Sunday, January 26, 2020

Family and Children’s Services of Lanark, Leeds and Grenville suffered another alleged cyberattack.


Decision in alleged Ontario CAS hacking case delayed until May 20/2020.

2016: Police probe leak of IDs of Lanark, Leeds and Grenville children's aid clients over web.

https://ottawacitizen.com/news/local-news/police-probe-leak-of-ids-of-lanark-leeds-and-grenville-childrens-aid-clients-over-web.

2016: Three-month investigation leads to charges in children's services alleged server breach.

https://ottawacitizen.com/news/local-news/three-month-investigation-leads-to-charges-against-two-people-in-childrens-services-server-breach

2016: CAS hacking charges dropped by Crown against Smiths Falls man.

https://www.insideottawavalley.com/news-story/7022350-cas-hacking-charges-dropped-by-crown-against-smiths-falls-man/

2017: Alleged CAS hacking case trial date to be set.

https://www.insideottawavalley.com/news-story/7170259-alleged-cas-hacking-case-trial-date-to-be-set/

:::

2018: Family and Children’s Services of Lanark, Leeds and Grenville suffered another alleged cyberattack.

"Raymond Lemay is back working at his computer, something he wasn’t able to do a few months back. In November, staff of Family and Children’s Services of Lanark, Leeds and Grenville were hit with a “malware” attack that locked them out their systems until they paid a $60,000 ransom."

Lemay says he wants to assure the public that no one’s private or personal data was taken as a result of the attack.

As it turned out, the office caught a lucky break. IT staff were able to restore the system within eight hours — and without having to pay hackers.

Children’s Services of Lanark, Leeds and Grenville, the office might have caught that lucky break, but the malware attack was still a hassle. Lemay says it took cybersecurity experts two to three weeks to eliminate the malware from the office’s computer network.

As for how the malware got on the office’s network in the first place, that remains a mystery.

“It could have been through somebody using a flash drive. It couldn’t have been through an email. It could have been any number of things,” Lemay says. “We really don’t know.”

https://globalnews.ca/news/4054200/leeds-lanark-and-grenville-family-childrens-services-ransomware/

:::

2018: Alleged ransomware attacks hit two Ontario children’s aid societies.

The alleged ransomware attacks at two children’s aid societies have spurred the Ontario government to tighten cybersecurity around a new, $123-million provincial database for children in care.

Officials with the other agency — Family and Children’s Services of Lanark, Leeds and Grenville — claim they saw an English ransom message flash on their computer screens, demanding $60,000, when they tried to access their database in November.

“It encrypted most of our servers,” says the Lanark agency’s executive director, Raymond Lemay. “No data was taken out of our system. It was just an attempt by whatever you call these people to get a ransom.”

Lemay says his agency didn’t pay up. He says it used an offline backup of computer files to get the agency up and running again in about eight hours.

Backup copy or was there two sets of books?

To cook the books is an idiom describing fraudulent activities performed by corporations to falsify their financial statements and God knows what else when it comes to the Ontario CAS..

Lemay says the ransomware attack cost his agency $100,000 to fix, an expense covered by his agency’s “cyber insurance.”

Cybersecurity experts from the province’s Ministry of Children and Youth Services, along with a private internet security firm, swooped into the agency to neutralize the malware in the infected servers.

“It took them about three weeks to find the needle in the haystack,” Lemay says.

The ransomware attack locked the agencies out of local online files that contained private information on the children and families they serve.

The computer virus attacked while the Lanark agency was uploading its data to a centralized database known as CPIN. It will allow societies across Ontario to share information more easily and better track how children in foster care and group homes are doing.

“They might have taken advantage of vulnerabilities that occurred because we were changing over to a new system,” Lemay says of CPIN. That’s one of the hypotheses, but we don’t know for sure.”

https://www.databreaches.net/ransomware-attacks-hit-two-ontario-childrens-aid-societies/

https://www.thestar.com/news/insight/2018/02/22/ransomware-attacks-hit-two-ontario-childrens-aid-societies.html

:::

Obscurantism is the practice of deliberately presenting information in an imprecise and recondite manner, often designed to forestall further inquiry and understanding. There are two historical and intellectual denotations of Obscurantism: (1) the deliberate restriction of knowledge—opposition to disseminating knowledge;[a] and (2) deliberate obscurity—an abstruse style (as in literature and art) characterized by deliberate vagueness.

https://en.wikipedia.org/wiki/Obscurantism

:::

Here are a few of the highlights from the alleged Ontario CAS hacker trial transcript:

PAGE 29/30 - FROM THE TRIAL TRANSCRIPT.

