☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

The Dangers of Spam

Posted on by

SpamCyber-attacks are becoming more and more prevalent among Canadian companies. One of the most common ways of attacking a business is through spam. Spam is email that is sent to an individual and usually contains links about a product or service. The link will then bring you to a harmful website where malware is automatically downloaded to your computer and gains access to sensitive information.

There are many ways you can recognize and avoid spam. Here are a few:

  • Do you know the sender? If not, try to find out who it is and why he or she is contacting you before you open the email.
  • Are there misspellings or incorrectly used words? Sometimes the person sending the spam will do this so that it can sneak past spam filters.
  • Have you been sent something by this person or company before but now the email looks drastically different? It could be a fraudster posing as this person or company because it is already known and trusted.
  • Treat emails that sound too good to be true or that request personal information from you with caution.

If you notice your company seems to be getting a lot of spam, there are things you can do to combat this:

  • Set up a program that filters out spam.
  • Your employee email list should always be kept confidential. If someone outside of the company needs your email address, give him or her a more generic email you use that is not connected to your company email and the information stored within.
  • Establish an employee Internet usage policy at your office. This is one of the most useful steps in protecting your company from spam and subsequent cyber-attacks.  It should include guidelines on things such as general security, acceptable Internet use, the use of personal equipment and desktop services security. Make sure all employees sign a copy of an employee Internet usage policy and review it yearly.

 

 

© 2013 Zywave, Inc. All rights reserved.

Responding to a Data Breach

Posted on by

Network security crashNo company, big or small, is immune to a data breach. Many small employers falsely believe they can elude the attention of a hacker, yet studies have shown the opposite is true. According to the Symantec SMB Threat Awareness Poll Global Results, 40 per cent of the data breaches in 2011 were at small to mid-sized companies.

Data breach response policies are essential for organizations of any size.  A response policy should outline how your company will respond in the event of a data breach, and lay out an action plan that will be used to investigate potential breaches to mitigate damage should a breach occur.

Defining a Data Breach

A data breach is an incident where Personal Identifying Information (PII) is accessed and/or stolen by an unauthorized individual. Examples of PII include:

  • Social insurance numbers
  • Credit card information (credit card numbers – whole or part; credit card expiration dates; cardholder names; cardholder addresses)
  • Tax identification information numbers (social insurance numbers; business identification numbers; employer identification numbers)
  • Biometric records (fingerprints; DNA; retinal patterns and other measurements of physical characteristics for use in verifying the identity of individuals)
  • Payroll information (paycheques; paystubs)
  • Medical information for any employee or customer (doctor names and claims; insurance claims; prescriptions; any related personal medical information)
  • Other personal information of a customer, employee or contractor (dates of birth; addresses; phone numbers; maiden names; names; customer numbers)

Data breaches can be costly. According to the Ponemon Institute’s Cost of a Data Breach Survey, the average per record cost of a data breach was $194 in 2011; the average organizational cost of a data breach was $5.5 million.

Breach Containment and Preliminary Assessment

A breach or a suspected breach of PII must be immediately investigated and contained. Since all PII is of a highly confidential nature, only personnel necessary for the data breach investigation should be informed of the breach. The following information must be reported to appropriate management personnel:

  • When (date and time) did the breach happen?
  • How did the breach happen?
  • What types of PII were possibly compromised? (Be as detailed as possible: name; name and social insurance number; name, account and password; etc.)
  • How many customers may be affected?  Read full article >>

Talkin’ Turkey with ABEX!

Posted on by

Turkey DriveEvery family should have a Christmas dinner!

Like you, my colleagues and I in the Kitchener Conestoga Rotary Club (KCRC) believe every family should have a special Christmas dinner, including a turkey.  With the generosity of local businesses and our community, KCRC’s Turkey Drive has raised over $1,200,000 in support of House of Friendship’s Christmas Hamper Program, which provides a gift of food to families in need at Christmas-time.

What is the need in our community?

Here are the facts for the 2013 Turkey Drive.   We need to raise a minimum of $300,000 in the next four weeks to:

  • purchase 3,700 turkeys
  • supply food products for 4,250 hampers
  • recruit 600 volunteers to pack, deliver and distribute the turkeys and hampers
  • help make Christmas just a little better for over 12,000 in our community  

What will that cost?

KCRC’s 2013 Turkey Drive goal is $300,000. We know this is a big goal, but we believe if we all pitch in a little, we will reach this goal, and more importantly reach thousands of local families.  Each donation of $100 will feed a family of four (including a hamper and turkey).  For as little as a donation of $25.00, you can sponsor a turkey (all donations over $20 will receive a charitable tax receipt).  How many families will you help feed? How many turkeys can you sponsor?

How can YOU talk turkey?

Give to the Turkey Drive.  Donate securely online at www.turkeydrive.ca or make your cheque payable to KCRC Turkey Drive and mail to:

Jad McGregor
ABEX
785 Bridge St., Units 5 & 6
Waterloo, ON N2V 2K1 

Thank you.

Gobble Gobble!

Study Shows Cyber Risk is a Growing Concern

Posted on by

Cyber CrimeBased on a global survey of over 500 executives, Lloyd’s Risk Index is calculated to show the top risks for businesses. Cyber risk has jumped from the 12th spot on the list of risks for businesses in 2011 to the third spot in 2013. Surprisingly, business leaders still remain unaware of just how devastating this kind of attack can be.

The cost of cyber breaches is growing each year, as is the number of times these attacks are occurring, which explains the jump on the list of risks for businesses—but still, business owners are reminded to properly assess the damage that cyber attacks could cause them.

Contact ABEX  for more information on data security and protecting your technological risk.

 

 

© 2013 Zywave, Inc. All rights reserved.

Cyber Liability: Managing Password Threats

Posted on by

Online PasswordOrganizations trust passwords to protect valuable assets such as data, systems and networks. Passwords are versatile—they authenticate users of operating systems (OS) and applications such as email, labour recording and remote access, and they guard sensitive information like compressed files, cryptographic keys and encrypted hard drives.

Because passwords protect such valuable data, they are often a prime target of hackers and thieves. Although no method of password protection is 100 per cent effective, it is still important to understand and mitigate threats to password security so you can protect your company and its assets.

Types of Password Threats

Implementing security measures starts with anticipating security threats. There are four main ways that attackers attempt to obtain passwords: capturing passwords, guessing or cracking passwords, replacing passwords and using compromised passwords.

1.     Password Capturing

An attacker can capture a password through password storage, password transmission or user knowledge and behaviour. OS and application passwords are stored on network hosts (a computer connected to a network) and used for identification. If the stored passwords are not secured properly, attackers with physical access to a network host may be able to gain access to the passwords. Never store passwords without additional controls to protect them. Security controls include:

  • Encrypting files that contain passwords
  • Restricting access to files that contain passwords using OS access control features
  • Storing one-way cryptographic hashes for passwords instead of storing the passwords themselves

Hashes are the end result of putting data, like passwords, through an algorithm that changes the form of the original information into something different. For example, the password ‘default’ could be mapped as an integer such as 15. Only the network host knows that 15 stands for the password ‘default’. Read more >>

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN