Skip to content

The Sunday Brief for Sunday August 20, 2017

The Sunday Brief heatherannemaclean.wordpress.com

For this Sunday Brief I am focusing on the top blogs I enjoyed about privacy. As this is a growing issue, all MarComm Practitioners and business owners should be placing more priority on privacy. In fact, in the industry we say that you should be baking-in privacy planning (as well as cybersecurity) from the very beginning. So, with that in mind, let’s check out the latest Sunday Brief:

Dark Reading

This blog always has insightful information. This time, I am focusing on a post by Kelly Sheridan. The post is entitled 50% of Ex-Employees Can Still Access Corporate Apps. From a privacy and security perspective, this is a disaster waiting to happen. As Sheridan points out, the value of data is significant and the probability of a data breach is much higher when you fail to do one of the number one – and easiest things – to protect your client data – disable access. This is a great read and a ‘must-do’ practice for all organizations.

 IT Security Guru

I find this article really fascinating. I work hard to keep my work and personal lives separate. I have always maintained two phones – one for my personal “stuff” and one exclusively for my work. So, when I saw “Employees rate mobile privacy highly, as less than half prefer to keep work and personal lives separate,” I was somewhat surprised that less than half want to keep their personal lives separate and distinct from their work lives. This blog post was written by Dan Raywood.

Interestingly enough more than 84 per cent of employees rate privacy as a top three concern. However, there is a clear lack of trust in the ability of their employer to manage their mobile security and privacy. That is pretty significant.

This is article is very interesting to me in terms of the lack of trust that exists and secondly that so many people aren’t concerned about keeping their private lives separate from their employers. The two concepts don’t seem to align.

BH Consulting 

This particular entitled Doing privacy ‘rights’ vs doing privacy ‘right’ by Valerie Lyons gives an interesting look at privacy and different roles that individuals, government industry play.

 

All three blogs are a great read. I encourage you to check them out if you are interested in privacy-related topics. And if you are looking for MarComm support for your organization, reach out to us at TaylorMade Solutions.

 

Advertisements

Three Cybersecurity Lessons from the Internet Outage in Eastern Canada

cybersecurity, bell

If you were in Eastern Canada or trying to connect with someone in the region for work or pleasure on August 4th, you might not have succeeded for a period of three hours or so. While this event was NOT tied to a cybersecurity breech or issue, there are three cybersecurity lessons that we can learn from the Internet Outage in Eastern Canada.

One service provider, Bell, confirmed this week that it was a perfect storm of the work of construction crews -unrelated to Bell’s operations – not checking for cables prior to digging that resulted in service to internet, mobile and landlines being impacted. This outage also impacted emergency services in much of Atlantic Canada. (Another good reminder for construction crews to call before you dig.) Bell’s customers were not the only ones affected. Telus, Koodo and Virgin customers also had interrupted services. Thankfully they took action quickly and remedied the situation as quickly as possible.

So, other than an extreme inconvenience to customers, there are some observations we can make from this experience. This outage can really help people think what would happen if there was a major cybersecurity attack in Canada. This is something good to come out of this outage – getting people thinking about what-if scenarios.

1.  Our Economy Depends on the Internet

I feel like this should be a no brainer, but at the same time I do want to reinforce this thought. We typically have such reliable internet services that we don’t give it a second thought. If anything, this outage should have really pounded home the fact that a cyberattack could not only have the same affect, but the likely hood that it would only last a few hours, is slim to nil. The affects would be long-lasting.

This outage impacted not just consumers of these service providers, but businesses in general. If your business relies on the internet for online sales or providing support services, your customers, regardless of where they are located were not able to purchase your products or services for hours. They also were not able to get online support services from you. If they went old school and tried to call you, they were also out of luck. In some cases, this might be enough for potential customers to go to your competitors.

What if you were delivering online training to customers around the globe on that fateful Friday? People who had paid and signed up weeks prior were then either dumped from the online course and/or could not sign-in.

Finally, this was a long weekend in Canada. Imagine people travelling and wanting to make last minute hotel accommodations. What happens when they can’t get through to you? Or, what happens when their car breaks down on a highway somewhere and they can’t use their phone for hours to call for help? This was the middle of summer and warm. What would happen if this was the middle of January in Eastern Canada?

These are all very real scenarios that could happen as a result of a cybersecurity attack.