2019: EXECUTIVE DIRECTOR RAYMOND LEMAY. I was just repeating what had been explained to me. That the security features of the website, when it was first installed, had not been turned on. That’s what was explained to me, and I am just repeating what I heard.

Q. So, all you know is whoever C.A.S. retained for you working in your position did something incorrectly with respect to the website that caused this issue?

A. That’s what, that’s what I understand, yes.

READ THE COMPLETE TRIAL TRANSCRIPT HERE: https://www.kelleyandderek.com/

:::

2016: Alleged ‘disgruntled client’ posts names of 285 children’s aid families on Facebook (all 285 names on facebook?). A Brockville-area children’s aid society reels after names of 285 clients were posted on Facebook. (did the alleged hacker copy and paste all 285 names and codes in one post or did she post a picture of a hyperlink?)

Lemay admits the report was on the FCSLLG's website but says it was hidden behind several layers of security including a password given only to the organization's board of directors.

"You have to go through the back door. You have to be looking for this," he says.

A link to the report was obtained by someone — "likely a disgruntled client" — who hacked the secure portal for board members on the society's website, he said. No staff or board members are suspected of the breach, he said.

"Our suspicion, which is a fairly firm suspicion, is that it is a current client who is very disgruntled, very unhappy with us," he said. "We have contacted the police. Our lawyer has sent a letter to the website owner as well as to this individual telling them what they are doing is, we think, illegal."

This is the second time in about three months that the organization has had to take down its website because of security concerns. An outside expert was brought in after a February scare to better secure the website. No sensitive information was revealed or even in danger in the first breach, Lemay says. He says they made the changes and were told the website was secure.

The website has been taken down while experts help the FCSLLG improve its security. This branch of children's aid says it is reviewing its policies when it comes to sensitive information and how it handles such documents.

https://www.thespec.com/news-story/6503453--disgruntled-client-posts-names-of-285-children-s-aid-families-on-facebook/

https://ottawa.ctvnews.ca/names-of-285-people-referred-to-children-s-aid-in-lanark-leeds-and-grenville-posted-online-1.2865944

:::

D. David Rakobowchuk: From the final defense submissions (trial testimony).

-8-

43. Det. Rakobowchuk is himself a member of the above Facebook group. He testified that to join the group, a Facebook user had to request approval from a group administrator.12

44. Det. Rakobowchuk testified that there was no breach of password or anything similar used to gain access to the spreadsheet in question:13

Q. And, just for the purpose of the record, you have referred to — the information you got there was a hack, I guess?

A. Yes.

Q. But, as the investigation went on it was very — it became clear that there was no actual, I guess, a breach of a password, or anything like that used to gain this information?

A. Exactly.

READ THE COMPLETE TRIAL TRANSCRIPT HERE: https://www.kelleyandderek.com/

:::

MARGARET ROW: Affirmed.EXAMINATION IN CHIEF BY: Mr. Corbella.

Q. So, correct me if I am wrong, if I understand correctly, so basically if there is an issue that needs to be dealt with you are asked to deal with it?

A. Correct.

Q. Okay. Now, back in February of 2016, we’ve already heard, and I don’t think there is any issue, that Family and Child Services of Leeds, Lanark and Grenville, became aware there was a potential problem with the website?

A. Correct.

Q. We’ve heard about the – there was a –  you became aware, and then you eventually yourself became aware as well that here was a posting of a video by Ms. Denham?

A. Yes.

Q. And that that posting contained certain documents which caused your organization some concern?

A. Yes.

Q. Okay. And, I understand that you reached out to your son-in-law, Mr. David Schmidt?

A. Correct.

Q. And, perhaps for the record, I’ll – Schmidt is S-C-H-M-I-D-I-T.

A. S-C-H-M-I-D-T.

Q. Thank you.

A. You are welcome.

Q. Why did you reach out to Mr. Schmidt?

A. Mr. Schmidt is a subject matter expert in internet and network security.

Q. And, how did you know that?

A. I owned a company, an internet company for five years,and Mr. Schmidt was my systems administrator.

Q. That was before he was your son-in-law?

A. That’s correct.

Q. Okay. Now, so you suggested that he may be a source of information, or help to your agency?

A. That’s correct.

Q. Okay. And, eventually your agency did decide to seek his advice?

A. Correct.

Q. And, it’s my understanding ma’am that –  well, maybe you could just tell us. As a result of Mr. Schmidt coming onboard, what did you decide to do with regards to the, I guess,the investigation, or dealing of this first breach.

A. With respect to the dealing with the first breach, my involvement was minimal. I was only involved for the first three days. After Mr. Schmidt had accepted the contract, I voluntarily recused myself from the decision making tree because of the family relationship.

Q. Thank you. Exhibit four. So, here you go. You can refer to it whenever you need to to help you answer your question ma’am.

A. Yes, it was from service from April of 2015 to November of 2015

Q. April to November, of 2015. So, the names on the list would have been clients during that time period?

A. That’s correct.

Q. Okay. And, can you tell us – I mean, I forget the exact number, but I think it was – do you remember an exact number of how many names were on the list?

A. 285, sir.

Q. You’ve answered that question a few times I imagine.

A. Once or twice.

Q. Okay. So, those 285 names, are you able to tell us if any of them were ever a participant, a witness, a party to a hearing, let’s stop with that.

A. Am I directed to answer that question, sir?

THE COURT: Yes.

A. Yes.

Q. Okay. How many of them?

A. Six families and seven children. There was one family with two children.

CROSS EXAMINATION BY: Mr. Mansour

Q. Ms. Row, can you tell me, when did you retain your son-in-law, Mr. Schmidt? Was it before or after the first breach?

A. At the first breach.

Q. And, before or after the second breach?

A. I did not actively retain Mr. Schmidt. That direction came from the manager – the director of corporate services.

Q. Are you talking about Mr. Lemay? Is that who that person is?

A. No, that was Jennifer Eastwood.

Q. Jennifer Eastwood, okay. So, after the first breach,do you know roughly how long after the first breach your organization decides to retain Mr. Schmidt?

A. No, I don’t know.

Q. You don’t know. When do you retain Mr. Schmidt?

 A. Initially in February, February the 9th.

Q. Okay. And then, you pass it off to Ms. Eastwood after that?

A. That’s correct.

Q. So, the website only went down after the second breach?

A. Correct.

Q. Okay. How long was it down for?

A. Five and a half months.

Q. At that point did you know what the compromise was?

A. No.

Q. And, whose decision was it to put it back up?

A. Mine.

READ THE COMPLETE TRIAL TRANSCRIPT HERE: https://www.kelleyandderek.com/

:::

FCSLLG'S SELF TAUGHT INTERNET SECURITY EXPERT DAVID SCHMIDT'S TESTIMONY.

Q. So, I think Mr. Schmidt, what we were just covering off before the technical issue was that Ms. Margaret Row, who is your mother in law, contacted you back in February of 2016?

A. Correct.

Q. All right. So, why don’t you just let us know;
what did she tell you that was the concern, and what did you decide to do?

A. Okay. So, I got a call in the early afternoon. Margaret reached out asking if she could discuss their website.I responded and we started to talk about it, and she indicated that there was some concern that material from their website, or from - sensitive material had been accessed

Q. You – in the past – okay, first of all, I don’t think
if you explained, or if you did I don’t remember, you mentioned
WordPress, what’s WordPress?
A. WordPress is something called a content management
system. It is a piece of software that runs on a web server that
people can use to create a website.
Q. Okay.
A. Okay? It’s the most commonly used such tool on the
internet. It commands, I think, thirty five percent of all
internet websites use WordPress.
Q. And, back in February- sorry, yes, February to April
2016, Family and Child Services was using WordPress?

PAGE 103/4

Q. Okay. In the background, the website has to save all
the documents – or the webmaster has to save the documents
somewhere?
A. Correct.
Q. They are saved in the directory?
A. Correct.
Q. Now, if this was properly set up you would have a
directory for the non-confidential information to the public
stuff?
A. Yes.
Q. And, you would have a directory for the confidential
information?
A. Correct.
Q. And, they’d be separate?
A. Yes.
Q. Okay. In this case they were not?
A. That is correct.
Q. Okay. And, if you were going to have a directory for
confidential information, one; it would be password protected?
A. Absolutely.
Q. It would be non-browseable?
A. Correct.
Q. And, nothing in it would be non-confidential?
A. Correct.
Q. Right
A. Unless, unless you were – so, for example, in the case
of a Board Portal, you might have a non-confidential document a
board member could see.
Q. That’s the thing...
A. But, realistically you would want a segregation
between that which should be public, and that which should not be
public.
Q. And, all those things that I listed, all of those
things did not occur back in 2016 when you were retained?
A. That is, that is correct.

105/6

Q. All lot of the time, or some times when information
gets out it gets out because someone has done something – I’m
going to call it dishonest, or nefarious...
A. Mm-hmm.
Q. And, what I mean by that is this, I will define it for
you; it’s like hacking. So, for example, you download a program,
or use certain code, or you do something to get past a username
and a password.
A. Breaching passwords, finding an exploit, or something
like that, yeah.
Q. Right. But, it requires, one; a certain level of
knowledge, right?
A. Mm-hmm.
Q. Yes.
A. Yes.
Q. I know you are nodding, but...
A. Sorry, yes. For the record, yes.
Q. And two; it would require excessive knowledge of a
certain amount of dishonesty on your part to try and get past a
username and password that is clearly intended to block you?
A. Dishonesty, interest in what’s behind it, yes,
absolutely.
Q. I’m not talking from a moral sense...
A. Yep.
Q. ...I’m talking from a computer sense, you are trying
to get past something that’s intended to stop you?
A. That’s intended not to be, not to be accessed, yeah.
Q. Right. In this case the directory had no password,
nothing in it was intended to stop you from getting to it?
A. That’s correct.

PAGE 107

Q. Right. It doesn’t require a special knowledge to use
WordPress?
A. Not particularly.
Q. Right. And, because of that, it’s not actually, as
it’s set out by default, not intended for confidential documents
at all?
A. I guess not.
Q. Well, and the reason I say this is from what you said
which is that by default it has a browseable directory...
A. Yep, absolutely.
Q. ...that you could go to that doesn’t lock. So, by
default, a logical inference is, if you have a directory that’s
browseable where you can get to every document with no password,
that’s the default settings.
A. Absolutely.
Q. By default, it is not intended for confidential
documents?
A. That is true.

From the cross examination Of D. Schmidt:

Q. All right. So, I want to go back to 2016, just in the very beginning, okay? They have a website, okay? There is a website that is intended for the public?

A. Correct.

Q. Correct. On that website there is various public documents, like, forms, things that the public would need?

A. That’s correct.

Q. Okay. There is also a Board Portal?

A. Yes.

Q. And, the Board Portal requires a username and password?

A. Correct.

Q. Okay. And, that’s the front end of what a user sees when they go to fcsllg.ca or .com?

A. Correct.

Q. Okay. In the background, the website has to save all the documents
– or the webmaster has to save the documents somewhere?

A. Correct.

Q. They are saved in the directory?

A. Correct.

-104-

Q. Now, if this was properly set up you would have a directory for the non-confidential information to the publicstuff?

A. Yes.

Q. And, you would have a directory for the confidential information?

A. Correct.

Q. And, they’d be separate?

 A. Yes.

Q. Okay. In this case they were not?

A. That is correct.

Q. Okay. And, if you were going to have a directory for confidential information, one; it would be password protected?

A. Absolutely.

Q. It would be non-browseable?

A. Correct.

Q. And, nothing in it would be non-confidential?

A. Correct.

Q. Right

A. Unless, unless you were –  so, for example, in the case of a Board Portal, you might have a non-confidential document aboard member could see.

Q. That’s the thing...

 A. But, realistically you would want a segregation between that which should be public, and that which should not be public.

Q. And, all those things that I listed, all of those things did not occur back in 2016 when you were retained?

A. That is, that is correct.

Q. ...etcetera. When you were retained in February you made a list of all of the problems with the website, right?

A. Yes.

Q. Okay. So, I am going to go through that list with you, okay?

A. Absolutely.

Q. So, number one; if you are going to put confidential information, like a Board Portal, the most secure way to do it is you don’t even put it online. You put it in an intranet system,like an internal system...

A. Absolutely, that’s right.

Q. Sorry, just let me finish...

A. Sorry.

Q. ...because the transcript becomes really difficult to follow. So, there is an intranet, an internal system, yes?

A. Yes.

Q. And, you then use what’s called a V.P.N to access that intranet if you are not on that network, right?

A. Yes.

Q. So, for example, the intranet would be accessible from your work place only?

A. Typically, yes.

Q. And, if you wanted access from home the board members would then have access via a V.P.N., yes?

A. Correct.

Q. Which requires a username and password, yes?

A. Yes.Q. To get in?

A. Yes.

Q. That’s the most secure?

A. That is.

-110-

Q. Very difficult to hack?

A. Correct.

Q. You don’t come into any of these problems, right?

A. Correct

Q. And, it is very clear, this is confidential, no one can get into it?

A. Absolutely.

Q. Okay. If you are one step worse than that, which is not quite as secure...

A. Yep.

Q. You are going to put it on its own separate website,yes?

A. Yes.

Q. Aside from non-confidential information?

A. Correct.

Q. You are going to require a username and password?

A. For everything.

Q. Well. So the one, you are going to require a username and password for the website?

A. Correct.

Q. Then, you will make sure that the directory is not browseable?

A. Correct.

Q. Then, you would make the documents password protected in the event that for some reason something went wrong, it makes it very clear that you can’t get here?

 A. Yes, that is correct.

Q. None of those things happened in this case?

A. My understanding is that you are right.

Q. Right. We are here for your understanding.

READ THE COMPLETE TRIAL TRANSCRIPT HERE: https://www.kelleyandderek.com/

:::

THE FINAL DEFENSE SUBMISSIONS."

Part One: https://www.facebook.com/FamiliesUnitedOntario/photos/a.421920498017720/1244397172436711/

Part Two: https://www.facebook.com/FamiliesUnitedOntario/photos/a.421920498017720/1244397722436656/

Part Three:
https://www.facebook.com/FamiliesUnitedOntario/photos/a.421920498017720/1244398162436612/

Part Four:
https://www.facebook.com/FamiliesUnitedOntario/photos/a.421920498017720/1244398895769872/

2019 Trial Transcript Included Here:
https://www.unpublishedottawa.com/letter/247562/alleged-ontario-cas-hacker-trial-update-190814

:::

Decision in alleged Ontario CAS hacker case delayed until May 20/2020.

The defence argued what Denham did does not constitute publishing. They say the publication occurred when the agency put the information on its website, which they say was accessible to the anybody in the public sphere.

“All she did was tell people they (FCS) published it,” defense lawyer Fady Mansour told the judge on Thursday.

“Reiterating is not publishing.”

They said if anybody has committed an offence, it was FCS since they were the ones that published it originally.

The Crown argued that FCS had no intent to publish the information and that it was always their goal to keep it private.

“They did not publish. It was always their intention to keep it private,” Crown attorney Roberto Corbella said.

“They made a mistake. They did not intend to publish this material and it was not published by them.”

The defence lawyers argued, however, that it doesn’t matter if they intended to publish it, it just matters if they did.

The data could have been reached by anybody, the defence claimed.

They argued simply putting something on Facebook does not constitute publishing, but the Crown said it “makes no sense” to suggest that.

If posting something to Facebook isn’t publishing, nothing is, Corbella said.

---

2011: Hyperlinks not considered ‘publications,’ rules Supreme Court

“A hyperlink, by itself, should never be seen as 'publication' of the content to which it refers. When a person follows a hyperlink to a secondary source that contains defamatory words, the actual creator or poster of the defamatory words in the secondary material is the person who is publishing the libel.

At both the trial and appellate level, the courts ruled the hyperlinks did not constitute publication of the impugned content.

Abella notes in her analysis that hyperlinks are essentially references. “Hyperlinks thus share the same relationship with the content to which they refer as do references. Both communicate that something exists, but do not, by themselves, communicate its content,” she writes.

https://www.canadianlawyermag.com/news/general/hyperlinks-not-considered-publications-rules-supreme-court/271051

---

A lawyer should not express personal opinions or beliefs or assert as a fact anything that is properly subject to legal proof, cross-examination, or challenge.

When engaged as a prosecutor, the lawyer's prime duty is not to seek to convict but to see that justice is done through a fair trial on the merits. The prosecutor exercises a public function involving much discretion and power and must act fairly and dispassionately. The prosecutor should not do anything that might prevent the accused from being represented by counsel or communicating with counsel and, to the extent required by law and accepted practice, should make timely disclosure to defence counsel or directly to an unrepresented accused of all relevant and known facts and witnesses, whether tending to show guilt or innocence.

Knowingly attempt to deceive a tribunal or influence the course of justice by offering false evidence, misstating facts or law, presenting or relying upon a false or deceptive affidavit, suppressing what ought to be disclosed, or otherwise assisting in any fraud, crime, or illegal conduct.

Knowingly misstate the contents of a document, the testimony of a witness, the substance of an argument, or the provisions of a statute or like authority.

Knowingly assert as true a fact when its truth cannot reasonably be supported by the evidence or as a matter of which notice may be taken by the tribunal.

https://lso.ca/about-lso/legislation-rules/rules-of-professional-conduct/complete-rules-of-professional-conduct

:::

M.M. v. Lanark, Leeds and Grenville Children’s Aid Society, 2018 ONSC 5032 (CanLII)

[6]               Now before the court are several motions for a diverse mix of procedural and evidentiary orders.

a.      M.M. seeks to discontinue her action against Ms. Denham.

b.      The Society, which, as noted above, had crossclaimed against Ms. Denham, seeks an Order converting its Crossclaim into a Third Party Claim and converting Ms Denham’s Crossclaim into a Counterclaim in the Third Party Action.

c.      The Society seeks an Order that the Third Party Action including its Counterclaim be case managed in Toronto as a part of the class action and be tried together with or immediately following the class action.

d.      The Society seeks a sealing order. The sealing Order is said to be required to address confidentiality concerns arising because of s. 87 (8) of the Child Youth and Family Services Act, 2017[3] and s.70(1) of the Children's Law Reform Act.[4]

e.      Ms. Denham does not oppose the continuation of the crossclaims within a Third Party Action, but she opposes the request for case management in Toronto and asks the court to transfer the Third Party Action to Perth, where she lives and where apparently she will have a lawyer prepared to act for her in defending the Third Party Action and in prosecuting her Counterclaim.

[7]               The request for a sealing order, which was not opposed, should be granted.

https://www.canlii.org/en/on/onsc/doc/2018/2018onsc5032/2018onsc5032.html

:::

According to a separate class-action lawsuit against FCS still before the courts, the personal information of the 285 clients was compiled into an electronic file, prepared for the service’s board of directors on new cases arising between April and November of 2015, but was not properly secured on the agency’s network.

According to court records relating to the civil suit against FCS, Denham said she found and clicked on an unrelated document on the website intended for the public. She deleted a portion of the URL, and she was taken to a directory of folders with documents, within which she found the document with the names of local families.

She said she was never asked a user name or password and was never faced with any security measures that impeded her ability to gain access to the documents.

She said she attempted multiple times to advise the agency the confidential documents were available on the public website, beginning in February 2016, but the documents were still publicly available by late April 2016.

This is when she decided to post the location of the report on the Facebook group where she claims she posted an image of a hyperlink, which was deleted by the group’s administrator within hours.

She did not hack any secure portals, she said, rather the site was completely unsecured and she was able to get to the files unimpeded.

Denham has since been dropped as a defendant in the civil case.

https://www.recorder.ca/news/local-news/decision-in-fcs-breach-expected-next-month

:::

A content management system is a software application that can be used to manage the creation and modification of digital content. CMSs are typically used for enterprise content management and web content management. Wikipedia

2019: 5 INDISPENSABLE TIPS TO KEEP YOUR BUSINESS SECURE ONLINE

Regardless of the size of your business, you will need to take the necessary steps to ensure its safety and security online. The consequences related to a lapse in security or data breaches can break businesses in the long run.

Consider the fact that all associated stakeholders will lose faith in such a business, for which reason it is even more important to keep your business secure online at all costs. If you are looking for ways to make this possible, the following five tips will do just that.

Stay Clear from Malware

Just like you would never want to leave the backdoor to your home unlocked at night, you will not want to leave your business open to cybercriminals. To make this possible, you will need to secure every computer.

Malware is designed to damage or infiltrate a network PC without your consent or knowledge. To protect your business from malware of any kind, here is what you will need to do:

Turn on the onboard firewall on your router. It is not entirely enough to deal with malware, but it will act as your first line of defense.

Get the best security software programs for all your PCs. It would be best if you spent more than expected, but it will be worth every penny.

Employ good security that will automatically adjust itself according to the device being used. The level of protection should change depending on whether or not they are in the office.

Get antispam protection to get rid of unwanted email. It will block distractions and risks for employees, all the while preventing malware from getting into systems.
Tackle Social Media Effectively

In this day and age, the importance of social media cannot be denied. It is here to stay, so you will need to empower your employees regarding guidelines and the best practices they need to adhere to while using social media platforms.

Instead of just anyone, assign an individual or individuals that will speak for your business. Make them responsible for writing about external and internal events.

In your security policy, do not forget to include social media sites like LinkedIn, Twitter, Facebook, and others. The non-disclosure agreement will ensure that confidential information remains intact.

While using any social media platform, be smart:

Only publish the information you are confident about.
No matter what you have in mind, always prepare for the worst, it will save you from many problems later on.
To expand your contact list, don’t just add anyone. Only add people you trust.

Avoid clicking on links from unknown contacts.

Ensure Usage of Strong Passwords

Passwords are vital for business networks, as they prevent unauthorized access to your data. To decrease the chances of success for hackers, cybercriminals and third party agencies, use stronger passwords by incorporating more characters and keystrokes.

Use passwords with at least a minimum of eight characters, not excluding numbers. This will stop simple attacks dead in their tracks. However, do not stop there; request password changes frequently. To ensure employees are changing their password more often than not, time out old passwords.

It is important to note that your employees may even need to be educated about some malpractices while dealing with passwords. Discourage them from writing down passwords, or using guessable passwords that could put your business at high risk.

Be Critical about Internet Security

The latest security threats can be dealt with using top-notch security solutions. Your employees will not think about security nor will they restrict themselves from accessing the internet or the network. To make things easier for them, make security transparent and automate updates.

Apart from providing a guideline for web use, adopt solutions that prevent unacceptable use. One way of making this possible is by using URL filtering to block unproductive or risky sites.

Develop a BYOD Plan

Employees bringing their own devices to work (BYOD) can also put your business at risk. To handle BYOD risks, you will need to develop a BYOD plan. It will serve as a safety net against mobile system costs and legal repercussions. You will need to draft a customizable, clear and comprehensive BYOD policy that covers subjects like location tracking, internet monitoring issues, and data deletion.

To lessen probable pitfalls, anticipate employee usage of mobile devices. Mobile device management solutions and virtualization are effective in controlling access and network bandwidth for employees.

Most businesses adopt the BYOD trend to increase overall productivity, but very few take the time to assess whether the trends if worth their investment. Keeping this in mind, you will have to monitor your use of BYOD to prevent future device security lapses and justify its deployment.

These are just a few of many ways you can go about ensuring your business is secure online. If you want to take things up a notch, you should also consider getting a Business VPN.

With the help of a business VPN, employees can be given new IP addresses, thus masking their original ones. Since their internet traffic will be hidden and encrypted, it is highly unlikely they will be compromised or attacked. At the same time, they will not have to worry about private and confidential information being monitored or recorded by surveillance agencies, or even ISPs for that matter.

Of course, there is more to online security for businesses than meets the eye. What is important is that companies realize that they will need to adapt if they wish to survive. These days, the measure of success for a business is based on factors like internet security, client confidentiality and so on. Believe it or not, it could also give companies the edge they need to stay ahead of their competition.

Remember, all of this will only work if you take the lead. Lead by example so that others follow you without hesitation. Don’t be the reckless one, and if you do come across a way that will improve the overall online security of your business, be sure to let other people know as well. ELISA COLLINS.

Elisa Collins is a tech professional who loves to write on cyber-security related topics. She is currently associated with Ivacy.com as a content strategist and digital content production head.

https://www.colocationamerica.com/blog/5-tips-for-a-secure-business

:::

QuickSilk provides a sensible, solution for developing and maintaining your own secure content management system. Trusted since 2010.

Traditionally, when selecting a content management system (CMS), agencies and organizations like Ontario's Family and Children’s Services of Lanark, Leeds and Grenville have compromise their voluntary, involuntary and suspected clients confidential information security for the simplicity and affordability of Wordpress and it's 14 000 known vulnerabilities.

QuickSilk says, “No more compromising!”

“We’ve been using QuickSilk for a few years and keep acquiring new licenses because it keeps delivering a solid return on investment for us and our clients.”

Sahir Khan
Executive Vice President, IFSD, University of Ottawa

"With QuickSilk we enjoy excellent value and a secure solution that meets our needs today and is scalable for the future. Using their easy ‘drag & drop’ CMS means that our staff team is in control of our website in a way we never thought possible."

Michael Brennan
Executive Director, Canadian Association of Management Consultants

“According to our testers, QuickSilk did a great job with security best practices ......other areas they excelled in included output encoding and configuration management for their web server."

Marc Punzirudu
Vice President of Security Consulting Services, ControlScan

“As a creative branding, marketing and design agency QuickSilk is a game‑changing CMS for us. We are able to quickly design and deploy robust websites that our clients can easily update and maintain on their own.”

Nadine Buckley
Partner, McGill Buckley

https://youtu.be/xw30JU-bY6U

QuickSilk’s CMS provides the drag and drop simplicity of easy-to-use website builders with unrivaled security, at a lower total cost of ownership (TCO) than WordPress, Joomla, and Drupal.

Our simple-to-use drag and drop interface eliminates the need to hire a website designer or developer, and our website monitoring -  24 hours a day, 365 days a year, software updates, and maintenance, eliminates worries about website up-time and security.

