☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

4 Questions to Ask When Choosing a Cloud Computing Provider

Posted on by

cloud computingMoving an aspect of your business—like email, payment processing, data storage, etc.—to the cloud can help you save money and streamline processes. As an added bonus, cloud service vendors can handle administrative tasks like security, maintenance, backup and support, allowing you to focus on the day-to-day operations.

However, with so many cloud computing solutions and vendors to choose from, it’s hard to know what to look for.

To ensure the process goes smoothly and that you choose the right provider, it’s important to ask yourself the following questions:

  1. What’s the vendor’s track record? Before landing on a cloud solution, it’s important to consider the vendor’s reputation. In general, it’s best to find a company that has been in business for a fair amount of time and has a good history of service.
  2. What are the vendor’s capabilities? After understanding what you are looking for in a cloud computing solution, it’s critical that your vendor can meet your needs. Your provider should be able to implement your desired solution on day one and have the expertise to continually offer new ways to adapt to changing markets.
  3. What’s their pricing? A vendor may have everything you need, but could end up being out of budget. Determine a realistic amount you’re willing to pay for cloud services and compare that number to your options. It’s also important to only pay for what you use. Don’t be afraid to renegotiate if a company wants you to pay for extra bells and whistles you don’t need.
  4. Is my data safe? In an age where cyber crime is common and proprietary data can be lost with the click of the mouse, security is key. When researching vendors, ensure that you know the location of their data centres and what precautionary measures they have in place to prevent a hack. If possible, consult an expert to see if a prospective vendor is compliant with all applicable industry security standards.

Keeping in mind the above tips will ensure that, when the time is right to migrate your company’s data or processes to the cloud, you are prepared to choose a vendor that will help achieve your goals.

© Zywave, Inc. All rights reserved.

Privacy and Health Disclosure Liability

Posted on by

3-business-people-in-boardroomPublicly held corporations must disclose information that may have a material effect on the company—and officer health is not among examples listed in the government’s definition of “material.”

As an officer or director at your organization, you have an obligation to disclose any information that might materially affect your company or affect investors’ decision to acquire or sell shares.

Personal privacy trumps disclosure obligations as long as you are able to continue performing your duties for the company—until you turn over your duties as a principal officer, you are not required to inform shareholders. However, shareholders will likely come to know of any health issues whether or not you disclose immediately.

Shareholder Litigation

There are two scenarios that could give rise to shareholder litigation should you choose to protect your privacy and not reveal that you are experiencing health issues. In both of these cases, stock price would have to drop dramatically to merit a shareholder lawsuit.

Shareholders could claim that the announcement of your illness came at the end of a period of misrepresentation and that the company had concealed information about your well-being for an extended period of time. In this case, plaintiffs would need to establish that the information was material.

In the event of your departure from the firm, shareholders could say more should have been disclosed prior to the leave, and that by not disclosing information, the stock price was artificially inflated.

In any case, if your company is highly dependent on you for proper functioning, if there is a doubt, the best practice is to disclose information about your health.

Your Right to Privacy

Disclosures are not necessarily required about officer health—and after all, it is difficult to decide at what point it is appropriate to disclose information. However, the issue is highly debated, and some believe that the potential harm an officer’s absence could cause the company constitutes a material effect.

Risk Transfer

Directors and officers (D&O) liability insurance will cover legal costs in the event of a shareholder claim. Both you and your business can benefit from a D&O policy. Since there is no such thing as a “standard” policy, an independent insurance broker is invaluable when purchasing D&O coverage.

© Zywave, Inc. All rights reserved

Canada Ranks Poorly in Lost Revenue and Continuity After Ransomware Attacks

Posted on by

Skull and crossbones on binary code with message of infection. Eps10. RGB. Global colors

Ransomware is a type of malicious software that is specifically designed to block systems or files until a victim—typically a company or high-ranking professional—has paid a sum of money to regain access. These types of attacks can be costly, sometimes averaging up to $50,000.