2. Our Safety Depends on a Safe and Resilient Internet

I am fairly certain there were people who dialled 911 or other emergency service numbers on the 4th that were quite alarmed when they could not actually reach help. Whether it is hours or minutes, time matters in an emergency!

3. Security and Privacy, Backup Systems and Processes Must be Baked-In at the Beginning of all Systems

We must never underestimate security, privacy, backup systems and processes being what we call “baked-in” at the beginning of any system development. All new systems must be created with these critical elements a part of the planning, development and execution process.

It is critical to note that this has not always been the case. It’s not that it was left out intentionally, but older systems could have been built at a time when cybersecurity breaches were not the reality. That being said, it is very much our reality now. As a result, all businesses and governments must now revisit and update their systems to ensure that these critical elements are baked-in going forward.

Eastern Canada has been fortunate to have good systems in place run by leading companies. This outage however, was definitely – or should definitely be – a wake-up call for us all to revisit cybersecurity measures to ensure that we protect our citizens and our economy. After all, we need a safe and resilient internet in order to operate our businesses, our emergency services and live life the way we have all become accustomed too.

Cybersecurity is a critical issue that we all face now. If you are interested in learning more about communications protocols around cybersecurity and privacy breeches, get in touch with us.

Four Reasons You Should Have Cybersecurity Insurance

cybersecurity, cyber security

Do you have insurance on your house? Of course you do. So, the question is why wouldn’t you protect your business – your source of income – the same way you protect your home? Cybersecurity insurance won’t stop a breach. It will, however, help raise awareness and cover damages, should you be attacked.

Small or medium-sized business owners should check out these four reasons to have cybersecurity insurance.

GENERAL LIABILITY INSURANCE DOES NOT TYPICALLY COVER CYBERSECURITY ISSUES

Data breaches and other cybersecurity issues such as ransom are not typically covered in general liability insurance policies. It’s essential to understand what is, and what is not, covered in your policy.

COST OF A BREACH IS MORE THAN YOU THINK

The damage caused by a data breach will exceed the cost required to overhaul security procedures or replace lost or stolen laptops. Many business owners and managers fail to consider the costs over and above replacing tangible assets.

For example, the financial impact on corporate reputation could be devastating. Reputation costs range; it could be a few thousand dollars to build new processes and policies to reassure customers it won’t happen again. On a larger scale, it can result in stock prices dropping significantly. In worse case scenarios, approximately 60% of small businesses will cease operations within six months of a breach according to the U.S. National Cybersecurity Alliance.

A final cost consideration is the penalties rendered as a result of a data breach. Canada, like most jurisdictions, continues to modify its privacy regulations. It is anticipated that sometime this year, regulations requiring notifications of data breaches will be implemented in Canada. Fines of up to $100,000.00 could be issued.

YOU ARE STILL RESPONSIBLE FOR DATA PROTECTION EVEN IF YOU OUTSOURCE YOUR IT HOSTING OR USE THE CLOUD

Business owners and managers often fail to understand this important nuance. Just because you outsource IT, have another party host your data or use the cloud, does not remove your responsibility to protect personal data. You have collected the data, therefore, by law you hold the responsibility to protect it.

YOU PROBABLY DON’T HAVE A RISK MANAGEMENT TEAM

Risk management teams are reserved for larger organizations. They have bigger budgets and access to more resources for their overall operations. They look for, and assess, all types of risks, not just cybersecurity or data risks.

Smaller businesses have neither the budget nor the ability to have full-time risk management teams. Insurance providers typically have checklists or a minimum set of standards to follow for coverage. This is very similar to home insurance. If your insurance company recommends a new roof for example, and you don’t comply, don’t expect coverage if you have a major leak.

Cyber insurance is continuing to evolve as cybersecurity issues emerge. The one thing for sure, however, is that cybersecurity insurance can help protect your operation, your employees’ source of income and your client’s data.

Want to learn more about cybersecurity communications? Contact us at TaylorMade Solutions .

This blog post was previously posted on the CyberNB blog.

What Your Business Doesn’t Know About Cybercrime Will Hurt You

cybersecurity, cyber security, Heather-Anne MacLean

Cybercrime isn’t going away. In fact, it continues to grow. Cybersecurity Ventures predicts that cybercrime will cost the world in excess of $6 trillion annually by 2021. If that number doesn’t alarm you, the fact that 43% of attacks are focused on small business, and that 60% of small businesses attacked go out of business within six months, should.

In April, the Canadian Chamber of Commerce issued a report entitled: Cyber Security in Canada: Practical Solutions to a Growing Problem. This extensive report provides insight on the current cyber landscape, including business costs and business losses due to cybercrime. It also provides information on the growing role of cybersecurity insurance in protecting businesses. It also offers results from their important and timely research detailing significant gaps in five key areas. (Recommendations from the report are below):

  1. Technology;
  2. Public Relations;
  3. General Awareness;
  4. Legislative Requirements; and
  5. Insurance

This report is particularly interesting for small and medium enterprises (SMEs) because of the statistics above. “All companies are targets for cyberattack, and specific solutions change daily. Yet in many companies, there is a lack of ability to recognize these breaches. Today’s attacks are about the data, not the company or person, and they are designed to be invisible.

SMEs continue to believe risk does not apply to them because they believe criminals are targeting large enterprises. While this was certainly the case for a number of years, a shift that emerged beginning in 2013. Especially relevant and noted by Symantec in 2015, was 43% of Small Businesses were the focus of spear-phishing attacks versus 35% of large businesses.

One of the most significant and famous breaches–the Target attack–occurred as a result of a small business. It was an HVAC company working with the retail giant, which consequently had week security. A part of Target’s supply chain, they were ultimately breached and most probably unaware. This meant that criminals were able to breach Target. Three years later reports in the media detail how Target has agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia. This is over and above the total cost of the data breach being $202 million. And what happened to the HVAC company? It went out of business.

Consequently, the Canadian Chamber of Commerce acknowledges in its report, SMEs know they have to do more. With 98 percent of Canada’s economy comprised of SMEs, taking steps to obtain cybersecurity certification, cybersecurity insurance, and more is not something that can be postponed any longer. “For most companies, data is now their most valuable asset. Our goal is to point business in the direction of finding a common sense approach to risk management to protect those assets,” notes Scott Smith, Director, Intellectual Property & Innovation Policy, Canadian Chamber of Commerce.

Recommendations

The Canadian Chamber of Commerce provides nine specific recommendations in this report that merit review and understanding to help mitigate cybercrime.

  1. Government cannot protect everything, but it does have pivotal responsibilities
  2. We need an outcome-based, systemic/cohesive approach and common model of understanding
  3. Develop a “Secure Canada” Approach
  4. Develop a National Cyber Policy Framework
  5. Adopt an Enterprise Risk Management Approach and Collaborate
  6. Increase Canadians’ Cyber Savviness
  7. Government endorsement and support for the deployment of Industry Certification
  8. Incentivize Security Innovations
  9. Both government and industry need to take a proactive approach to the inevitability of Quantum and develop a Quantum-ready Strategy.

For more information download Cyber Security in Canada: Practical Solutions to a Growing Problem.

This post previously appeared on the CyberNB Blog.

5 Things You Probably Didn’t Know About the Irish or Saint Patrick’s Day

TaylorMade Solutions (Canada)

Did you know that New Brunswick’s oldest City – Saint John – is known for its strong Irish roots and history? And for those ready to celebrate Saint Patrick’s Day, we thought we would share a few interesting tidbits with you. If you have more to add to the list, let us know!

1. According to The Irish Story, more than 150,000 immigrants flooded to Saint John between 1815 and 1867. That’s 150,000 people!

2. Following the Great Fire which levelled much of the city’s central peninsula on June 20th, 1877, Saint John was rebuilt almost exclusively by Irish labour.

3. St. Patrick wasn’t Irish and he wasn’t born in Ireland. Patrick’s parents were Roman citizens living in modern-day England, or more precisely in Scotland or Wales (scholars cannot agree on which). He was born in 385 AD. By that time, most Romans were Christians and the Christian religion was spreading rapidly across Europe.

4.The original colour associated with St. Patrick is blue, not green as commonly believed. In several artworks depicting the saint, he is shown wearing blue vestments. King Henry VIII used the Irish harp in gold on a blue flag to represent the country. Since that time, and possibly before, blue has been a popular colour to represent the country on flags, coats-of-arms, and even sports jerseys.

Green was associated with the country later, presumably because of the greenness of the countryside, which is so because Ireland receives plentiful rainfall. Today, the country is also referred to as the “Emerald Isle.”  

5. Corned beef and cabbage, a traditional Saint Patrick’s Day staple, doesn’t have anything to do with the grain corn. Instead, it’s a nod to the large grains of salt that were historically used to cure meats, which were also known as “corns.”

Now of course, this post is just for fun. If you are looking for help with your Marketing and Communications strategy, and specifically to be cybersecurity communications preparedness, connect with us. We can help.

How to Spot a Bad Social Media Practitioner

social media, TaylorMade Solutions

I had one of those moments this morning.

You know that exact moment when someone says something, or you read something and your jaw just drops. You can’t believe what you are hearing or reading! Thankfully I was alone when I had this reaction. Not a flattering look I am sure.  And, on top of that, I had some commentary that just slipped out without my filter being turned on. So what made me react this way? No, it was not travesty or injustice for human-kind. I am grateful for that. No, it was more related to my profession, and specifically using social media to communicate and market your product, service or region. So, this inspired me to write this post: How to Spot a Bad Social Media Practitioner.Social Media

Now, let me start by saying that I am sure that the person in question was only doing his job. I am sure that he has processes, procedures and protocols in place. Despite this however, what he was recommending went against everything I believe in, when it comes to communications. His recommendation to people – business people- was to use it in the same manner that people used advertising 15 years ago. It was all about push communications and not REAL communications. Needless to say, the end results, I suspect, will not net the results expected.

So, let;s turn around a negative and look at 5 ways to help you select a marketing/communications practitioner who can actually help you:

1.  Resist the Urge to hire the Person or Company Who Claims to be a Social Media Expert.

Like Malcolm Gladwell said, it takes at least 10,000 hours to become a master. Very few people consider themselves masters in social media, including me – despite having 10,000+ hours into it. Why? The answer is simple, there is more to using social media than meets the eye. Practitioners like myself know that there are many layers to doing it well. Each scenario is different and we have to draw upon many levels and years of experience to make it work.

2. Avoid a Person or persons Who Only Focus on Social Media

This is a recipe for disaster. Social media is not an means to an end. No, social media is tool in the toolkit. However, to effectively use that tool you need an overall integrated marketing/communications plan. Everything must work together to reach an overall goal and objectives that all align to your overall corporate objectives. That is why it is very important to hire either a full-time resource and/or consultant who understands that social media is not a stand-alone. Social media must be part of the larger integrated strategy.

3. Hire Based On Experience/Strategic Abilities – Not Age

I have written about this before. While I fully support hiring new graduates, you shouldn’t expect a new graduate to know how to develop strategies tied to business objectives. Remember, and this is very important, using social media for personal purposes is very, very different than using it for business purposes. If you want to build a quality team, hire a seasoned professional and then let that person build his or her team, which will likely include new graduates.

4. It’s Not About You! Remember That

More than a decade into social media and inbound marketing, I still encounter so many companies that only want to talk about themselves, who they are and what they do. Research, company case studies and results continue to indicate that customers and potential customers don’t really care about hearing about your awards, what your team did last weekend, etc. Your clients/customers and prospects want to be educated. They want to know that if they work with you, they will be getting value for their money and getting benefits from the relationship.

Your marketing, including your social media should not be about you. It should be about your clients/customers and prospects. And, with that in mind, you should be using the channels where they are, not where you want to be. Finally, communicate and engage with them. Your social media resource, whether full-time or a consultant should be encouraging you to engage, not just push messages.

5. Last But Certainly Not Least: Remember Your Audience

Based on all the above, you should always be focused on your audience. Who are you ultimately are you trying to influence? Your marketing resource should always be focused on your audience and doing what is right to reach the audience. A person with real expertise will always want you to focus on your audience. He or she will recommend that you have a persona exercise which will identify who your primary and secondary audiences are. Then you will know what channels to use to reach them and what tools to use  – from online, to traditional to web and everything in between when and where applicable.

For many of us who have been working with individuals and companies for years to build solid integrated marketing/communication strategies that include social and digital media strategies, I have to confess that we should be beyond discussing the need for implementing the basics, but we just aren’t there yet. However, when I work with clients who take the plunge and do a full integrated marketing strategy and start seeing the results, I get as excited as they do!

Want to learn more about integrated marketing strategies and how they can grow your business? Contact TaylorMade Solutions today!

 

Great leaders and all self-help management books tell us that in order to be good communicators, you need to first be a good listen

An Interview With Cybersecurity Expert: Dr. Natalia Stakhanova

Cybersecurity risk management and mitigation is at the forefront of discussions in boardrooms globally. With an estimated annual burden of up to $1.7 trillion resulting from data loss and downtime (often from security violations), both the c-suite and shareholders have called on security experts to get out in front of the risk.

Researchers and research initiatives are the foundation for accomplishing this. At New Brunswick’s Information Security Centre of Excellence (ISCX), researchers like Dr. Natalia Stakhanova are leading the way with the support of funding, innovative partners, and an unparalleled focus. As one of the leading researchers in the field, Dr. Stakhanova was recognized in 2014 as the first NB Innovation Research Chair in Cybersecurity.

cybersecurity

I had a chance to sit down with Dr. Stakhanova to talk about her work.

MacLean: You were named the first NB Innovation Research Chair in Cybersecurity, can you tell us about what you want to accomplish in this role?

Dr. Stakhanova: I continue to be very excited about this initiative. Over the next few years we will be facilitating the research that will foster innovation in the field of cybersecurity. An important component will be my team working very closely with local industry to promote further commercialization of products that will benefit companies around the world.

There is already a significant level of expertise right here in New Brunswick. We will be building upon our core expertise and further developing the skills and assets that we have right here. There is a great culture of innovation and entrepreneurship among the people collaborating in this space right now. And the best part is seeing the actual results.

To generate a renewing pool of local talent, I’ll be mostly focused on building student knowledge, expertise and entrepreneurial spirit. I’m hoping that in this endeavor the Dr. J. Herbert Smith Centre for Technology Management & Entrepreneurship (TME) will step in with its programs to give students necessary skills and tools to become entrepreneurs.   

MacLean: How will you be working with other New Brunswick companies, students, and people?

Dr. Stakhanova: A major part of my role is to assess the risks that the local industry has, and to provide the research with practical applications to mitigate those risks. My work facilitates research in both the private and public sectors. Several local players have already come on board and are ready to work in a collaborative environment to focus on such issues as Smart Grid to address security-related challenges. Among these players are IBM Canada, Sentrant, and NB Power. We are also working closely with several startups. I know that through the research there will be additional commercialization.

MacLean: How does New Brunswick stand in this field of research and innovation compared to other regions?

Dr. Stakhanova: There is no question that there is a lot of support in Canada for these R&D centres and we are well positioned here at UNB with other global areas. We have leading expertise, lots of researchers, and interested private sector companies. There is an excellent relationship between UNB and the private sector. This fosters collaboration, innovation and the drive to succeed.

MacLean: What do we have here in New Brunswick that positions us better than other areas?

Dr. Stakhanova: I can’t name any other province that has as many initiatives, activities and investments in play at one time to support the Information Technology (IT) industry. There is just so much innovation and research taking place right here in New Brunswick. We also have a unique solidarity of people here in the province. People want to be here. This is so rare and wonderful.

There are of course developers elsewhere, but the developers that are here have a unique connection to the province and its people. They are loyal and can’t be lured away in the same way that you see happening in other regions. This creates a wonderful stability.

MacLean: Do you see spin off companies emerging or other companies wanting to locate here in New Brunswick to take advantage of the work that you are doing?

Dr. Stakhanova: Absolutely. We are already seeing companies from outside the region that are quite interested in what we are doing. These are still early days, but we are hearing from a lot of people.

MacLean: What made you choose to come to New Brunswick and UNB?

Dr. Stakhanova: I moved to Fredericton in 2007 as a professional Fellow. I fell in love with the region immediately. It is one of the most family-friendly places I have ever encountered. There is also a personal touch at UNB. It is essential and critical when education is involved to be able to collaborate, have mentors and to have access to as many private sector companies as we do.

It is truly a unique experience to find a place to grow professionally, while also having everything you would want for your family.

Cybersecurity is one of the most important issues of our time. If you are a small or medium business, cybersecurity should be more top of mind. We can help you develop your Marketing and Communications strategy to handle communications around a breach. We can train you and your team to be media ready. Be Prepared! Be Trained! Have a TaylorMade Solution – Contact us today.

Editor’s Note: This is a post that I originally wrote for Invest NB’s Blog and has since be reposted to Opportunities NB’s Blog.

New Year: Time to Audit Your Online Presence!

Personal Branding

I always think that people should take a good long look at their online presence twice a year. For many people, however this is a lot of work. So, I really recommend that people audit their online presence at least in the New Year. It’s the perfect time to have new perspective. And now that we are a few weeks in, you are focused!

Some people might roll their eyes when I mention personal branding here, but that’s o.k. Whether people like it or not, they have a personal brand. Managing your online presence is an important component of owning and managing ‘your’ brand. A cornerstone in branding is ensuring consistency in all channels. That applies to your personal information. And, with cybercrime only on the increase, managing your information has never been more important.

Here are 5 things to help you do just that: (Not in order of importance)

social media

1. Take an Inventory

Over the course of a year, we end up signing up for a lot of different things. Sometimes it is email updates and other times it is for newer social apps such as SnapChat. If you haven’t been keeping track, it is time to start an inventory. Make use of either a spreadsheet or keep track in an application like Evernote. I wouldn’t recommend you keep your various passwords in anything but a very secure password keeper, however! Please forgo the spreadsheet OR Evernote for that.

When you have this comprehensive list you can review and determine if you have actually been leveraging all of these tools. If you haven’t, it might be time to opt-out or deactivate some.

Pros for doing this: By keeping an inventory, you know just where your information is and for what purpose. As roles change and careers progress, you may not want to have certain assets as you go forward. Additionally, you will ensure that your professional image is consistent across platforms.

Cons: This can be time consuming if you haven’t kept track and you may not find them all. There are of course apps that help you do this, but in my experience you have to “sign-up” for them as well and most are “not secure” sites. As a result, you could be further compromising yourself. So, while it is hard work up front, it pays off very quickly. 

2. Review your Avatars

When is the last time you updated your photo? Last year? Five years ago? Or, hopefully you don’t still have the “egg”. Regardless of what image you use, ask yourself, what professional imagine do you want to convey? What is your line of work? What message do you want to send? Your picture should reflect this.

Pros for doing this: Having an up-to-date and professional photo that portrays your profession, can only be a positive.

Cons: It does require keeping your photo up-to-date on all channels and if you use a lot of different social profiles, it can be timing consuming. However, this is another reason to edit out just how many you have.

3.  Contact Information

Have you changed companies? Perhaps you have consolidated some of your contact information? More and more people are doing this, but neglecting to update their social information to match your current information is less than desirable. The result? Outdated contact information for you. Again, think about what this says about your brand. If people are trying to contact you, this is not the best impression.

Pros for doing this: Keeping updated information, contact information in particular, means that you are reachable. If you are in business for yourself or in sales, having the “right” contact information is critical.

Cons: I really can’t think of any.

4. Automation

Despite being 2017, people still revert back to tactics of the 90’s or even the 2000’s. What do I mean by this? Well, for some we believe that we should only broadcast information. There is no social interaction with those whom we are connecting with. This is not the purpose or intention of social media. So, for those who focus on having automated social messages, such as on Twitter thanking people or telling them to connect on Facebook or LinkedIn, please rethink that. This is not a numbers game. In business you NEED interaction and specifically ACTION! Numbers alone don’t create action. Relationships create action. So, communicating and interacting with the people who follow you  and you follow, matters. In fact, it matters a lot!

Pros for doing this: Far too many people focus on numbers versus relationships. Creating relationships will set you apart from others. Dump the automation and focus on relationships.

Cons: I am not going to beat around the bush here. Doing this properly takes planning and orchid.

5. Security

This is probably the most important rethink for your social media. What information are you sharing? It’s important to remember that there is a fine line between sharing professional information and sharing information that can compromise your personal/online security.

Sharing birthdays and martial status on sites such as LinkedIn is not necessary and I would recommend that you just don’t do it. Think about each channel you are on. What is really relevant and right for your brand. Just because there is a ‘placeholder’ for something doesn’t mean you need to use it.

Passwords are also extremely important. Of course there is the debate about how often you should change your password. My rule of thumb for passwords is to change them on sites when I learn of a compromise. I also recommend having a longer and more complicated password with special characters and numbers.

Of course these are some of my top hits. I will explore others in a later post.

Want to learn more about social media audits, an integrated marketing strategy? Be Trained! Be Prepared! Have a TaylorMade Solution!

12 Great Cybersecurity Resources To Help Protect Your Business

Did you know that cyber-attack fallout could cost the global economy $3 trillion by 2020? With cybersecurity a huge focus for Opportunities NB (ONB) and the province of New Brunswick, we decided to curate a list of cybersecurity resources we think you can leverage to help protect yourself and your business. You don’t want to be the next C-Suite executive to lose their job over security blunders.

screen-shot-2017-01-10-at-1-38-15-pm

Image: Owned by Heather-Anne MacLean

Before we get into our own curated resources, Dr. Natalia Stakhanova, the NB Innovation Research Chair in Cybersecurity and Sandy Bird, IBM Fellow and CTO of IBM Security Systems Division, offered their top picks to bookmark:

cybersecurity

DR. STAKHANOVA’S CYBERSECURITY BLOG PICKS:

1. KrebsonSecurity – Brian Krebs worked as a reporter for The Washington Post, and has authored more than 1,300 blog posts for the Security Fix blog as well as hundreds of stories for WashingtonPost.com.

2. Schneier on Security – Bruce Schneier is an internationally renowned security technologist, and has been called a “security guru” by The Economist.

SANDY BIRD’S CYBERSECURITY BLOG PICKS:

3. Security Intelligence – Brought to you by IBM, this site brings together a number of information security professionals sharing a variety of up-to-date posts.

screen-shot-2017-01-10-at-1-40-55-pm

Sandy Bird, IBM

4. Dark Reading – This Information Week resource is a news site full of commentary and security news.

ASSORTED CYBERSECURITY RESOURCES:

5. Naked Security – Naked Security is Sophos’ award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.

6. Dr. Eric Cole’s Blog – Dr. Cole is a leading computer security expert with over 20 years of experience.

7. ThreatPost – Threatpost “aggregates content from existing online sources and combines this with unique viewpoints to generate a broader public discourse on timely IT security issues.”

8. Security Watch – Brian Honan is recognized internationally as an expert in the field of information security and has worked with numerous partners in both the private sector and public sectors in Ireland, the United Kingdom, and elsewhere in Europe.

9. IT Security Guru – A great blog publishing daily breaking news and interviews with thought leaders in IT security.

10. Cyberark Blog – Cyberark is a security company that “proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise.”

11. Wired’s Threat Level – Wired is a well-established digital destination and its Threat Level category is full of great cybersecurity content.

12. Dan Kaminsky’s Blog – Dan is Founder and Chief Scientist at White Ops.

Want to learn more about MarCom for cybersecurity? Be Prepared! Be Trained! Have a TaylorMade Solution.

 

Note: This post previously appeared on ONB’s Blog.

Warning: 63% of Small/Medium Enterprises are Targeted by Cyber Criminals – Are YOU Ready?

For many small/medium enterprises there is a belief that cybercrime is not really an issue. Cyberattacks and cyber criminals are only interested in the big guys. Not so. In 2015 alone, Symantec reported that 63% of spear-phishing attacks were focused on small/medium enterprises. Are you prepared to handle the communications onslaught that can come with an attack?

screen-shot-2017-01-04-at-11-05-36-am

Source: Symantec

  Being Prepared

According to Ernst and Young’s annual global information security survey for 2016, only 42% of respondents stated that they have a communications strategy or plan in place to address a “significant” attack. While “significant” isn’t defined, an attack could impact your business in several ways. Some of the most obvious are:

  1. Systems and hardware are rendered useless after ransomware being initiated;
  2. Viruses being unknowingly delivered to your supply chain and/or customers;
  3. The potential embarrassment of clients, media, etc. being the ones to inform you that you have an issue; and
  4. Customers losing faith and taking their business elsewhere.

These are just some examples of what “could” happen. On top of these, add the fact that you could incur legal costs, IT costs and lost productivity, etc.

But How & When Will You Communicate?

How and when you will communicate is as important as what you say and to whom. Each scenario can involve a different set of communication plans. Additionally, ensuring that you have a proper distribution list is critical as well as having the right channel to deliver your message. If your systems have been compromised and you can’t use email, do you have a plan?

Here are some things to consider:

  1. How will you communicate with your employees?
  2. If you have advisors or shareholders, how will you communicate with them?
  3. Do you know when and when not to communicate?
  4. If your supply chain has been compromised, how will you communicate with them?
  5. What do you need to tell your customers with respect to their data? Do you have a plan in place to share with them  what steps you have taken to mitigate the issue and to further protect them? If not, what do you recommend they do and when?
  6. Do you have backup contact lists and relationship priorities established to ensure the right people are contacted at the right times?
  7. Do you have messaging ready should the media call or show up at your office?
  8. Do you have people trained and ready to speak to the media?
  9. Do you have a backup plan for your website if it is taken over?

A solid communications strategy will include information and plans to address all of these factors.

If you would like to explore options to have a plan of action, contact us.

We specialize in communication plans and deployment tactics.