Contact us at info@uzado.com
David Millier

David Millier

Dave has over 20 years of cyber security experience, and is recognized as one of Canada’s leading authorities on Information Security. Dave founded and sold Sentry Metrics, an industry leader in the MSSP space, and recently released Breached!, a novel about the challenges businesses face around cyber security and ways to effectively manage it. Dave founded Uzado (which means “use or “usage” in Esperanto) to help companies simplify IT by using its visual workflow engine. As an avid off-road motorcycle rider, intrepid traveler, and foodie, Dave’s love of cooking is only surpassed by his love of eating!

Author's Posts

7 Things About Information Security Your Boss Wants to Know

David Millier
Laptop Work-3.jpg
  1. Email is NOT Secure

Email is not as private as people sometimes think it should be.  Left unencrypted, email could potentially be read by a hacker.  You cannot always trust that the name of the sender in the “from” field is the actual sender of the email.  In some cases, a hacker may try to disguise themselves in an attempt to steal your information (Phishing). Often, an attachment may not be what is advertised, you may think you are receiving the latest company financials in Excel, but in reality, opening that attachment may lead to the installation of ransomware

  1. How to Recognize Phishing Attempts and Prevent Identity Theft

A phishing attempt is an attempt by hackers to try to gain information about you, usually by tricking you to go to an insecure website and steal your passwords.  How it usually happens is an email is sent claiming to be from reputable or trusted organization.  That organization may include links to a fake website, where they may ask you to enter your username and password or other personal information.  One way to recognize these attempts, is that most are poorly written with many spelling and grammatical errors.  Carefully inspect web links, as sometimes these link to fake web sites.

  1. Why You Should Keep Your Computer Updated

Having the latest and greatest version of software on your computer can help protect you from already established vulnerabilities.  Operating systems, firewalls, and anti-virus software all have regularly scheduled updates to provide the best possible security available.  Always update your systems!

  1. How to Use network security tools

Network security tools are useful to help prevent unlawful access to network systems (firewalls), spam filters to protect you from unwanted email, and anti-virus protection to protect your systems from viruses, are all important security tools.   Many more tools, such as vulnerability management tools, can help secure your network by telling you where the vulnerabilities are in your network. 

  1. Secure Passwords Are Important

Your password is the key to all your information on your organizations systems.  Follow those steps to ensure you have as secure a password as you can. After all, why make it easy for hackers.  Do use a combination of uppercase and lowercase letters, symbols and numbers and don't use commonly used passwords such as 123456 or the word "password.” Ensure your user passwords are at least eight characters long. The more characters and symbols your passwords contain, the more difficult they are to guess.  Don't write your passwords down, share them with anyone or let anyone see you log into devices or websites and do change your passwords regularly.  Make sure you log out of websites and devices when you are finished using them. When possible, use Two-Factor Authentication (2FA) whenever possible. 2FA adds another layer of security to any account you may be logging into.

  1. How to Prevent Data Breaches

Scammers are always trying to steal sensitive data.  Sometimes, unscrupulous competitors could be trying to steal your business’s sensitive data.  Beware of phishing and social engineering scams.  Ensure that company data is backed-up onto secure servers.  Ensure that your security systems and software are up to date.

  1. Mobile Protection

From physical theft of phones, to shoulder surfing in a crowd, your mobile data is at risk. Never leave mobile phones, tablets and laptops unattended.  Never read sensitive data in public places.  In all cases, your mobile devices should be password protected. 

Following all seven steps will help secure your organization.  To learn more about the 7 things your boss wants you to know about information security, visit our website: www.uzado.com

New Call-to-action

 

Read More
Topics: Vulnerability Management, Security, Ransomeware

3 Ways to Improve Remediation Management

David Millier

What-Is-Remediation-Management-and-Why-Is-It-Important.jpg

It doesn’t matter how big or small your company is, you will never be completely safe from cybersecurity threats. This idea shouldn’t scare you. Total safety is a myth. No single method can protect you from all of the perils that every network faces. Still, you need to take the right steps to minimize the likelihood of a potentially catastrophic breach. 

Unfortunately, many companies fail to take these measures, and they suffer the consequences as a result. Cybercriminals usually attempt to exploit a system to access a proprietor’s valuable information. Once they find this data, they usually steal and/or delete it before ransoming it back to the victim for an inflated cost. This puts organizations’ clients at risk, and lest you think this is a rare occurrence, it happens all the time. Major brands like T-Mobile and VTech have faced data theft on a large scale. If the director of the CIA can be compromised, how safe do you think you are? 

Thankfully, you can still take steps to fortify your networks and preserve your data. Remediation management represents one of the most effective strategies in this regard. It helps you compensate for the weaknesses in basic cybersecurity practices and gives you greater control over your system’s maintenance. These three tips will help your organization defend itself against outside hazards.

  1. Follow up Thoroughly When You Scan

Imagine this: Your home security company calls you at work to tell you that your alarm is going off. They ask you whether they should investigate the problem. You tell them even though you believe the break in is a real threat, the alarm system itself should be enough to scare the intruders away, so an investigation isn’t necessary. Does this seem logical to you? 

If not, you’d probably be surprised to see how many companies fail to follow up on their scans. Many organizations will perform basic remediation efforts, but they only do so to live up to international security standards. Unfortunately, these regulations represent the bare minimum that an agency must do to protect itself. Their recommendations are often woefully inadequate for a standard network, so a company may still end up compromising its system if it only performs these actions. 

Your remediation management strategy should do more than the bare minimum. You need to perform scans more often than security standards suggest, and you must act on your results when you receive them. A scan means nothing if it leads to no new actions.

  1. Consider Your Context before You Remediate

Do you find it difficult to parse your vulnerability reports? You’re hardly the only person to face this problem. A scan will usually return thousands of results, all of which fall into overly broad categories. Still, you need to understand these results if you want to tangibly secure your network.

Remediation management uses a risk-based approach to organize these outcomes. It prioritizes assets based on information such as location, confidentiality, integrity, and more. When you consider these factors, you’ll be able to find your network’s most critical assets and give them the protection they need.

  1. Watch High-Risk Vulnerabilities Closely

Say you had a valuable Ming vase in your home. Would you rather set up a surveillance system to protect it or leave it unprotected? 

Your information may be as valuable as the Ming vase in this scenario, so you should protect it accordingly. If your scans reveal your assets to be particularly vulnerable, you need to start monitoring them. Even if you take steps to stabilize them, they may become insecure again later. So constant monitoring and vigilance is essential.

 Want to learn more about Remediation management?  Follow the link below:

 Learn More

Read More
Topics: Vulnerability Management, Remediating Risks

Top 5 Reasons Your Business Needs ITSM Software

David Millier

5-Reasons-Your-Business-Needs-ITSM-Software.jpg

If you’ve implemented ITSM processes or you’re thinking about doing so, it goes without saying that your business needs to invest in ITSM software too. A baker wouldn’t make a cake without using the proper ingredients to do so.  In the same vein, why would you deny your IT team the “ingredients” to do their jobs? ITSM software is specialized, designed specifically to support ITSM processes. Using it helps IT professionals implement those practices more efficiently and seamlessly, meaning you spend less time dealing with frustrating tech issues that keep you from doing important work. But the benefits of ITSM software go beyond simply letting the tech department get things done. These five reasons should convince you that your business needs ITSM software.

  1. Standardization and Integration

ITSM is designed to standardize IT procedures across departments and divisions. In a lot of ways, using software to support those functions is a logical extension of an ITSM framework. It’s always easier to do a job when you have the right tools at your fingertips. These software solutions work across an organization so that the benefits, like streamlining processes, can be realized in other parts of your company too.

  1. Improved ROI

You’ve invested a lot in an ITSM framework, so it really needs to pay off. ITSM can improve a business’s ROI—that’s no secret. But one of the best ways to ensure the return on your investment in ITSM is to employ software specifically designed for the job. When you employ an ITSM framework along with a software solution, it won’t be just the IT department that benefits—and that translates into a better ROI. In addition, many ITSM software solutions are suites of programs, which means that you’re getting not just one tool, but a whole set of them. Each tool can help your company with a different task, and these tools are designed to work together seamlessly.

  1. Improved Efficiency

IT professionals are good at what they do, but ask any of them and they’ll say that the right tools make their lives easier. An ITSM suite can facilitate linking between incident records, service requests, and problem and change logs. The software will often enable linking between these records. This saves time and it can also highlight issues affecting multiple users and link those problems or incidents back to changes or configuration information. Not only that, but program capabilities allow you to review workflow processes in more detail, which in turn can point to the places where procedures could be simplified. Workflow management software may even allow you to automate some steps of a procedure.

  1. Manage Change in a Mobile World

Thanks to technological innovation, more and more employees telecommute or work remotely these days. Employees who travel may rely on a smartphone to retrieve documents for an important meeting. All in all, today’s workforce relies more heavily on mobile technology and cloud storage than ever before. ITSM suites provide specialized tools for managing things like public/private cloud storage and for providing better service to employees on the go.

  1. Reduced Costs

Perhaps most importantly, ITSM software can help your business reduce costs. The more efficient delivery of services helps your employees save time and money, and the ability to visually review your workflow and determine what changes make sense allows you to make adjustments to processes and procedures that will save money. Although ITSM software might seem like a big investment upfront, the benefits far outweigh the costs. Just like ITSM processes can save your business money, so too can using ITSM software for the job.

Want to learn more about how ITSM software can save you time?  Watch our Video

Read More
Topics: IT Service Management, ITSM Software

What is HIPAA Compliance?

David Millier

HIPAA Compliance Healthcare Survey.jpgWith revisions to federal legislation around the security and storage of health information in the US, many businesses are aware that they need to ensure compliance with standards mandated in the Health Insurance Portability and Accountability Act (HIPAA). But that's left many with a big question: how do you become HIPAA compliant?

What Is HIPAA?

HIPAA is a federal legislation from 1996 that governs the security and storage of medical information in the United States. Health information is important, in some cases doctors need to share information with hospitals or other practitioners. This kind of information is also very sensitive, and the act is designed to keep patients and their medical records safe in the digital age.

What Does It Take to Be Compliant?

Businesses become HIPAA compliant when they follow the standards of practice set out in the law. With the passage of the Patient Protection and Affordable Care Act of 2010 and the subsequent rollout of changes to the US medical care program, there has been a renewed focus on HIPAA and its standards.

Any company that deals with protected health information must comply with HIPAA. To do so, the business must ensure that all required physical, network, and process security measures are in place and being followed.

Physical Security Measures

Perhaps the simplest part of being HIPAA compliant is ensuring that physical security measures are in place and followed. These requirements focus on physical access to information and the workstations they're accessible from. To be compliant, you'll need to implement workstation security. This includes policies and procedures for workstation use that identify the work to be done and how it is to be done at that station, as well as protocols around the disposal of media and equipment that may have stored health information on it. Procedures addressing how to remove information from reusable media are also required.

Network Security Measures

There are 5 requirements in HIPAA that address network and network access in order to provide more security for sensitive health information. To be HIPAA compliant, you must implement unique user identification to facilitate tracking, create an emergency access procedure, and implement audit controls to record and monitor systems and workstations that collect and store electronic health information. You must also have authentication processes in place to ensure that someone requesting access to health information is the person they claim to be.

Process Security Measures

These administrative measures are probably the most difficult to implement—and the most important. To be compliant with HIPAA, your organization must perform risk analysis and risk management to ensure it has the proper procedures in place. You must also designate HIPAA officers to monitor compliance. You must regularly audit and review use of workstations. Sanctions also need to be in place to discipline employees in breach of policy. If multiple organizations will have access to files or workstations, you need to ensure that only those who are authorized will have access to health information. You are also required to develop a contingency plan to protect sensitive health information in an emergency. You are required to evaluate your compliance and update it when necessary, and when you enter into an agreement with another business, you are responsible for ensuring that they will operate in compliance with HIPAA.

Addressable Measures

In addition to the required measures, there are also a number of items that HIPAA considers "addressable." While businesses aren't required to implement these measures to be HIPAA compliant, these additional measures provide added security for sensitive health information. These measures range from having a facility security plan to protecting your systems against malware. These items should be addressed by businesses dealing with health information—not just to be compliant with the law—but to provide more security for patients and clients.

Want to know how Uzado can help with HIPAA Compliance? Click below to request a demo:

 Request A Demo

Read More
Topics: Compliance Management, HIPAA Compliance, Security, Remediating Risks