Posts

Develop ‘Security Champions’ For Successful Enterprise Security Scalability

What steps have you taken to create an internal team of security champions to support your security strategy? The idea is to create “front-line support”.

Ian Amit writes, “These advocates know their businesses better than any of my security engineers could, and they are deeply embedded in their organization’s culture. And, as a result, they can provide the best context for security decisions. Our role is to equip them with our services and security expertise.”

Make your employees security assets, rather than security liabilities.

Read More…

Results Matter Cloud Services can help with coaching, education, and more. Contact us today.

Basics: How to Reduce Ransomware Risk

Ransomware attacks happen more than you think.  This is why we keep talking about.  Even just doing the basics can reduce your risk.

This article from Entrepreneur magazine are just a few of the tips you’ll get when you read this blog by Robert Siciliano.

Read More…

Advanced threat protection is important, too. Contact Results Matter Cloud Services to learn about your cyber security options.  Our Email ID Shield solution delivers proactive monitoring for compromised credentials.

Is Your Company Secure?

With over 250,000 new malware samples being created and spread every day, Results Matter Cloud Services helps keep your organization secure 24/7. Microsoft 365 and the intelligent cloud can help you protect, detect and respond to today’s modern security landscape.

As a fully integrated, end-to-end solution, Microsoft 365 helps you address new risks and opportunities and drive digital transformation to empower everyone from the executive office to first-line workers. More information is in the infographic below.

Beyond Microsoft 365 we also have services that address compromised credentials on the dark web. What is the Dark Web? Learn more here.

Contact us today to learn more about cybersecurity, Microsoft 365, or the Dark Web.

Is your company secure?

 

Ransomware Attacks Target Municipalities

If there’s one organization you tend to trust with your information, it’s the government. The truth is though that many municipalities are simply not doing enough to protect themselves, and your data. Ransomware attacks are targeting municipalities due to their valuable information and security vulnerabilities.

Canadians and American Municipalities Both Affected

The following are some of the Canadian cities that have had cyber attacks occur since 2018:

  •             Cambridge, ON, CAN
  •             Stratford, ON, CAN
  •             Wasaga Beach, ON, CAN
  •             Midland, ON, CAN
  •             Regina, SK, CAN
  •             Mekinac, QC, CAN

Recorded Future Blog compiled a list of American cities and public services hit by ransomware starting in 2013. The image below shows 2018 onwards, which is almost half of the list.

Table of US Municipalities that are Targets of Ransomware Attacks

Almost half of the ransomware attacks on US cities since 2013 have occurred in the past year and a half.

More Than Pennies

On May 7, 2019, the City of Baltimore, MD was attacked for the second time in 15 months. This resulted in disruptions to the city systems for over 2 weeks. The expected cost of the attack to Baltimore is $18.2M. The city now looks to rebuild their systems and make up for lost revenue. It is not hard to imagine that Canadian municipalities are also at increased risk for ransomware attacks.

Are You Prepared for the Consequences?

As a small business owner, or member of government, how long are you willing to allow your systems to be down for, and how much money are you prepared to lose? Have you considered the money lost during the time the business is down? The money required to rebuild critical systems? Ransomware attacks are becoming increasingly creative, and cities need to consider that any of the following could happen to them:

  • Locking out of city employees from email accounts
  • Locking out of city employees from phone systems
  • Shutdown of 911 system
  • Loss of police footage potentially affecting future cases
  • Inability to complete real estate transactions
  • Inability to pay parking tickets, taxes

Some Cities Are Stepping Up

In light of all of this, municipalities such as Fredericton, NB have taken steps to protect themselves by partnering with local companies to improve their cyber security and business continuity plans before a crippling cyberattack occurs. In this case, Fredericton approved spending of upwards of $100,000 per year for 3 years. With proper preparation, municipalities can better protect themselves and their citizens, and limit their damages and downtime in the event of an attack.

Proactive Dark Web Monitoring: What You Can Learn From The Target Corporation Data Breach

Go Phish – Phishing Scams Still Alive And Well

It may seem like phishing scams have been around forever, and people are more and more aware of them. So surely by now businesses and tech savvy individuals have stopped falling for them? Not so. Phishing scams are still alive and well.

US Healthcare Providers Phished

This past May, the Oregon State Hospital fell victim to a phishing scam, and the Medical Oncology Hematology Consultants disclosed a past phishing scam.