According to the recent report, the State of Ransomware, by malware remediation company Malwarebytes, Canadian businesses were among those most likely to pay ransomware demands. Additionally, the report, which examined 5,400 IT staff across Canada, the United States, the United Kingdom and Germany, showed that Canadian businesses ranked among the highest for lost revenue and business interruption following an attack.

In total, around 75 per cent of Canadian businesses admitted that they would pay an attacker to regain access to key systems and functionality. Other interesting findings from the report included the following:

  • Ransomware can impact more than the original infected system or file. In the report, Canada ranked the highest for ransomware penetration, as close to half of attacks affected 26 per cent or more of a company’s extended network.
  • Executives and senior-level staff are typically the targets of ransomware schemes.
  • On average, ransomware attacks in Canada were twice as expensive as those in the United States.
  • Business applications were found to be the most common vulnerability to ransomware in Canada. While email attacks are common in other countries, Canada’s strict anti-spam laws could be contributing to the lower number of email attacks.
  • Despite Canada ranking poorly in terms of business interruption and overall cost as it relates to the impact of ransomware attacks, 51 per cent of surveyed businesses claimed they were confident in their ability to stop an attack.
  • Health care and financial services were found to be the most common industry targets for ransomware attacks.

Ransomware attacks are a serious concern—one that continues to impact Canadian businesses. In the past year alone, more than one-third of security attacks in Canada were ransomware-related. To protect themselves from this ongoing threat, organizations should consider having a risk assessment done to determine and remediate potentially vulnerabilities.

© Zywave, Inc. All rights reserved

4 Things Companies Should Document to Improve IT Security and Disaster Response

Posted on by

IT Security word cloud conceptAn IT manager has the difficult task of overseeing people, processes and technology. And, if there isn’t a departmental emphasis on documenting pertinent information, overseeing a successful IT security program can be a difficult, sometimes impossible, task.

The following are a few items IT professionals should keep a record of in order to maintain efficient IT workflows:

  1. Incident response plans. An incident response plan not only helps companies prepare for potentially crippling IT disasters, but it can also give clients, partners and customers reassurance that an organization is committed to IT security.
  2. Key stakeholders. In the event of an emergency, it can sometimes be difficult to identify who is responsible for what. This can make responding to incidents difficult and confusing. To help ensure a quick response to incidents, identify who would be the decision-makers following a variety of scenarios.
  3. Common risks. Documenting IT information and processes not only ensures business continuity in the event of an incident, but it can help IT professionals prevent threats altogether. Experts recommend that IT departments rank their top five greatest threats and detail possible actions that the department can take if and when a threat emerges.
  4. Third-party providers. More and more IT departments are working with third-party providers, especially as data continues to move to the cloud. In the event of an incident, it is important that a company is equipped with a list of contacts if there is an issue with an off-site system.

As an added bonus to documenting key IT information and processes, other departments will be able to see how data security is handled at a high level. This not only reinforces the importance of IT infrastructure, but it can help promote company-wide buy-in as it relates to ongoing training and future security initiatives.

© Zywave, Inc. All rights reserved

The Potential Dangers of App Permissions

Posted on by

app_icon_applicationsThe recent launch of Pokémon GO—a popular augmented reality game and mobile app that connects with a user’s Google account—has sparked a larger conversation about mobile app permissions and social media connectivity. This is largely due to the fact that, in an early version of the game, Pokémon GO had full access to a user’s Google accounts, unbeknownst to most users.

Similar mobile apps that link to social media platforms like Facebook, LinkedIn and Twitter are common, as they offer an easy way for users to register, post updates and connect with others. This permissions process is typically referred to as “oauth,” and essentially allows for easy third-party authorization through an open framework, either via the web or through mobile apps.

The problem is, however, that these types of app permissions have become commonplace to the point where users no longer consider what information they are sharing across various applications. Oftentimes, it’s not clear what kinds of information is gathered through “oauth”.

To compound the issue, in most cases, users are not given the option pick and choose what information they’d like to publish or share once two apps are connected. As such, in the event that an app is hacked, malicious parties could have full access to a slew of personal information.

To protect themselves, professionals recommend that users review their app permissions at least once a month. Instructions on how to do this for each social media application can be found here.

 

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN