Hundreds of Thousands of Good Paying Jobs! Are you in?

Does this headline seem like a sales pitch that is too good to be true? You might think so, but it is not. The fact is each day organizations – small, medium, large, for profit, not-for-profit, etc. are in need for cybersecurity professionals. As October is cybersecurity awareness month, I wanted to highlight the opportunities that lay before us in both the short-term and long-term.

Putting Things into Perspective

To do so, let’s take a step back and look around your environment.

• If you are at home, you likely have a multitude of devices that are connected to the internet – TVs, computers/tablets, watches, refrigerators, vacuum cleaners, washers and dryers, your home security system and now even lawnmowers and so much more.
• If you are in the workplace, you are surrounded by even more connected devices – computers, projectors, printers, Smart Monitors, Smart Boards, toasters, refrigerators, etc.
• And, if you are in neither place, there is still an excellent chance that you are connected whether it is via your car, an airplane, your pacemaker, your Fitbit, an aquarium thermometer in a restaurant or other public venue, security cameras collecting data about you…etc.

By now you get the picture.

Nearly every electronic device is either connected to the internet, or can be connected. From our entertainment, banking, shopping, weather checking, home security, communicating with friends and family on social media, nearly everything we do, is done online.

Being Connected Means More People are Needed

“The more we become connected, the more important it is to ensure that we are operating with security and privacy by design principles. Additionally, because we are operating online, we need more professionals who can protect our critical infrastructure – electricity, telecommunications, and our food and water supply!

 In fact, it is estimated that by 2022, more than 1.8 million cybersecurity professionals will be needed globally. In Canada, ICTC estimates that we will need more than 100,000 cybersecurity professionals. As far as I can see, these numbers will continue to climb. This presents a significant opportunity for not only our youth, but also people who are under employed or those looking to be reskilled and/or upskilled.

Fostering the Talent Pipeline – Focused on Results

My focus is just that: Cybersecurity Skills and Workforce Development – developing a talent pipeline for our short-term, mid-term and long-term needs. It’s an exciting time to be collaborating with industry, academia and government and I must say that our ecosystem is both vibrant and engaged. We are working together to achieve results. When everyone is rowing in the same direction and communicating together, great results happen.

In just two short years we have had significant gains:

• First and foremost, it is the collaborative nature that has developed here in New Brunswick. When you have competitors working side by side to make things happen, you know something special is occurring.
• In our Youth Development strategy, we have worked with our education partners to have curricula changes and gains from grades six through 12. Additionally, we have become the national leader in the CyberTitan  Program. Three years ago, we had seven teams. Last year we had 48 teams that represented 54% of the teams nationally. This year? Well, this year we knocked it out of the park with 126 teams of the 196 teams nationally. We also have 60 of the 65 middle school teams. This my friends is our future talent pipeline!
• In our mid-term strategy, we have worked with all of our post-secondary institutions to not only add new program offerings for cybersecurity, but the offerings are compliant with the NICE Framework. This is significant in and of itself as we continue to expand our circle of collaboration with the United States, Australia and the United Kingdom.
• Finally, in our short-term strategy, our private-sector partners have created new professional development opportunities for their own resources as well as training opportunities for those in our ecosystem and abroad. Again, these offerings are all compliant with NICE.

Of course, this is a high-level view of many activities that are taking place to grow out talent pipeline and I would be remiss if I didn’t mention that focusing only on coding is only part of the solution. The solution also includes a multidisciplinary approach as we need criminologist, sociologists, psychologists, teachers, lawyers, etc. After all, we are not a linear world and there are plenty of opportunities to go around. And as a University Professor, I can say that I get completely excited when I see my students see the vast opportunities that lay before them!

As someone working in the ecosystem, being a part of something with real collaboration and with real results, is rewarding!

Want to collaborate? Let’s connect.

 

 

 

 

Book Review: The President is Missing

I don’t normally do a book review on a piece of fiction on this blog, however, I am making an exception this time as there is a definite connection to cybersecurity, privacy and trust.

I picked up this book as I needed a book for my vacation. I had originally picked up The Woman in Cabin 10. It was a really good read, not cybersecurity related, and I blew threw it much quicker than I thought, but I digress.

When I picked up The President is Missing, I have to confess that I wasn’t sure what to expect. My first experience with a book by Clinton was My Life. It wasn’t a positive experience. I couldn’t finish it. I think it is the first book ever that I just could not finish. While Clinton is a very intelligent person, I just can’t imagine that someone can recall that level of detail of their lives, including what one wore on what day when a child. The detail was incredible and made it overwhelming and unbelievable, but again I digress.

I decided to buy the book because of James Patterson. He has an impressive pedigree and a great writing style.

So, the review? What did I think?

Well, I was pleasantly surprised. First because it was about cybersecurity and secondly, if you are a fan of Dan Brown, it has a similar feel, without the very clear formulaic approach. I have read all of Brown’s books and have enjoyed them, the last one, somewhat less. In fact, Origin felt was so predictable and obvious I have absolutely forgotten what the book was even about. I had to look up the name to reference it here.

The President is Missing has a good storyline and I am hoping that people who read it might have an increased awareness of what can happen to an entire country’s critical infrastructure – water supply, water quality, ecommerce, banking systems, electricity grid and military response and capabilities should a cyberattack happen. The authors do a really good job of describing just what could happen so that the lay person would get it. At the same time, I am hoping that people knowing that this is a piece of fiction won’t think that the impact or ramifications of a cyberattack are also fiction, because it is not.

The details about the workings of the White House, the US government and the Secret Service, etc. were well done. Of course, Clinton and others thanked in the book brought that reality to the book.

I also liked that there were some twists and turns and with most whodunits I tend to get a good idea of the main protagonist very early on because I like them, read them and watch them in movies a lot. In The President is Missing, I did began to wonder, but it did take a little longer, which is a good thing.

So, in the end, I do recommend this book as an entertaining and interesting read. And my hope is that people will get some insight on the ramifications of a cyberattack on our critical infrastructure and give people more of the desire to support our elected officials in making decisions supporting the protection of our critical infrastructure against attacks.

Want to talk more about cybersecurity or cybercrime impacts your business, reach out to us. We would love to work with you.

Data Privacy, Breaches and the Impact on Your Bottom Line

Why Boards of Directors Are Losing Sleep Over Data Breaches

 

Like many news stories, we become numb to the constant barrage of data breaches and begin to think that it is both normal and acceptable. In fact, just last month it was revealed that thousands of patient records were held for ransom in Ontario home care data breach in Canada. Similarly, data breaches in the healthcare sector continue to plague the United States. 

Sidebar: In the Ontario case, the breach was announced in June 2018; however, the full extent of the situation is only coming to light recently because of the group claiming responsibility, reached out to CBC. In addition, some of the victims claim they have not yet been notified.

If you are business owner or a member of a board of directors, news reports of this nature are likely causing you to lose sleep. And, if they don’t, they should. Data privacy, breaches and the impact on the business’ bottom line should be top of mind. Protecting, or not protecting, the personal data of your customers/clients and/or employees is serious business. It could cost you thousands, millions or even result ceasing operations. Regardless, as a business owner or a board member, the fiduciary duty may be more than you are aware of. Data or security breaches should never be thought of as normal and a course of business operations. More than ever board members need to demand that the proper investment and human resources are allotted to protecting the organization’s data. It is also no longer acceptable to not have awareness and increase your knowledge about data protection and cybersecurity risk management.

If you are a consumer, you should never accept that data breaches are normal. You should also never accept that your privacy is a thing of the past. Data is valuable. Your data is extremely valuable to you and your piece of mind. You own your data.

Increasingly privacy laws are being strengthened and for good reason. As consumers we have a right to protect our personal information. And, if this information isn’t adequately protected by businesses or organizations, then they should be liable for this breach and the ramifications for those who data they hold.

The good news is that many business leaders know and understand that data breaches and privacy do matter. They matter to boards of directors because they do have significant financial ramifications. For example, with the General Data Protection Regulation now enforceable it means significant fines for anyone doing business in Europe. In fact, the research is clear. More and more Boards are considering the critical importance of IT oversight and cybersecurity. According to Price Waterhouse Coopers (PWC) “less than one-fifth of directors are satisfied with the current levels of expertise on their boards. Only 19 percent say they have enough IT/digital expertise and don’t need more, and only 16 percent say the same about cybersecurity.”

So, what does this all mean? It means dollars. It means thousands, hundreds of thousands and possibly millions of dollars in fines and penalties. Some organizations are still playing Russian Roulette in the sense that will gamble with the fines at the time that an incident occurs. An interesting approach for a one-time event. However, the gamble may not pay off when board members are held accountable too. Or, if customers and investors walk away. Additionally, the probability that it is a one-time event is both naïve and short-sighted.

The risk of a data breach increases daily and the time to act is now. The time for consumers and investors to hold the feet of executive teams and boards of directors is now.

Want to talk more about privacy, communications and board governance? Connect with us.

BOOK REVIEW: Have You Been Hacked Yet?

There is no shortage of books on the market about cybersecurity. Some detail cyberattacks. Some detail the history of cybersecurity or cyber warfare. And of course, there are more and more books emerging on how to protect yourself online.

This latest book review is on Have You Been Hacked Yet? By Dr. Natalia Stakhanova.  Dr. Stakhanova is by no means a slouch when it comes to cybersecurity. In addition to being an Assistant Professor at the University of New Brunswick, which has a stellar and robust history in cybersecurity, Dr. Stakhanova is the New Brunswick Innovation Research Chair in Cyber Security. In her spare time she is also the co-founder and CEO of CyberLaunch Academy, an initiative focused on promoting science and technology for children.

From the book’s synopsis:

“….this book gives a gentle introduction into the practical aspects of your daily security. It introduces the most common risks associated with the daily use of modern computing technology. Building on that, the book articulates the importance of, and demonstrates the use of, various types of defence strategies to protect you as a user.”

And now the review:

From first glance at the Table of Contents, I feel that most people would not be intimidated by reading this book. For the most part, the language is straightforward. It covers all the things that one would want to learn about in order to help protect their families and themselves.

When getting into the content, Dr. Stakhanova explains things clearly and easily. I particularly like that she covers off just how easy it is for someone to fall victim to cybercrime. She makes it easy to understand that these criminals play on our emotions, our concern for others and our need to help to scam us. So many people are embarrassed to admit that they have fallen victim that we often don’t have a true picture of just how many people have been scammed.

One of my favourite chapters has got to be Chapter 2. Dr. Stakhanova explains what our digital valuables are and why we should protect them. It is a very common sense perspective, but we often don’t take the time to stop and think about it this way.

I also appreciate the time she has taken to focus on social engineering. I know far too many people who have succumbed to social engineering and/or those who fail to see the concerns around how much information they are sharing online. I hope that this helps change behaviour.

There is, of course, lots of other good information in the book. It is the first edition and I know that Dr. Stakhanova will be making some edits to update some information and fix a few “bugs” shall we say.

So, who is this book for? It is definitely a book for those who know they should be more careful but don’t know what they should be doing about it. It’s a book for those who want to better understand how to protect and educate their children. It’s a great resource for consumers that want to learn how to be “safe” or “safer” online. There are two people in my life that I will be giving this book to immediately.

Want to talk more about cybersecurity, privacy and how you can be protected? Connect with us.

Six Things to Do When Your Bank Has Been Hacked

Each day we hear about different companies that have experienced a hack or data breach. Somehow however, when we learn it is was bank that was hacked, it is quite different. Many more of us become very concerned for our privacy and more importantly, we become extremely concerned about our financial security. Rightly so. Our entire lives are now digital and at risk.

While we can’t turn back the clock and we can certainly hope that we won’t get a notification from our bank that we were one of the victims. We want to be one of those who weren’t impacted. If however, we are not so lucky there are some steps that can be taken to lessen the impact. Here are six things you can do immediately when your bank has been hacked:

1. Update all passwords and security questions.
2. Don’t use the same password for multiple accounts.
3. If you use a password manager, maybe consider not using it for your banking. Keep your banking passwords separate and distinct.
4. Be diligent in checking your online statements – both credit cards and banking and immediately report abnormalities to your provider.
5. When monitoring your accounts, don’t just look for large purchase that you don’t recognize. Look for any abnormality. You could have a serious of purchases under $20.
6. Monitor your credit rating. If your bank was breached, ask for credit monitoring and protection.

These are just six things that you can do immediately. If you are still worried about your privacy, contact us for more detail on how you can implement other privacy measures.

Six Tips for Consumers to Avoid Becoming a Victim of Cybercrime

I believe that information is power. I know that every person that uses the internet could become a victim of cybercrime. Cybercriminals are becoming much, much better at duping us and getting us to willingly give up our credit card numbers. So, as I started out with, knowledge is power and I want to offer up the following six tips to avoid becoming a victim of cybercrime.

But before I give the tips, let me give an overview of what some of us are being victimized by. And, I want to stress that if you have been a victim, you are not alone. In fact, according to the 2017 Norton Cyber Security Insights Report, 10 million Canadians were affected by cybercrime last year. And the cost of this cybercrime? $1.8 billion Canadian dollars…this is not small change be any means.

So, how were criminals able to get this amount of money from people? Here are a few ways:

1. Fake tech support via computer pop-ups:

Consumers accessing insecure sites often get pop-ups that tell you that you have a virus, that your computer has been compromised, or even that you have committed some fraudulent activity.  Of course you have not, but these criminals are playing on your fear, emotion and the hopes that you don’t have the technical savvy to realize this is a scam.

So, how can you tell that the site is not secure? One way is to look at the url or web address.

You need to see the secure lock as you see on our website. This is a SECURE site:

 

 

This is an insecure site:

  

2. Fake Tech support via phone calls:

If you have been an unfortunate victim of a pop-up scam, and gave your credit card, and/or control of your computer over to the scammers, they could wait a few months and then call pretending to be someone from Microsoft, Google, Norton, ….or any vendor really.  Your information my have been released on the Dark Web too, which makes you an interesting target for criminals. The callers will indicate that there is suspicious behaviour with your computer and they can help you fix it.

The fact is that vendors cannot legally see anything that is happening with your computer. If someone is claiming that they can see what is going in with your computer, either they are lying or they have some sort illegal access…or they are a member of the CIA, FBI, CSIS, MI5 or some other spy agency.

So, if you don’t think a member of a spy agency is watching you…it’s a scam. Hang up. Don’t ever, ever, ever give control of your computer over to a caller. Don’t ever, ever, ever give any credit card information to someone claiming they can fix your computer who has called YOU (or if there is a popup on your computer).

3. Fake Credit Card Breach:

If someone calls claiming to be from your credit card company stating the your card has been used inappropriately, never give any information. The scam is that they will ask for your birthdate, your card number and some other details, maybe even your PIN or the SVC on the back of the card. Never. I repeat. Never give this information. Instead hangup and call the number YOU have for your credit card company and ask to validate a call that just came in. Don’t call the number that the potential scammer gave you. That’s how they get you.

So, what can you do? Here are Six simple tips:

1. Don’t fall for computer pop-ups. If they appear, either get off the site, or disconnect from internet or shut down your computer or all of these options… Always look and use secure sites. Look for the https: and the lock symbol as shown above.
2. If you get a call from someone claiming to be tech support, hang-up.
3. Never give access to someone to remotely control your computer..NEVER.
4. Never give your credit card information to someone who claims to be helping you.
5. Remember that vendors, be it Microsoft, Norton, your service provider, etc. cannot see that something “suspicious” is happening with your computer. If someone claims that, they are lying to you.
6. Keep your antivirus software updated, but don’t think that will protect you from everything. You need to be vigilant and follow 1-5 above.

But what happens if one of this very clever scammers succeeds… and by the way, you would not be alone. Remember that approximately 10 million Canadians were victim to cybercrime in 2017. Here are some things you must do:

1. Contact your bank or credit card company immediately, if you gave your information, to advise them of what has happened.
2. Never call the “company” again. Doing so tips them off and thwarts police investigation.
3. Report the scam to your local police.
4. If you gave access to your computer, ALWAYS take your computer to a professional who can clean your computer and remove viruses, malware and/or other software installed by the criminal. Not doing so could mean that the criminal installed malicious software that can record your keystrokes to get your sensitive information, or could be a virus or something else that will harm you and your data.

Being on line is no different than protecting yourself in your home. You lock the doors and you don’t let strangers in. Do the same for your online safety.

Want to know more? Contact us for more details.

Are Communication Failures Lessening the Impact of Cybercriminals?

Not a day goes by where we don’t hear of some hack or another where cybercriminals are making a killing. Despite this however, there are a couple of things that appear to be happening:

1. The average person, consumer or even worker is not connecting the dots to either realize that they are at risk, or that their actions are the risk and the entry point for these cybercriminals. 

1. Organizations, for profit or not-for-profit, are not heeding the simple warnings to carry out simple tasks such as patching, but they aren’t also being held accountable for the compromise of personal data breaches.

The lack of accountability is very significant and we as consumers need to hold their feet to the fire and require that regulations, laws and enforcement occur.

So, why is this? I think that there are a few reasons that the message for action and taking precautions are not getting through. They include:

1. We continue to use language that people don’t understand. This definitely tops my list. I see it when I speak to business people all of the time. I talk about cybersecurity issues or risks and they just don’t get it. One of the first comments is: we outsource our IT. Or, we operate in the Cloud, so it’s not an issue.