In Oregon, the phishing scam gave hackers access to names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Even though they plan to notify individuals within 4 – 6 weeks, that leaves victims exposed and unsuspecting for that period of time.

In June 2018, an untrained employee at the Medical Oncology Hematology Consultants group fell victim. The breach wasn’t disclosed until May 2019. That’s an unsettling amount of time for people to be unaware their information may have been exposed. Names, social security numbers, government IDs, financial data, dates of birth, and medical records may have been leaked.

Canadians Fall For Phishing Scams Too

In November and December 2018, BC credit union Coast Capital Savings had hundreds of thousands of dollars stollen after several of their members were phished. Phishing occurs on mobile devices too, as people responded to text messages asking for login information.

How Can I Protect My Business From Getting Phished?

Just because you’re intelligent doesn’t mean you can’t get phished! The best way to protect your company is with training and education. Check out our prior blog post about other tips to keep yourself and your employees from being phished.

Can You Help Me With Effective Cyber Security and Training?

Yes! Reach out if you’d like more information about anything cyber security!

2019 Resolutions for Cyber Security – How Are You Doing?

Is your team educated, using 2FA, and clicking cautiously?

5 Cyber Security Tactics for 2019

Cyber security issues were more severe than last year. The number of attacks and breaches increased as did the tools and processes for defending against them.

The number of police-reported cybercrimes in Alberta has increased by 185% between 2014 and 2017, according to a recent Statistics Canada report. This represents the largest increase in Canada.

Here are some of the numbers for 2018:

    • Marriott Starwood Hotels reservation system, personal information of 500 million customers over four years
    • Bell Canada hackers accessed personal information of around 100, 000 customers
    • Bank of Montreal and CIBC’s Simplii Financial were hacked
    • Ransomware attacks on the municipalities of Wasaga Beach and Midland, Ontario, along with Mekina, Quebec

More challenges require us to adopt multiple tactics.

Cyber security spending is increase at a rate of between 9 and 12 percent each year.

  1. Have a Plan: Know how you will recover from ransomware because we are all targets.
  2. Create a Security Culture: Make security a core value. Building security in at the start, leaders that are engaged, and holding teams accountable for compliance are part of creating the culture.
  3. Adopt MFA: Multi-factor authentication is needed beyond more than just VPNs and privileged accounts.
  4. Use a Password Manager: This will ensure unique passwords across platforms and ensure business credentials are different from personal ones.
  5. IT and Business Aligned: Ensure the team managing your IT security has solutions aligned with the RTO (recovery time objective) and RPO (recovery point objective) that meet your business needs.

We have to fight against complacency and keep working at it.

 

Sources:

Phishing Scams – How to Prevent a Disaster


Imagine this. You’re scrolling the internet and your instant messaging pops up. It’s someone you talk to quite frequently, and they’ve sent you a link telling you to check it out. You click the link, and suddenly your files start changing and you can’t open anything. Suddenly you’ve become a victim of a phishing scam.

What just happened?

You sit there confused, but in the back of your mind you understand the link you clicked was not what it seemed to be, and are now wondering what it will take to get the information back?

Phishing is a common cyber crime that has hit many unsuspecting people, and sometimes the results are harmless. Sometimes you are only locked out of your online accounts for few minutes. But other times serious damage can begin the minute your mouse clicks the link.

Hackers target companies and individuals by email, and most people see a link in an email and don’t even consider it is going to be detrimental to click.

A good rule to follow is to limit the links you do click in email messages.  Remember, when protecting yourself from phishing scams, pay attention to the where the link is going to take you, be skeptical of email attachments and pay close attention to the sender email address.

If something looks suspicious, taking the time to check and be sure makes sense.

Getting to a place where you understand how to protect yourself takes effort and some training. This training has come a long way over the years.

Find out how a few quick and focused training sessions can help you and your team improve your skills.  Ask us about some options for effective cyber security training.

Federal Budget to Spend up to $1 Billion on Cyber Security

Murray Brewster, CBC News, explains how new money is coming from the Federal government to protect the 2019 election.

According to Brewster, the United States is still reeling from the effects of the 2016 presidential election, which the American intelligence community says was disrupted by Russian hacking and information influence operations.

With money in the budget to also include training and retaining cyber security experts, the requested amount will be allotted once details are agreed on about which departments will get funding, and where the rest of the money will be placed.

“There has also been a lot of debate in Canada about how to leverage the military to address the cyber skills shortage and meet its own growing needs for people with sophisticated technical skill sets,” stated Brewster.

The full article can be read here.