At ActiveCo, one of our Core Values is Continuous Improvement, and we take it to heart. We’ve compiled some ideas to help motivate others with creating their own goals and, at the time of this article, their New Year’s Resolutions.
After speaking with 80,000 business managers for their book, “First, Break All the Rules: What the World’s Greatest Managers Do Differently“, Marcus Buckingham and Curt Coffman discovered these three key questions helped define happiness in the workplace:
1. Do I know what is expected of me at work? 2. Do I have the materials and equipment I need to do my work right? 3. At work, do I have the opportunity to do what I do best every day?
The following list don’t just apply to business owners or managers, they can be applied to anyone, no matter your role.
1) Do something you love to do (and that you do best) every single day.
2) Do something just for you every single day. Even if that’s just enjoying your morning coffee.
3) Give yourself credit and a pat on the back when you deserve it.
4) Strive to learn something new every single day.
Make professional contacts and network. You’d be surprised how many people are waiting for you to make the first move.
5) Practice “professional courage” by stepping out of your comfort zone.
6) Listen more than you talk.
7) Develop a method to track your life goals, your daily engagements, and your to-do list. There are many apps to help you accomplish your goals.
8) Take up a new hobby or activity this year. Reading books, hiking, eating better, any goal with positive end results will do.
9) Take yourself a little less seriously. Seriously.
These resolutions can be mix-and-matched or selected individually. Make it easy; pick just one to stick to and truly enjoy your year, knowing you made a commitment to your own, personal happiness.
On November 1st, 2018, the Breach of Security Safeguards Regulations come into effect for Canadian organizations from coast to coast. At least, for those who have personal data, commercial transaction or customers across Canada. Is that most of you? Thought so!
ActiveCo has worked directly with the Innovation, Science and Economic Development Office of Canada (the writers of the incoming legislation) throughout our entire compliance preparation process, and we have tailor-made software to streamline navigating the new requirements.
Quick Fact Check: only 4 in 10 Canadian organizations have a post-breach plan in place.
To ensure business owners know where to begin, ActiveCo encourages you reach out to have your Security Posture Assessment completed as soon as possible. This helps establish the framework for pursuing compliance, giving you specific guidance on how to meet the requirements.
When ActiveCo first heard rumblings of the November 2018 deadline, and became entrenched in learning of the legislation on behalf of our clients, we were often came up with the same questions and assumptions many others are. Well, we have already spent well over 500 hours working on this process for our clients, so we have posted a quick FAQ on some questions we have spot-checked on your behalf: Enjoy!
Fiction: There will be a grace period. Fact: the grace period actually started back in 2015 and ends on November 1st, 2018. When the government introduced us all to the Digital Privacy Act, their expectation was that organizations would begin taking steps towards compliance. Most did not. If you are still reading, you probably did not.
Fiction: “We budget for fines”. Fact: Not this kind of fine. Infractions could cost up to $100k per record. That means if one record of personal data (that means any personal information that is not Name, Title, Business Contact Info) is breached, that one record is $100k. Hackers rarely work as hard as they do to obtain one, single record. Therefore, multiply 100 by however much data you have and there’s your magic number.
Fiction: We have security, anti-virus, we’re all good. Fact: The security safeguards required to be in place for the new legislation is far above and beyond what many businesses are used to. Simply having a firewall will not cut it (actually, it doesn’t cut it before the legislation, so, maybe you should call ActiveCo..?). If your organization is ever found to have not taken steps to have appropriate security put onto your business networks, you may be subject to these very fines, regardless of whether or not a breach ever happened.
Fiction: We don’t collect information, so there is nothing at risk Fact: Every business has information on individuals beyond their Name, Title, Business Contact Info. That “personal information” includes home addresses, birthdays, pictures posted online and way more.
Fiction: We’re too small to bother Fact: No organization is too small to bother, so long as you have personal data (described above) and perform commercial transactions within Canada, you will want to take steps to pursue compliance prior to November 1, 2018.