Drag, Drop & Deploy

QuickSilk takes the challenge out of website development. Our product is so simple to use, people without website development experience can build, maintain, and update a world-class website. With QuickSilk, you are no longer challenged by technology or access to skilled professionals and resources.

https://www.quicksilk.com/

:::

Here are the top 5 reasons for which you shouldn’t opt for a WordPress site if your part of a government funded multi-billion dollar private corporation with a legal obligation to protect client information:

Website builders are a perfect solution for - individuals and small businesses - to start a website without hiring a developer. However, finding the best website builder can be tricky for beginners.

WordPress is an open source software. It is free in the sense of freedom not in the sense of free beer. ... Open source software comes with the freedom for you to use, modify, build upon, and redistribute the software in any way you like without paying any fees.

What are the disadvantages of using WordPress?

WordPress is the most popular content management system. This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide. (Talk about putting children and clients at risk...)

Disadvantages of A WordPress Website.

Without a doubt, WordPress is the most used Content management system (CMS) in the world. With millions of users, it is widely praised and appreciated for its advantages. But, while the hype is still strong, many people overlook or are not aware that WordPress has certain weak points that might make them reconsider their decisions or options.

1. Vulnerability

Unquestionably the biggest disadvantage of WordPress is its security. WordPress is an Open Source platform, and it relies heavily on plugins and themes for customization. Both the plugins and the themes are developed by different people and companies and since there isn’t anyone monitoring them, they can easily contain bugs or malicious code lines. On top of this, as stated above, today, WordPress is the most popular content management system. This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide.

2. Can be expensive

While the WordPress itself is free, when looking at the whole picture there are significant costs. WordPress relies on plugins and themes for customization, and while there are some that are free, they are not always reliable or safe. Furthermore, if you want your website to stand out and your visitors to have a great you have to buy a theme, as the free ones are overused. With numerous updates coming out constantly, it can become quite expensive to keep your website up to date. Naturally, if you’re a WordPress designer, or have the knowledge you can make a lot of adjustments yourself, but most people need to use a plugin or a well-developed theme.

3. Needs frequent updates

Simply installing WordPress, is going to help you very much as this platform requires a theme and at least several plugins to work properly. WordPress updates can often render parts of your theme or some plugins usable. The more plugins you use, the more likely it is for you to encounter more compatibility problems. The whole maintenance process in WordPress can be quite challenging, and you have to be ready to make adjustments to your plugins and theme in order to have a functional website. If you don’t have the budget or the knowledge (design, programming), giving the fact that in general WordPress doesn’t offer support, and solutions can only be found on WordPress forums, chances are that you should choose another website solution for you.

4. SEO friendliness

WordPress is definitely an SEO friendly platform, but so is virtually any open source CMS. However, for the people with little to no SEO experience and knowledge, WordPress can create quite a few problems. Probably the most known one is caused by the WordPress’ category and tagging system. If the content is over-tagged or marked into many categories, Google will flag it as duplicate content, a fact that will affect your SEO rankings.

5. Customization needs Coding

To make certain change your WordPress site, you have to possess HTML, CSS and PHP knowledge. If you want to personalize in a unique way, or to enhance its design, you may find yourself needing to write numerous complicated code lines. If you’re in the category of people which possess the knowledge, things can go down smoothly, but if you try to write code without having the right expertise — most people in this category, you can make a lot of damage to your website.

https://www.websitetooltester.com/en/blog/wordpress-alternatives/

https://www.wpbeginner.com/beginners-guide/how-to-choose-the-best-website-builder/

:::

IS THERE ANYWAY TO USE WORDPRESS AND GUARANTEE THE INTEGRITY OF THE SECURITY USED BY THE FREE PROGRAM/APP AND WHAT DOES PROPER INTERNET SECURITY ACTUALLY LOOK LIKE?

The ISG Series Integrated Security Gateways.

(estimated cost $40 000 AND UP)

The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance. The Juniper Networks ISG1000 and ISG2000 Integrated Security Gateways are purpose-built security solutions that leverage a fourth-generation security ASIC, along with high speed microprocessors to deliver unmatched firewall and VPN performance. Integrating best-inclass firewall, VPN, and optional Intrusion Detection and Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and application-level protection for critical, high-traffic network segments.

Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.

Optional Integrated IDP:

The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances.

The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection.

The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, unauthorized users and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.

https://www.terabitsystems.com/juniper/integrated-security-gateways/ns-isg-2000-sk1

https://netpoint-dc.com/blog/wp-content/uploads/2015/11/1100036-en.pdf

No comments:

Post a Comment