TOLL FREE 1 877-777-6412

How do I protect my email data?

We all send generous amounts of information through email every day. These emails are sometimes harmless, but often they are essential to your concerns. So, have you ever asked yourself whether emails constitute a secure channel for sending all this data?

The risks associated with sending sensitive information through email

It is very easy to accidentally send an email to the wrong recipient. You also have no control over what happens to your emails once you send them. Your recipients may well transfer them to all their contacts. A malicious user could intercept your emails as they are sent over the web (ex. from your recipients’ Starbucks Wi-fi connection).

The impacts of divulging sensitive information through email

Loss of credibility

For example, you are an insurance broker and you accidentally send an email to one of your new clients (Frank) that was intended for another client (John). This email happens to contain a lot of information about John’s insurance policy, such as details about his health. Frank realizes that you are not conscientious about protecting your clients’ files and he loses confidence in you. After speaking to colleagues about this, Frank ultimately decides to not renew his contract for the following year.

Furthermore, questions remain: Should you notify John of the incident? What will he think of this?

Identity theft

You send the personal data of new employees to your group insurance provider and a malicious user intercepts the email. That user now has all the information required to fraudulently steal their identities. Ultimately, the fraudster obtains a credit card and makes online purchases on top of securing a loan from Desjardins, all in the name of your employees!

So, how do you now go about sending information by email?

When it comes to good cyber security practices, there is one very simple rule: Never transmit personal or confidential data in the body of an email. It is not a secure. Rather, include the sensitive data in a separate document and save it to a portal that only your client can access, or encrypt the document using a highly secure password.

In other words, you should always start by asking yourself before sending any email whether the unauthorized divulgation of the data contained therein could cause serious damage to your enterprise, clients or partners. If in doubt, apply the same rules as if you had answered yes to the question.

Though it is not always easy to know what to do, here is an incomplete list of information that should never be sent through an unencrypted email.

Personal data

  • A name associated to a birthdate, an address, a bank account number, or a driver’s licence number.
  • Information contained on a passport.
  • A social insurance number.

Confidential information

  • Information about a contract.
  • Detailed descriptions of manufacturing processes.
  • An enterprise’s development and commercial strategies

The importance of training employees about the risks of email

You are now aware of good cyber security practices and you should now be in a better position to protect your personal and confidential information! But what about your employees? Are you sure they are aware of all the risks? Your employees have access to much data that must be handled daily. It is essential that they be as aware as you about these risks. The CyberSwat Group launched a cyber security prevention program that helps SMBs from Quebec better protect against this type of risk. We are offering you both a cyber security awareness program and tools to assess the level of risk your employees represent.

Follow us on TwitterFacebook, or even LinkedIn.

A new trend: Your DNA for free participation in a contest?

A new trend: Your DNA for free participation in a contest?

What was meant to happen happened: more than ever, YOU are the product. The era of cookies and web traffic analysis thanks to Google Analytics has passed. New heights have been reached with a contest organised by Momondo, a travel search website. This enterprise, based in Denmark, has launched a contest that could permit you to travel to every country connected to your genetic heritage.

“Huh? How would they know where I come from?”, you ask? Nothing can be easier: they send you a genetic test kit to collect a sample of your DNA for testing. They then communicate to you the list of countries connected to your genetic heritage!

Moving videos, but…

The campaign is nonetheless well designed. The videos are moving, even inspiring, and they invite inclusion. After all, we are citizens of the world! However, we should ask ourselves how genetic heritage and the results of testing can be used by this third party. Moreover, do we know how this information is safeguarded?

Thankfully, the terms of use of the contest (warning – it is very difficult to read) states that Momondo shall not have direct access to your DNA. Rather, the enterprise mandates an American medical laboratory called Ancestry International DNA, LLC, which has its own terms of use and informs its users that DNA samples and test results could travel the United States and Ireland. Though we would have liked to learn more about the cybersecurity measures implemented to protect your data, these elements do not seem clearly defined by the terms of use of either enterprise.

Why be concerned by this?

DNA-ADN

In this particular case, there may be nothing to be worried about. All this data might be adequately handled and perhaps no data will be leaked. But do we really want to provide a third party with this information in return for a single chance of winning a contest? What would happen if, one day, you share your genetic heritage in another contest and a data leak occurs? Who knows what a malicious government, business or individual might do with such information?

In technology, we use the term “vulnerability” to name a weakness that malicious hackers have found in software. They quickly exploit this vulnerability and software providers must create a patch to repair the weakness and distribute it to clients. Does our genetic heritage contain vulnerabilities that could be exploited by someone else? How could we protect ourselves from these vulnerabilities? In technology, we can update systems, deny access and change passwords: it is not so simple with DNA!

So, do you wish to participate in this contest?

 

Please comment on this article on Twitter, Facebook or Linkedin.

Assurance en cyberrisque

Vous êtes courtier en assurance et la cybersécurité est l’une de vos préoccupations? Vous cherchez à mieux comprendre les enjeux de sécurité de vos clients afin de mieux les conseiller? Nous pouvons :

Si vous avez une entente avec nous :

Gestion d'incidents de sécurité

Vous voulez être prêt en cas d’incident de sécurité dans votre entreprise? Vous cherchez un accompagnement dans la mise en place d’un plan de gestion d’incident afin d’en minimiser au maximum les conséquences? Nous pouvons :

Pour nos clients avec contrat de service:

Assurance en cyberrisque

Vous êtes courtier en assurance et la cybersécurité est l’une de vos préoccupations? Nous vous aidons à comprendre tous les enjeux de sécurité chez vos clients pour que vous puissiez leur offrir le meilleur service possible.

Client :

Courtier :

Sécurité des services infonuagiques

Ne prenez pas à la légère les enjeux de sécurité du Cloud! Avec nous, vous bénéficierez de la souplesse du Cloud tout en diminuant les risques. Vous et vos clients serez rassurés de savoir vos données en sécurité.

Gouvernance de la sécurité

La sécurité informatique doit faire partie des préoccupations de la direction de votre entreprise. La mise en place d’une politique de sécurité et de la catégorisation des actifs sont notamment des éléments importants d’une stratégie efficace en cybersécurité.

Sensibilisation à la sécurité

Saviez-vous que l’hameçonnage est le vecteur n°1 pour réaliser des fraudes dans les entreprises? Diminuez les risques d’être victime d’incidents de cybersécurité grâce à nos ateliers de sensibilisation spécialement conçus pour vos employés.

Nous mettons toujours l’accent sur la vulgarisation des concepts et des enjeux de sécurité

Service-conseil en cybersécurité

Votre entreprise recherche un accompagnement à plein temps pour la gestion de la cybersécurité? Faites appel à nous! L’un de nos précieux talents se fera un plaisir de venir travailler dans votre entreprise au quotidien.

Notre équipe est composée de conseillers en architecture de sécurité, d’analystes en sécurité, de conseillers en gouvernance, de spécialiste en Gestion des Identités et des Accès, de spécialiste en test d’intrusions, etc.

Sécurité des services infonuagiques

Ne prenez pas à la légère les enjeux de sécurité du Cloud! Avec nous, vous bénéficierez de la souplesse du Cloud tout en diminuant les risques. Vous et vos clients serez rassurés de savoir vos données en sécurité.

Évaluez les risques de votre entreprise

Protégez vos données les plus importantes et épargnez les coûts d’un incident de sécurité. Cyberswat vous aide à identifier les situations à risque et vous donne des recommandations concrètes et faciles à mettre en place.