Blog / For Your Safety and Convenience – Cyber Security Countermeasures Now Become a Part of Every Tech Conversation
Nothing raises my hackles more than the term: For Your Safety and Convenience. It’s used as a pervasive excuse to get you to do something that is anything but convenient, and usually has little to do with safety: Airline boarding procedures, government forms and my favourite: Changes to traffic laws or parking restrictions. A recent example was an initiative that will see a city’s speed limit on residential streets drastically reduced “For Safety with Very Little Inconvenience.” A proponent cited that the average commute for workers would only increase by about 1 minute. If true, that’s 2 minutes per day (to and from) or 8 hours for an average work year. Notwithstanding any improvements to safety, it’s hardly a small inconvenience.
(End personal rant)
Unfortunately, the same mindset is now invading most decisions and procedures in Technology – and with good reason; the stakes are much higher. We have moved, and continue to transfer over, more of our personal and sensitive information into the digital realm. At the same time, cyber-criminals uncover more creative ways to thwart Digital Security, as the gains can be huge.
The CEO of MasterCard recently mused that a use–cash backlash is brewing, whereby consumers are reverting to cash transactions, because they don’t trust digital payment systems. There is also talk at senior government levels about nationalizing digital payment systems, no doubt for our Safety & Convenience. More likely, a chance to grab more information, control and tax dollars.
(End 2nd personal rant)
Just about any technology system we sell or service today, has Cyber Security as a vital and pro-active consideration – especially those concerned with core networking, data processing or information storage (local or Cloud.) But what does that look like?
Here are three examples from very different aspects of the Cyber Security realm:
Hardware Manufacturers – Especially workstation, laptop and server manufacturers – are increasing the integration of Cyber Security functions, at the core hardware level. Thus, for example, if a cyber criminal attacks the chip-level BIOS (the very heart of the computer brain), the top-level manufacturers have countermeasures installed to detect attacks and reduce their impact. But as these features cost money, manufacturers reserve them for their business-class systems (they rarely show-up in consumer or prosumer products.) This makes consumer grade products less suitable – even dangerous – for use in a business environment. The same rule applies to firewalls, WiFi Access Points (WAPs) and network switches; consumer grade is no longer suitable for business use.
Backups are still King – The one true guard against most Cyber Attacks continues to be solid backups that are monitored and tested. If a cyber criminal held you for ransom, you could ignore them and restore your backup. Backups used to be a simple exercise: Store everything on the server(s), then back it up to a safe location. Troubleshoot and correct errors, as required.
Now, it’s not always clear where the data is being stored. For example, Microsoft‘s Office 365 platform promises enhanced functions like online (Exchange) Email, Teams collaboration and messaging, as well as real-time file-sharing through SharePoint and OneDrive. These are great products that can increase office productivity, but the data is stored on Cloud Servers under Microsoft’s control. Microsoft promises very limited backup of this data; sometimes only a few days. The restoration process is often non-straight-forward, if you need to recover a system or file. The proper solution is to employ 3rd party utilities that will enable a locally-stored backup of the critical Office 365 data. The same dilemma holds true for other applications and systems. When did you last back-up your Smartphone – and do you even know if the backup works?
Privacy laws have teeth – and they can bite you. If you’re trying to clean up the mess from a Cyber Attack, the last thing you need is a visit from a government official who is “here to help you.” Alberta has PIPA (Personal Information Protection Act) and the feds have PIPEDA (Personal Information and Electronic Documents Act) that have strict guidelines and penalties for storing and protecting data about your business contacts, no matter who and what they represent. Client, rate-payer, vendor, staff, and patient information is all subject to one or more acts. Also, most regulatory bodies have specific rules for industries or professions they govern; municipalities have FOIP / medical practitioners have PIA. Lawyers, accountants and engineers have rules and regulations that govern Privacy.
Part of most legislation is to evaluate and track the efficacy of your IT systems, Cyber Security countermeasures and the documented Policies and Procedures your organization has in place for guarding and securing the information you store. A prime example of this is Alberta Health’s PIA (Privacy Impact Assessment), which is required for all clinics and medical practitioners in Alberta. The lengthy and detailed evaluation includes a section for identifying 3rd party IT providers and formalizing the agreement for their services and responsibilities. We’ve been asked to sign more than one agreement, but only after the clinic has made significant improvements to their IT systems, so that they meet the PIA minimum standards.
Like many other IT Providers, TRINUS is moving aggressively to increase Cyber Security offerings, so that they become omnipresent in every aspect of our business, products and services. In the coming months, we will be releasing a complete suite of Cyber Security Products & Services. From enhanced hardware and more secure device configurations, to ongoing user awareness and training, to innovative backup solutions and continuous system monitoring, to business services that include Policy and Procedure Best Practices, TRINUS will provide the technical and business expertise, so you can work with cyber secure confidence.
And I promise we won’t say it’s for your Safety & Convenience. But it will be a crucial part of the ever-changing stress-free IT landscape.