Contact us at info@uzado.com
Alix Postan

Alix Postan

Connect with me:

Author's Posts

The Difference Between Anti-virus’ vs Firewalls

Alix Postan

Firewall graphic.png

If you can take anything away from this post, it’s to implement both tools!

It’s a common misconception that anti-virus software and firewall software are meant for the same purpose; however, they are two different, complimentary security applications that can be run simultaneously. What’s the difference?

Anti-viruses work at a “file level” – it will scan files to prevent, detect and remove malware (malicious software) that is either already installed in your system, or are about to be installed in your system. Updated anti-virus software can protect against: browser hijackers, ransomware, keyloggers, backdoors, trojan horses, worms, spyware, adware and many other forms of malware. Depending on the software, it can quarantine, permanently remove files/applications, fix them, etc. It usually runs daily/weekly/ad hoc scans on the system and reports the threats, the fixes, and the number of clean files that were scanned. Anti-virus software should be frequently updated, so that it can detect new forms of malware.

Firewalls, on the other hand, act as a sieve – blocking specific data from coming into, or leaving a network. They are also a security software, but instead, work at the network-level or at an application level. Network firewalls screens traffic between two or more networks (i.e. an internal network and an external network – like the internet). Host-based firewalls provides a layer of software on one host that controls network incoming and outgoing network traffic.

Still not convinced? Check out the article 10 Signs You Should Invest in Security for more information.

For more information on ways to manage risk and vulnerabilities, check out Uzado’s Whitepaper: Risk-Based Approach to Vulnerability Remediation

A Risk-Based Approach  to Vulnerability Remediation

Read More
Topics: Security

Cybersecurity and Health Care Don’t Mix… Said No One…

Alix Postan

1% of Health Care Organizations say they are not vulnerable to cyber-attacks.security-health-IT.jpg

The truth is, Cybersecurity and Health Care should be much more intertwined. HealthCareCAN and the Canadian College of Health Leaders requested that IPSOS survey health care professionals in March 2017, after the WannaCry Ransomware virus spread throughout 310 countries and shut down 16 hospitals in the UK. As a result of the malware attack, Canadians wanted to know, how secure is their healthcare system – hence the survey.

The United States has a protection act (Health Insurance Portability and Accountability Act – HIPAA) which requires healthcare services to mandate a certain level of cybersecurity within their organizations. In Canada, we have PIPEDA (Personal Information Protection and Electronic Documents Act), which is applicable to federally-regulated organizations (i.e. banks and telecommunications companies) and private-sector organizations. According to McMillan, PIPEDA was amended in 2015 with regulations for responding to a breach or an attack; however, still lacks preventative regulations.

According to the HealthCareCAN and the Canadian College of Health Leaders’ 2017 survey, 85% of hospital CEOs, department heads, medical directors and other senior health administrators say their organizations are vulnerable to cybersecurity attacks. 85%!! The survey found that 90% of these institutions were confident that they are prepared for natural disasters (floods, fires, ice storms, etc.) or man-made emergencies (terrorist attacks, infrastructure failures, etc.) – but not cybersecurity.

The poll also indicated that 32% of health leaders believe there’s an urgent need for the federal government to become more involved in “setting up standards, oversight and providing leadership to address cybersecurity.” That’s followed by “security monitoring/protection” (22%); “provide funding” (19%); “address IT/cybersecurity issues” (13%); “help with infrastructure” (12%); and “providing plans/strategies” (9%).

The statistics from this article are derived from GlobeNewswire.

For more information on becoming HIPAA Compliant, click here.

Why Compliance Does NOT Equal Security

Read More
Topics: Compliance, HIPAA Compliance, Security

Can Smartphones get hacked?

Alix Postan

Smartphone.jpg

Simply put – yes. But… there are ways to protect against it.

**If this has happened to you, and you live in the United States, go to IdentityTheft.gov and file a report.  If you live in Canada, please go to http://www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm**

Some Preventative Actions for Protecting your Mobile Device:

  • Turn on Apple’s “Find My Phone” or Android’s “Find My Device”
  • Lock your phone – use at least a 6-digit passcode, fingerprint, or pattern lock
  • Use the LockBox app to protect your credit card information, passwords, PINs, etc.
  • Back up the data on your phone

By locking your phone AND using the LockBox app, you are enforcing a two-factor authentication, which makes it more difficult for hackers to access. The second authentication step adds an extra layer of security as it acts as an extra hurdle. A biometric password (finger print, in this case), while unique to each user, is not a fail-proof password solution. Some organizations are unlikely to use biometric authentication, as storing this personal information comes at a high cost and stricter regulations. On the other hand, hackers could still get into the system where the biometrics are stored, change them and add new ones, with the potential to gain even more access than if they were to hack regular passwords. Finger prints are not the only biometric authentication; voice identification (when saying “Hey Siri” or “Ok, Google” to turn on your virtual “personal assistant”), a heartbeat monitor, a retina scan, etc. For more information on biometric authentication, check out Mahdhumita Murgia’s article in The UK Telegraph.

Response Actions if You Think Your Device Has Been Breached:

  • Change passwords for all of the accounts, whose passwords were stored on the phone
  • Watch for notifications that a new device has attached itself to your email or accounts
  • Notify the carrier that the phone was lost or stolen, so that they can disable the SIM card (temporarily or permanently).

For more information on the Federal Trade Commission’s (FTC) guidelines for lost/stolen mobile devices, click here. The Government of Ontario also has some recommendations on how to prevent identity theft online and on mobile devices here.

Don’t forget to check out Uzado’s article on creating secure passwords here: Don’t make ‘Password’ your password.

Request A Demo

Read More
Topics: Security

Secure Payment Terminals gain ‘Lift off’ with Lufthansa

Alix Postan

Lufthansa.png

If you’ve ever been to an airport (any airport in the world), the first thing you’ll notice are, lineups. There are snaked lines at the check-in counters, lineups at the kiosk before the check-in counter, lineups at the coffee shops around the corner from the check-in counters; but I think you get the point.

Lufthansa has recently signed a deal with Amadeus and Ingenico, to bring in secured payment systems, called “Amadeus Airport Pay”. These payment terminals will be at every check-in counter, so that customers can pay any additional fees, right there and then. Previously, customers would have to go to another area and line up to pay the added fees (of course). Now that the check-in counters will have these payment terminals, passengers will have one less lineup to worry about - providing a service that emphasizes convenience and will save you more time and less aggravation.

Here’s the important part! The Amadeus Airport Pay terminals are secure to use, as the terminals meet compliance standards for the Payment Card Industry (PCI) requirements. By requiring PINs for credit card payments, the payment process, itself, remains secure.

Lufthansa projects that these payment terminals will be instituted into 170 airports across the world.

For more information on PCI compliance standards,and how Uzado can help you become PCI Compliant, click here.

Watch our Video

Read More
Topics: Compliance, Security