With the adoption of GDPR and the Canadian government providing regulatory support in combatting the threat of personal data protection, it’s a chance for organizations – both big and small – to create their own cybersecurity plan.

What can companies do to recognize and combat cybercrime and improve their cyber-education? Here are some tips and best practices that will help you and your company recognize cybercrime and combat the threats.

  1. Keep your team educated on cyber-awareness

Education and cyber-awareness is the best defense. Management and employees should be trained to understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Firms should also invest in cybersecurity education programs for employees to learn how to protect their computer and personal information and how to be aware of the many hacktivists and cyber-criminals that scour the Web in search of targets and vulnerabilities.

  1. Collect and analyze security logs for suspicious or abnormal activities

Your IT team should be actively conducting security investigations, regular audits, log reviews, and easy monitoring.  Any seriously suspicious behaviour or critical events must generate an alert that is collected and analyzed on a regular basis.

  1. Keep systems and applications patched and up-to-date

Hackers, along with malicious programs or viruses, find vulnerabilities in software that they exploit to access your computer, smartphone or tablet. Installing updates fixes these vulnerabilities and helps keep you secure.

  1. Use strong passwords and keep privileged accounts protected

Reduce the risk of attacks using compromised privileged account credentials. Create an inventory of accounts, applying change management policies to passwords, and store passwords securely.

  1. Ensure strong encryption

Encryption keeps you safe. As the last and strongest line of defense in a multilayered data security strategy, encryption is used to safeguard customer data and help you maintain control over it. Encrypting your information makes it unreadable to unauthorized persons, even if they break through your firewalls, infiltrate your network, get physical access to your devices, or bypass the permissions on your local machine. Encryption transforms data so that only someone with the decryption key can access it.

  1. Third Party Management

Financial institutions should work with vendors to find tools that fit their requirements without the need to hire more IT personnel. Advanced data protection solutions can help to reduce the strain placed on the IT team and the security operations centre while keeping an organization’s sensitive information safely under lock and key.

We can help!

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

Click here to read Part 1 and Part 2 of our series: Financial Services: Maintain control of your data in the face of an attack

In part one of our Financial Services series Maintain Control of your Data in the Face of an Attack, we discussed the different types of security threats you may face. In part two we will review the regulatory changes the GPDR has created for financial services firms and how the Canadian Government has responded to growing cybersecurity concerns.

General Data Protection Regulation (GDPR)

On May 25th, 2018, the GDPR came into effect providing EU residents with more control over how their personal data is used and stored. This new regulation has set the stage for companies across the globe to review their own data protection regulations.

Is the GDPR relevant for non-EU Financial Services firms?

For the financial services industry, the GDPR is very relevant to the client base. Major banks and financial services providers deal with the EU for various purposes, such as facilitating foreign direct investment, managing local investors and managing transactions between EU citizens/businesses and their counterparts. In each of these cases, the personal data of EU citizens is being collected and processed by a non-EU financial services provider

Data Breach

From a GDPR perspective, personal data breaches must be notified to the relevant supervisory authority no later than 72 hours after the data controller becomes aware of the breach. The Regulation distinguishes between the services being offered by the organization, meaning, essential services such as financial service providers must report cybersecurity breaches to the relevant authority at a national level (Article 33).

Want to understand the rules of GDPR? Click here to download our GDPR white papers.

GDPR also provides guidance on how to handle data breaches. For example, an infection by ransomware could lead to a temporary loss of accessibility if the data can even be restored from a data backup. However, a network intrusion still occurred, and notification could be required if the incident is qualified as a confidentiality breach (i.e. personal data is accessed by the attacker) and this presents a risk to the rights and freedoms of individuals.

If you’re in the process of aligning your financial services firm with the GDPR, especially in terms of data collection, storage and management, contact us for support with GDPR compliance across your systems.

Canadian National Security Concern

Recently, BMO and CIBC-owned Simplii, were both hit by a hacker who threatened to release 90,000 Canadians account information. Although the cause of the attack has not yet been released, it has raised several questions regarding server security and third-party contracts. If two of the largest banks in Canada were hit, how will small to midsized businesses stay attack free?

For this reason, the Canadian Federal Government is rolling out a new cybersecurity strategy designed to better protect the country and its citizens from the growing threat of online attacks and crime. The plan, $500 million over five years, includes a range of initiatives aimed at the public as well as businesses.

“Small and medium-sized Canadian businesses are the backbone of our economy but are also the most vulnerable.” Commented Byron Holland, president and CEO of the Canadian Internet Registration Authority. “Providing these businesses with cybersecurity strategies and resources is essential to holding back the tide of cyber threats.”

We can help!

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

Sources include:

http://business.financialpost.com/news/fp-street/cibcs-simplii-says-fraudsters-may-have-accessed-data-of-40000-client
https://www.theglobeandmail.com/canada/video-ralph-goodale-outlines-goals-of-new-cybersecurity-strategy/
https://www.theglobeandmail.com/politics/article-federal-government-rolls-out-new-cybersecurity-strategy-to-protect/?cmpid=rss
https://betakit.com/canadian-government-releases-details-of-cybersecurity-strategy/

The financial services industry is a routine target for cybercriminals, more so than any other industry. From ransomware to phishing attacks, the first half of 2018 has seen a surge in cybersecurity activity with a significant breach in two of the largest Canadian banks. Cyberattacks may be unavoidable but, in an industry as crucial as financial services, firms must constantly be improving security efforts and ensure employees are armed with the best solutions to instantly respond in the event of the breach before important information is lost.

In part one of this series, we will discuss the different types of security threats you may face.  In part two, we’ll review the compliance and regulatory issues you may face when dealing with cybersecurity. Finally, in part three, we will learn the six steps to avoid cybersecurity risks.

What Are the Most Common IT Security Threats?

  1. Ransomware – Hackers sneak into computers and restrict the access to your system and files. Then they ask for a payment in exchange for regaining access to your system.
  2. Malware Infections – This is the common name given to several security threats that infiltrate and damage your computer.
  3. Pharming – Its objective is to convince you to visit a malicious and illegitimate website by redirecting the legitimate URL.
  4. Phishing – It consists of fake emails or messages that look exactly like emails from legitimate companies. You are deluded into thinking it’s the legitimate company and you may enter your personal and financial information.
  5. Computer Worm – A worm works on its own, lives in your computer, and propagates by sending itself to other computers.
  6. Spam – Spam occurs when you receive several unsolicited emails that will phish for your information by tricking you into following links.
  7. Distributed Denial-of-Service Attack – The attack strategy is to contact a specific website or server over and over again. It increases the volume of traffic and shuts down the website/server. The malicious user usually uses a network of zombie computers.
  8. Network of Zombie Computers – The malicious user takes control of several computers and controls them remotely.

Want to learn how to stop Ransomware and Malware Infections?
Learn how in our blogs.

Let Storagepipe help: 

In the financial services industry, downtime can be detrimental to your reputation and businesses operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup and recovery, disaster recoverycompliance, security and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

When I was a young boy, I saw a sign on our street that said “free puppies”, with an adorable picture. Excited, I went to see my father and said “daddy daddy”, the puppies are free. Can I have one, pleeeeas?

My father reminded me that a puppy is a lot of responsibility. It’s not the cost of the puppy that matters. I also have to factor in things like food, vet bills, and the time and effort I would spend raising this pet.

This reminds me a lot of the current trend towards the commoditization of IT.

At an accelerating pace, business technology is becoming more accessible. And although this has done a great deal to make sophisticated IT systems easier to implement and manage, this convenience also brings its own challenges.

Today, many best-of-breed disaster recovery solutions are inexpensive and contain exciting, powerful and easy-to-use features. But you can’t just think of software licenses when evaluating disaster recovery solutions. You also have to factor in things like hardware, datacenter space, professional services, capital expenditures, vendor lock-in, lost productivity, security issues, and management overhead.

When you take all of the costs and hassles into consideration, the total cost of implementing and managing your own disaster recovery system can be much higher than the price of the price.

Also, the free puppy might be lacking some essential capabilities. Maybe it’s too friendly to guard your house, or maybe it can’t catch a frisbee. This is time and effort that you’ll need to invest in training.

Likewise, as your needs evolve, you’ll often find that there are some capabilities lacking in your DR plan. You’ll need to invest heavily in upgrades and training.

Do-it-yourself disaster recovery is a bit like a free puppy. It comes with lots of responsibility. If you’d like more peace of mind around your data protection, consider working with a backup and disaster recovery provider that can take on all of these responsibilities for you while providing you with all the benefits.

GDPR, a set of new rules for data collection and storage, took effect on May 25th, 2018. The purpose of the regulation is to provide individuals with more control over their own data and communicate how that data is collected, stored, processed and used – no matter the location.

For the first time, monetary sanctions of up to 4% of global annual turnover will apply to breaches of the regulation. It also includes additional measures to protect the personal data of EU citizens.

At Storagepipe, we understand the value of data to your organization and the serious implications of a data breach. Download our white papers now to learn about GDPR compliance and how we can help.

Imagine that 3 people want to each open a sandwich shop. One man is a butcher, another is a farmer, and the third is a baker.

The butcher is an expert with meats. The farmer is an expert with produce. And the baker is an expert at making bread. Each is the master of their specific domain.

Of course, each of these could learn the other’s trades. With a bit of effort, the butcher could learn to grow vegetables and make his own bread. But this would not be the best use of his talents. If all three shops operated this way, they would all be overworked and under-productive.

Instead, it would make more sense for all three of these experts to focus on their strengths, and team up with other experts to make up where they lack.

• The butcher could produce all the meats for everyone.
• The farmer could supply all the produce.
• And the baker could supply all of the bread.

By creating partnering up and relying on each other’s comparative advantages, all three businesses could collectively operate much more efficiently and profitably. When there’s synergy, everyone wins!

Most IT managers are fast learners with versatile skill sets. However, there are some projects and capabilities that might provide more business value than others or be better-aligned with their specific talents.

According to the theory of comparative advantage, the key to maximizing your effectiveness as an IT leader is to focus exclusively on those high-value activities that are best-aligned with your talents. Any other work should be outsourced or delegated.

For example, if your strengths are best-aligned around things such as infrastructure management, then it might make sense to outsource non-core activities such as backup and disaster recovery to a trusted partner that specializes in this domain.

By focusing on your comparative advantage, you can be more productive, free up more time, and achieve total peace of mind.

What would happen if the fire alarm in your office went off at this very moment? Would there be a mad rush for the doors, or would most people just ignore it and keep working until they smelled smoke?

As indicated by the Institute for Research in Construction, only about 25% of occupants react to fire alarms as if they were potential indicators of a real emergency. Instead, most people assume that the alarm is merely a drill.

In other words, fire drills DECREASE the life-saving effectiveness of fire alarms.

Here’s another example to consider.

In 2010, an 89-year-old patient died of heart failure at Massachusetts General Hospital. For 20 minutes, a series of alarms, beeps, and messages had been sending urgent warnings to the hospital staff. It was so distracting that an employee had to manually shut off the crisis alarm on the patient’s bedside monitor. Instead of taking appropriate action, these signals were ignored entirely.

These nurses weren’t evil or cold-blooded. Instead, they had become desensitized by years of constant false-alarms from oversensitive and malfunctioning medical devices. When an actual crisis was detected, everyone assumed it was simply a false alarm.

This phenomenon is called “Alarm Fatigue”, and it can easily lead to accidental data loss and failure of critical business systems.

As an IT administrator, you are constantly juggling priorities, multi-tasking and keeping up with unplanned work. Alarms are constantly going off; also, your job is to choose which fires are generally imperative.

In most cases, if you miss a legitimate alarm, the outcomes are generally minor. But there’s one area where the results can be very severe.

Compared to other conflicting responsibilities, backup and disaster recovery rarely feel like an urgent priority. But when they do become a priority, it’s usually too late to do anything about it.

To be an active IT leader, and respond more efficiently, you need to manage your signal-to-noise ration. Before you’re notified of an alarm, it helps to have someone that will verify and triage for you. You should only be notified of actual emergencies that require your immediate attention.

Specialization and delegation are an effective way to deal with alarm fatigue. When you delegate backup to a specialist, you can eliminate all of the distractions and conflicting priorities that might lead to alarm fatigue. Instead, you establish a consistent, repetitive process where every potential problem is proactively investigated and fixed. At that point, you can execute additional layers of auditing and monitoring to get any issues that might fall through the cracks.

By making this a dedicated and focused role within your IT function, you can significantly reduce the chances of alarm fatigue creeping into your backup and disaster recovery process.

Of course, this might not be a feasible option for most organizations. If you can’t afford to have a dedicated internal data protection and business continuity team, then outsourcing your backups to a dedicated provider can give you the same benefits as a fraction of the cost.

By outsourcing your data protection and business continuity to a specialized service provider, you can guarantee exhaustive protection and total peace of mind.

In 1992, the Royal Majesty cruise ship ran aground because of an electrical problem with their GPS system. Despite the fact that it should have been clear to any experienced crewmember that the ship had been veering off-course, most simply assumed that the GPS system would correct itself or someone else would take on the responsibility of fixing the problem.

Humans have a bias to trust computers over humans. And this bias grows over time, as computers continue to prove their accuracy and trustworthiness. When a human operator notices something wrong with an automated system, they are often likely to disregard reality and go with what the computer is saying.

This is an excellent example of the “Automation Paradox”.

As automation becomes more effective, the role of the human operator turns out to be more vital. In the same way that automation can create exponential benefits and efficiencies, it can also scale out the harm caused by human error and poor implementation.

In the early days of computing, mainframes were very expensive and difficult to use. Administrators took great care in their maintenance & implementation, and hacking was very unlikely. The process of provisioning a new machine could take months and required approval from many different departments. If these mainframes ever crashed, the company could still maintain some level of operations through their paper-based processes.

Today, virtualization makes it easy to launch new servers with default security settings quickly. IT departments must deal with virtualization sprawl, shadow IT, and employees working on unauthorized systems. Provisioning has become so easy that IT administrators are struggling to prevent new systems from getting added to the network. And as a result, tolerances for data loss, security breaches, and unplanned downtime have virtually dropped to zero.

A day in the life of the average IT manager often resembles the broom scene from Disney’s Fantasia.

Thankfully, the tools have also improved. Today’s IT administrators have access to backup and disaster recovery systems that are both – potent and elementary to use. But the automation paradox also applies to backup and disaster recovery systems.

If you can protect all of your virtualized systems from a single application, that’s great. But this also means that human error has the potential to cause much more damage. As your data protection and business continuity tools become more powerful, you likewise have a duty to be extra-cautious with their management, monitoring, and implementation.

This is why we recommend delegating your data protection and business continuity to a dedicated specialist that exclusively does this kind of work, and nothing else. When you outsource your backup and disaster recovery to a specialist, you know that this work is being done by dedicated experts who have the training, experience, and resources to ensure that your systems are always protected.
When disaster strikes, you can take comfort in the fact that these specialists perform real-world recoveries every day. They know how to take care of business right, inevitably, without fail.

You need the best automation tools. But they have to be managed by the best-trained and most skilled technicians. The more efficient the automation, the more crucial the role of the human operator. If you want total peace of mind, make sure that you have the best people implementing, managing and monitoring your backups.

Imagine the following scenario:

  • You’re the IT administrator for your company.
  • To eliminate human error and physical media failure, you’ve implemented a fully-automated network backup solution that creates redundant backup copies across multiple physical sites.
  • You’re following the greater part of the best practices. In any case, at that point something terrible happens.
  • One of your trusted internal systems gets hacked, and this system becomes a gateway for the hacker to install malware on all of your production servers. You log in to assess the situation but are met with a ransom note stating that you must pay $10,000 in Bitcoin to decrypt your files.
  • You check your other copies but find that your backup servers have also been compromised. Despite your best backup plans, all of your data is gone.
  • Reluctantly, you pay the fine. But instead of the decryption key, the blackmailers now demand another $50,000. What would you do?

Ransomware has become a nightmarish epidemic that’s wreaking havoc on the IT industry.

Today’s ransomware attacks have evolved in sophistication to become incredibly aggressive, destructive and resilient. Worst of all, Bitcoin and other cryptocurrencies have become a practical and anonymous means for criminals to extort money from helpless victims.

How can you protect yourself? One solution might be to augment your existing backup and disaster recovery plan with additional precautionary Air-Gap backup copies.

With Air-Gap backups, copies of your data are kept completely isolated… physically disconnected from any networks. Thusly, they’re protected from even the most forceful hackers.

Of course, as you adapt your tactics to threats, the threats will continue adapting to your tactics. It’s a constant war to protect your company’s most valuable assets.

That’s why you need to surround yourself with the most highly-trained, well-equipped and experienced experts you can find. By allowing Storagepipe to assist in your backup and disaster recovery plan, you’ll have more peace of mind when facing potential future ransomware attacks.

Happy Holidays From Storagepipe

THREAT! The virus scanner pings
Your system needs some updating
Yes it has been quite a while
Your OS is out of style
Careful with your documents
It’s just good ol’ common sense
Always backup your hard drive
And any threat you will survive
THREAT! The virus scanner pings
Cryptocurrency mining

Using storage in the cloud
Covered by encryptions shroud
Passwords just a few are told
Keep them fresh and not too old
Always check for system bugs
and loading times that move like slugs
Fear not if your screen goes blue
Storagepipe’s looking out for you
THREAT! The virus scanner pings
For botnets, you’ll be spamming

Anti-social social engineers
Have CIOs cowering in fear
Trusted users compromised
Packet sniffers, prying eyes
Don’t bring down your company
by shrugging off security
terms, conditions we say “YES”
though not read, we must confess
THREAT! The virus scanner finds
Storagepipe for peace of mind