These comments definitely demonstrate that they are only seeing cybersecurity as an IT or networking issue. It’s much more than that and we need to educate our front line defence! Our human resources! And to arm them properly, we need to find a common language that people understand, not just the people in the “biz.”

Rather than refer to cybersecurity breaches, we need to help people see the criminal aspect of what is happening and that there are some easy steps to take to help protect each of us from them. For example, how many people lock their homes when the leave? Heck, how many of us keep the doors locked all of the time? It’s a matter of personal protection. Protecting our families and protecting our property. We now need to think about online safety in the same way. We need to lock the doors (our computers and internet access from criminals) and ensure that ensure that our windows are also closed and locked. If by chance a lock doesn’t quite work like it used to (continuously update our versus protection and software patches), we replace it immediately.

      2. When we do talk about cybercrime, we paint the picture of the villain in a hoodie in a dark basement. This is an old and outdated picture. Reality is, cybercriminals are often the people you least expect and can quite frankly be anywhere in the world, including next door, or in another country on the other side of the world. The point is, they aren’t likely lurking in a basement, but rather in comfortable quarters living off the ill gotten gains of people who might just be a little too trusting. Maybe you, maybe your neighbour, maybe a family member.

So, what is the solution?

In my opinion we need to go back to basics. Communications 101 actually. Who is our audience? What are we trying to tell them in order to get them to change behaviours? What language should we be using so that they understand? In other words, stop with the tech talk or cybersecurity industry talk. Speak to them in their language. And finally, where are they consuming information so that we can reach them?

These are simple steps that we can do. We just need to do them.

Do you have other ideas? We would love to know.

Do you need help implementing your internal Comms Plan or even developing a Privacy Breach Plan? If so, let us know.

Three Reasons To Stop Using Auto Direct Messages

Have you ever followed someone on Twitter and shortly after received a direct message thanking you for following? Of course you have. The real question is however, what was the content in that message? Was it a nice personal and specific message to you? Or, was it an “auto direct message” with some obvious attempt to sell you something and very generic? Something like: “Thanks for following. Check out my book or product. Or, follow me here (as in Facebook or Linked)”. If it was the latter, you are not alone. It’s really easy to set up those auto direct messages. However, is it really what you want to be doing? No! It is not in my humble opinion. In fact, it’s long overdue to to stop using auto direct messages.

More than a decade into social media and people still want the easy way out when building an audience or selling a product or service. I suppose I can’t blame them. After all, it is a busy world and using multiple social media, maintaining websites and using traditional marketing can be very time consuming. Like anything social media should be executed properly. This means first having a digital strategy that is part of an integrated marketing strategy and of course ties into your corporate objectives – whatever they may be. But let’s look at three reasons that you and your business should stop using auto direct messages.

1. Auto Direct Messages Don’t Make People Look Sophisticated 

Perhaps when Twitter first emerged and people used direct messages also affectionately known as DMs, it was pretty awesome to get an instant response after following someone. That time however, has come and gone. Rather than look sophisticated or super busy, you actually come across as taking short cuts. One of the original intentions of Twitter was to foster engagement. To build relationships with people that you couldn’t otherwise connect with in person. Additionally, if you are a loyal customer and love a certain brand, it was a way to connect and build a relationship.

2. You are Likely Spamming People and Breaking Anti-Spam Laws

Around the world laws for privacy and digital communications are changing.These laws often don’t only apply to a person or entity in the country in they live and/or operate a business in, but they cross geographic borders and digital boundaries. For example, the Canadian Anti-Spam Legislation, also known as CASL has specific laws government social media communications. The General Data Protection Regulation (GDPR) which covers Europe also has very specific rules for #privacy and while it has been in effect for a few years now, come May 25, 2018, full enforcement and penalties come into affect. This law is not just for Europeans, but for ANY business with customers IN Europe.

3. It’s Not All About You

Let’s think about our followers as more than just a number or someone that you can push your wares on. Instead, it’s about relationships. And, while some people still don’t believe that social media is about relationships, there are many more of us that believe that you can’t and shouldn’t use social media like we used old school print media. We need to build trust with our audience. We need to be authentic. When I follow someone and there response is thanks, buy this from me or add to my follower count on this other channel, it screams disingenuous  intentions to me. It is the same thing as someone introducing him or herself to you at a party. They barely get a hello my name is X and you are already selling them “something” they may or may not need or want. The rule of thumb in any business is to form a relationship. An auto DM is not even close to doing that.

There are many other reasons not to do auto DMs and I would like to hear your reasons.

As a small business it’s not always easy to navigate the social media strategy needed. If you need assistance, we can help – keeping in mind #privacy legislation. Reach out! We are here to help.

SEO and Inbound Marketing in Construction Industry

[Editor’s Note: This is a guest post by two St. Thomas University Students: Alexandra Swift and Allison Bruder. It was completed as part of a course assignment in the fall of 2017]

In this interview with ThermaRay’s president Kevin Kilbride, we explored the topics of inbound marketing, search engine optimization and global marketing. ThermaRay was founded in 1985, and since then has been providing sustainable heating solutions with a wide range of electric radiant systems, including our radiant ceiling, architectural series, floor warming, underfloor warming and earth thermal storage products. The topic of this interview was inbound marketing, and ThermaRay’s use of this tactic in marketing both in Canada and globally.

Mr. Kilbride explained that ThermaRay is not fully focused on inbound marketing because they haven’t been able to find a vehicle that will drive potential customers to their website the way they would like based on their industry. The problem with their online search catalogue was that if you don’t know what you’re looking for, how are you supposed to search it and go find it? In this question and answer, Mr. Kilbride explained his company’s use of SEO and other inbound marketing strategies specific to ThermaRay.

What forms of social media does your company use?

We have a LinkedIn page, Facebook page a web site of course and I have a Twitter account. The website is the real focus for us. We also occasionally use YouTube to direct people for project installations. There are also a number of search engines, that are used as a resource. As well as online courses that are used to offer courses internationally.

What form of social media do you find the most effective?

Our website by far is the most effective. We use YouTube to direct people to see the odd project installation but that’s it. There are other forms of social media when you are in the business-to-business sector – online searchable catalogues, on-line courses that have been the most effective for us. Our website is the most effective because when people need the services we offer, such as homeowners, they often just google what they need and find us.

What steps do you take prior to sending out messages for marketing?

We tailor the message according to the audience. So an email blast to architects will be based more on the design aspects than say to an engineer who wants to know how it was installed and what problem did it solve for him. A potential problem that comes along with sending out messages is the area of spam email. You can buy databases but with junk folder filters and in Canada at least, spam being illegal it is very difficult to do email blasts. The way we can do it is via our presentations. Attendees on-line or face-to-face have to sign in and that gives us permission to send them emails, newsletters etc… until they unsubscribe. Yet I still hear from organizations willing to sell us a database of targeted individuals. Assuming it’s legal in the use to “spam” most people don’t like it and you’ll end up with a negative view of your company. This makes for a strong case to have an inbound marketing program.

What channels do you find most effective?

Website SEO works well for us. We rank in the first page in Canada in the US by using keywords that the industry is using in search engines.

What is your primary audience?

We have several audiences. In the construction industry, we work with architects but we also have to work with their mechanical engineers who are responsible for the heating, ventilation and air conditioning. So even though we sell the idea to the architect, we have to sell it to the engineer because he can squash the use of our product. In the residential side, we sell primarily to the homeowner but again the builder and electrical contractor are influencers so we have to be sure they are on board as well.

You mentioned that your company is not as focused on inbound marketing, why is that?

Other than SEO, we have yet to find a vehicle that will drive potential customers to our site. The problem we discovered though using an online searchable catalogue is that if you don’t know what you’re looking for, how do you know to go look for it? So if you need doors or windows, that’s an easy find. But how do you know when you should be using a radiant heating system instead of a conventional heating system? There is an education component here. So as well listed one maybe on some of these type of searchable product lists, you have to know what it is you’re looking for. When someone does, they tend to use Google and that’s how we get found out.

ThermaRay is a company based out of New Brunswick, but has expanded worldwide. How did you reach such a large consumer base from this small province?

We’re still a pretty small player, but that gives us an advantage. We are more nimble, more responsive to clients. We’ve had some success with local dealers promoting our products and we get the odd international customer looking for what we have. We have also worked with Opportunities New Brunswick to help grow our market.

What do you believe is the number one-way people hear about your company?

There’s no #1 method. We use SEO, we have an online course that is recognized by the American Institute of Architects so that gives us some credibility, we then do presentations to groups of architects and engineers and some plain old face-to-face selling.

ThermaRay has been involved in a few trade shows, how do you think these have helped your company’s marketing? And what do you think would be more effective?

There are consumer trade shows but there are also business trade shows. There are local ones and national ones. However, not every show has the same caliber so they are not all as effective, they tend to be very specific. In regards to trade shows, there is some give and take, it depends on the show and the product you have. I will generally not do a trade show unless I have interest in the local market. The problem with trade shows is that they are very expensive and you have limited time to talk to someone, so with a simple product it is more effective, but when your product is specific, you do not always get the chance to have a deeper conversation with a potential customer. Instead of a trade show, some larger companies have started hosting small events for their customers with drinks and food, these provide a more relaxing setting and allows for more time to connect and explain things.

Have you ever used Google Analytics to track your company’s search engine traffic? What do you do with this information?

Yes, we use them quite a bit. We overhauled our website earlier this year and we noticed a drop so we’re going to focus more on tweaking the word search on the site. We also use the analytics to find out what words people are using for their searches. Just because we call our product x, it may go by a different name by the general public. So for example, we have a floor warming system but the bulk of people call it floor heating so we want to know that.

[Editor’s Note. We thank Alexandra and Allison for the work they did and contributing to our blob.

Why I Will Never Wish You Happy Birthday Again on Social Media

Not a day goes by that I don’t see friends or family celebrating their birthday. I know it is their birthday because I see both the reminders on social media – Facebook and LinkedIn – and the countless scores of people who are sending their best wishes. In fact, I used to be one of those people!

I will however, never wish you happy birthday again on social media! And here’s why:

I actually care about you. Now of course those doing the well wishing care too. Don’t get me wrong. The fact is however, that social media is the primary method that cybercriminals now use to learn about you. It’s called social engineering. And knowing what I know now, I opt to not help cybercriminals.

Some of you might be saying: “What the heck is social engineering and why do I care?”

It’s a great question. I am glad you are asking and you should definitely care. There are of course many definitions. Some formal and others not so much. For simplicity sake, social engineering is psychological manipulation of people into performing actions or divulging confidential information. In the age of social media however, manipulation might not be an issue. After all social media is meant to be sharing platforms where we can express ourselves, share information about our family, our jobs, our vacations and even what we buy or do.

For years we have been encouraged to share…maybe even overshare. Every detail of our lives can be found on our social media profiles. And while this is a great way to keep family and friends up-to-date with what we are doing, there is a dark side.

In fact, social media is now one of the best sources for criminals to obtain countless bits of information about you, your family, your employer and even your friends. They can then use this information to:

1. Spoof you and create fake social media accounts in your name and/or fill out credit applications. This of course is known as identity theft. The ramifications can range from less than desirable to very serious.
2. Send phishing email to your colleagues at work attempting to:

• get more details on your organization,
• try to secure false payments, or
• have a virus or ransomware deployed when a link and/or attachment is clicked by your trusting coworkers who think you are emailing them.

These have all been very effectively used by cybercriminals not just globally, but locally.

So, how can you protect yourself and your employer? Here are 10 simple tips:

1. Ensure your privacy and security settings are as strong as possible.
2. Review your privacy settings on a regular basis, say three times a year. Set a calendar reminder.
3. Never show your birthdate on your social media. Never.
4. Never list your martial status on your social media. Never.
5. Don’t list your family members.
6. Never accept connection requests from people you don’t actually know. This applies to LinkedIn as well.
7. Never put your home address on social media.
8. While we tend to put a lot of information about ourselves on LinkedIn, don’t put personal information on this profile.
9. When you receive an email from someone you don’t know, never click on the link or open an attachment that maybe included. This includes email from couriers, Canada post, Revenue Canada, etc. Think twice and never click.
10. When you do receive email from some you DO know, but aren’t expecting it, think twice before clicking on the link or to open the attachment. Don’t be afraid to call the person you know or send a new email ( don’t do a respond) asking if he or she sent you an email with a link and/or attachment.

These 10 simple tips will help protect you and your employer against the actions of cybercriminals. And, I do think it is our responsibility to help protect our employers. Research has shown that cybercrime is expensive and some businesses can’t recover, so doing our part is helping to protect our jobs.

We all must remain vigilant. It is an unfortunate part of using social. Like anything criminals find new ways to leverage technology to try to gain from.

If you would like to learn more, connect with us. Be Prepared! Be Trained! Have a TaylorMade Solution!