasantly surprised about updates that are available.

Yes, it takes time and planning to retire your server and your associated peripherals (printer, Uninterrupted Power Supply (UPS), backup devices, fax machine, etc.) Start working on this project now so that you can make informed decisions, take advantage of sales and discounts, and plan the switch at your convenience.

This article from MicroAge can help you with further information.

computer network security, computer network server, privacy, security, Windows 2003 server

Sponsors

Posted on October 21, 2014 by Jean Eaton in Blog

We’re tickled pink that these fine partners are Sponsors of the 15 Day Privacy Challenge!

Group of Rogues

The Group of Rogues is an Edmonton based company, who specialize in Marketing and Advertising strategies.

“Customers make decisions about buying your product based on their needs, not yours. With a customized team of elite creative and strategic minds, we learn who your customers are, what they want and how you can solve their problems. Then we develop campaigns with the right tools to be where your customers are when they need what you have to offer.

We help you create smart, meaningful marketing that resonates with your customers.”

Check out their website here!

Grant Ainsley Logo

Grant Ainsley has become one of Canada’s most popular media trainers. He works with CEO’s, politicians, association leaders and others to refine their messages when they speak with the media. He also speaks and conducts training locally and at conferences across the country about media relations, crisis communications and social media.  Grant Ainsley is the author of The Honest Spin Doctor: Navigating the Media Maze

Check out his website here!

ITPG-logo

ITPG is a Global Leader in Providing Professional Education, training, delivery fulfilment and IT professional services.  They provide association management; awareness, training, and education curriculum development and delivery; certificate and certification program optimization; and event management expertise. One area of specialty is Cyber Security Services.

“The SCIPP EUSA Certificate Program provides end-users with the world’s most up-to-date, internationally-recognized, effective, and efficient security awareness program for end-users of organizational enterprise networks.”

Check out their website here!

GREAT_Job_Nelson_ScottNelson Scott

Through his writing and presentations, Nelson Scott provides managers, supervisors and other leader with tips, tools and techniques to enable them to hire the right person every time and to use high-value, low-cost staff recognition to improve retention, boost morale and increase engagement. To learn about Nelson's presentations and workshops, to read more articles on staff recognition and interviewing, or to purchase copies of his book, Thanks! GREAT Job!, visit www.GREATstaffrecognition.com

 

TELUS_EN_PURPLETELUS WISE® is a unique educational program focused on Internet and smartphone safety to help keep families safer from online criminal activity such as financial fraud and cyberbullying. This program is available free of charge to all Canadian adults/parents, kids, teachers, policing services and community groups (e.g. sports groups). Canadians can participate in TELUS WISE via two unique programs:

TELUS WISE is a program for parents, educators and groups which provides access to:

o  Seminars – TELUS WISE Ambassadors host one hour public seminars engaging participants in a discussion about Internet and smartphone safety and security. These seminars are also available upon request for TELUS business customers, community investment partners, parent groups and community associations.

o  A WISE virtual community – www.telus.com/wise is a secure website that provides users with ongoing access to great resources, articles and training around Internet and smartphone safety and security for their families.

o  TELUS WISE tip sheets are also available in Chinese simple, Chinese traditional, English, French and Punjabi.

o  TELUS Learning Centres – Learning Specialists in more than 225 of our exclusive TELUS locations, provide personalized, one-on-one guidance to customers on Internet and smartphone safety and security as a part of our TELUS Learning Centre program.

TELUS WISE footprint is an online digital citizenship program for kids ages eight through 16.  This program provides a multi-faceted experience for Canadian teens and tweens to learn how to become good digital citizens and keep their digital footprint clean – e.g. kids can visit TELUS WISE footprint to take the ‘footprint challenge’.  Upon request TELUS visits schools and engages students in engaging digital footprint discussion. There are also some great ways for kids to earn dollars for their school’s digital literacy programs while they learn.

 

Dave Rodwell logo #2   Dave Rodwell entered the field of private investigation and security consultation work  upon retiring from he RCMP. For the last number of years, he has helped companies and individuals by conducting investigations in the following areas:      internal thefts,insurance investigations, motor vehicle accident investigations, unfair business practices, wrongful dismal, sexual harassment, pre-employment screening, and missing persons.

He has helped a number of companies with an assessment of their security needs, and provided written procedural manuals to meet their company needs.  Dave's client base includes law firms, large and small companies, Federal and Provincial governments, municipalities, educational institutions, and individuals.

Checkout Dave's website here!

 

Rebecca Herold, The Privacy Professor, is an information privacy, security and compliance consultant, author and instructor who has provided assistance, advice, services, tools and products to organizations in a wide range of industries during the past two decades. Rebecca is a widely recognized and respected information security, privacy and compliance expert.  Checkout Rebecca's website here!

 

Are you ready to accept the 15 Day Privacy Challenge?  Registration is still open!

Dave Rodwell, Grant Ainsley, Group of Rogues, ITPG, Nelson Scott, Practical Privacy Coach, privacy, Privacy Professor, security, TELUS WISE, trainingGrant Ainsley

Top ten privacy and security tips for business

Posted on September 11, 2014 by Jean Eaton in Blog

September is the new New Year.  Sunny days and cool nights. New schools. New fashions. New energy to review your New Year's resolutions.

How are you doing on your Top Ten privacy and security New Year’s check list?

Don't worry–here are few reminders.

  1. Change your passwords on your computers, perimeter security alarms, voice mail, debit and credit cards and other places.
  2. Encrypt your data. Do you know who has the encryption key?
  3. Back up your data. Keep separate from the source data – on a different device and stored in a different secure location.
  4. Restore your data, know how this works. Try restoring a few different files. Open the files and make sure that you can read and print the files.
  5. Review your policies and procedures.
  6. Check your employee orientation files and make sure that they are up to date.
  7. Find and make a written inventory of all your USB drives and external hard drives. Store them in one location so that you can quickly notice if one is missing.
  8. Find and make a written inventory of all your office door keys. Make sure none are missing and securely store what you do not need.
  9. Update your privacy awareness and security training – and made sure that everyone – including contractors and professional staff – receive the training.
  10. Update your oaths of confidentiality and review your contracts with vendors and information managers and business associates.

As a privacy officer, clinic manager, or healthcare professional it is your responsibility to ensure that you protect the confidentiality and security of the private information that your patients, employees, or business associates give to you.  Of course, you want to protect your personal and business information, too!

Quote_Practical_Privacy_CoachThese top ten privacy and security to do items are commonly accepted business best practices are a good foundation to develop your practical privacy and security program.

 

healthcare, Practical Privacy Coach, privacy, privacy officer, security
1234

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

It is a rare privilege to work with an authentic expert who fulfills their role of consultant and coach with curiosity and respect for the specific nature of their client's unique enterprise. Jean Eaton was always prepared, sat every meeting on time, listened to an endless barrage of questions and answered every one with patience, grace, and wise counsel. The end product Information Managers Ltd provided ECHO Health was exceptional; their ongoing support will be a large measure of our success going forward. I highly recommend their services.

- Dr. Gregg Trueman-Klein, NP, ECHO Health

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}