Fiction: We’ve never been hacked (…and we never will be hacked!) Fact: The opposite of that statement. Odds are good that a breach of some kind has occurred, be it an email that was clicked on, or someone in Department A knowing information from Department B that they shouldn’t be privy to. The base expectation of the new compliance legislation is that organizations must have proper security safeguards in place, as well as consistently monitoring all breach attempts.
The incoming regulations will be impactful for the rest of our lives, requiring organizations everywhere to take a new, hard, look at how they transact business and treat their data. Other organizations will want to ensure they are working exclusively with those who also took the time and energy to pursue compliance. Job-seekers will want to work with companies that respect and protect their personal information. Governments will continue to spot-check to ensure organizations are providing those environments for their clients, prospects and employees.
Many of the things we allow to stress us out are universal, and the way we each react can either be equally universal, or completely unpredictable. Some of the biggest sources of stress can be found in the workplace. Business owners regularly hire individuals who’s sole role is to ensure their culture cultivates happy, content and (therefore) productive staff. Here, we’ll review some of the biggest sources of stress to be found in an office environment, and what some of the effects of this stress can be.
With legislation coming in November, 2018, it’s important to note the most important aspect to your staff: a culture of compliance.
A culture of compliance is about accountability awareness as a core mindset for all your team members. Holding themselves, and one another accountable, helps maintain a consistency that protects your network, data and company reputation.
As the Privacy Commissioner of Canada’s office has described to us at ActiveCo, a scenario as simple as someone from one department seeing private paperwork on a desk of another individual….that would be considered a potential security breach. Another would be writing down your password on a sticky note. Another is taking home a hard drive for a company backup, the potential for it to be lost or stolen is too great to be considered within compliance.
These changes may seem slight to some business owners but highly impactful to others. There is no organization too small or too big to avoid compliance requirements.
How to Establish the Culture: Once your organization has an assigned Compliance & Security Officer (a requirement of the new regulations), it will be a large part of their duties to work with your HR department in ensuring the staff are educated from their first day on the job what your culture of compliance looks like and how they are expected to behave and maintain that strategy for their fellow team members.
How to Celebrate the Culture: It’s great when your team members are able to hold one another accountable, helping to publicly maintain the proper procedures on a day-to-day basis. It is important that individuals are not made examples of or shamed. A culture of compliance means that everyone has the ability to “call eachother out” but the company sets the tone of the dialogue. Clearly , most would agree a positive tone will work best.
The Role of the Compliance Officer: Your compliance officer would be key in engaging the company with ongoing training, awareness of risks and reminders of “best practices”. At ActiveCo, we have helped our clients create an atmosphere of compliance.
Want to learn more? It’s as simple as clicking here!
It’s a bold new world with digital compliance being a necessary form of protection for businesses worldwide.
Why compliance and why now?
Mark Zuckerberg, founder of Facebook, spoke before the U.S. Senate in April. This highly publicized event ensured that “cybersecurity” became a household name (if it wasn’t before).
Get ready for a slew of new regulations and policy requirements to keep track of (literally, see below), as well as new rules for social media pages and websites you like to visit.
When do new regulations come into effect? November 1st, 2018.
Who will enforce these new regulations? The Office of the Privacy Commissioner of Canada (The OPC).
What’s changed…? New security requirements for businesses on how they handle their data; new rights and restrictions around access to personal information; new fines established for non-compliance; organizations who don’t have a tracking mechanism for their security breaches will need to acquire a program to put in place; proactive reporting to the Privacy Commissioner under certain scenarios.
Does this effect my business? Indeed. Every business in Canada will need to review their business procedures to be able to establish and provide proof that they have taken (and continue to take) steps to remain secure and compliant.
Much like the E.U.’s “GDPR“, these new regulations will impact every business in the country.
The Business Impact
“…this requires (Canadian) organizations to revise internal privacy policies and procedures to ensure compliance with these significant legislative changes.“ Lisa Lifshitz, Partner @ Torkin | Manes
Businesses are required to ensure their networks are protected beyond a standard firewall. Security layers must be part of your security business process, as well having an assigned, inhouse, security officer who will be the main point of contact in maintaining compliance.
The main concern, however, will be the new legislation asking all businesses to track (and report when necessary) all successful breach attempts. The definition of a “successful breach attempt”, according to the government today, is broad and business owners need to consider if the risk of being fined for non-compliance are better than having a monthly, managed system of compliance in place.
The fines, by the way? Could be up to $100,000 per incident (an “incident” being a single individual’s information being potentially compromised) and that could include multiple instances in a single breach, bringing the tally to a potential 7 digits!
Additionally, a businesses’ reputation would be at stake were they to not comply with the regulations. It is not out of the question to consider the OPC to make examples of random businesses for the first few years, impacting them financially, lowering the company reputation, and establishing themselves as a business that does not perform their due diligence. This would be a revenue and HR disaster for any business.
How Does This Stuff Impact Me Personally?
Your rights as a digital user are in the spotlight, protecting individuals, businesses and other organizations from data breaches. This will help you decide which companies to do business with, purchase from online and trust overall. Think of it as visiting a website today who’s URL has a big, red, “Not Secure” next to their www address. Would you stay on that website, or enter your credit card information?
In Canada, you can currently have online information about yourself updated and corrected, but not removed (at the time of this writing). You can also find out what websites, apps and social media have under your name, how they got it, and what they do with it. In Canada, this has already been established as “de-indexing” and “source takedown”, which you can review online.
ActiveCo includes KnowBe4’s phishing education defence planning as a standard best practice for managed services partners.
Integrating this educational awareness program with their standard, multi-layer intrusion safeguards, ActiveCo’s enhanced security protection is a unique best practice in an ever-growing threat landscape for businesses in Canada. Why is user awareness training so important?
“The last line of defence for any intrusion system is the end user, and scammers know it,” says Sam Goh, CEO of ActiveCo Technology Management.
A recent study by MimeCast tested over 95 million emails and found that 15% of malicious emails, to this day, still make it through multiple spam filtering protocols.
“Those results show there are 10 million chances for users to click on something they shouldn’t”, asserts Goh.
Standard with their monthly consulting services, ActiveCo will use KnowBe4’s testing strategies to ensure a consistency of ongoing threat awareness for their clients.
Ever wondered how aware your staff are when it comes to sniffing out phishing emails that threaten your environment? ActiveCo works with business owners like you to bolster their security, confidence and staff knowledge base around cybersecurity.
A full article on this phishing report can be seen in it’s entirety here:
We thought it was bad when we saw Cyren’s recent analysis that 10.5% of bad emails made it through the filters.
It could even be worse than that.
“Mimecast’s latest ESRA (email security risk assessment) report found more than 14,277,163 pieces of spam, 9,992 emails containing dangerous file types, and 849 unknown emails with malware attachments — all missed by the incumbent providers and delivered to users’ inboxes.
Overall, the Mimecast security service determined that more than 14 million of the more than 95 million emails, or 15%, were in fact “bad” or “likely bad.”
In other words, the overall false negative rate in aggregate for the incumbent security systems that were tested was 15% of all emails inspected by Mimecast.
The Mimecast security inspections occurred passively after the incumbent email security system executed all of its security filters. Most notably, 11,653 known emails with malicious attachments passed through these systems, an increase of 532 percent in comparison to last quarter’s assessment.
“Mimecast’s ESRA (PDF) is aiming to establish a standard of transparency that raises the bar for all security vendors helping organisations pinpoint weaknesses in their defenses,” said Matthew Gardiner, cyber-security strategist at Mimecast.
Gardiner continued: “Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6 percent of the aggregate impersonation attacks while another global security vendor missed the 83.4 percent of the “known” malware attachments.”
Do you know what’s getting through your mail filters?
KnowBe4 is excited to announce that now you can use our brand new, innovative Mailserver Security Assessment (MSA), to help you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules.
With email still the #1 attack vector used by the bad guys, MSA helps you to see what types of messages may make it through your filters from the outside.
MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.
For further details on how cybersecurity threatens your business, call ActiveCo Technology Management at 604.931.3633 for a conversation.