3 – 6% of your IT Budget = Security

About 3 – 6% of your annaul IT budget should be allocated to security.

That’s the finding of the 2014 TELUS-Rotman IT Security Study. Which also found that spending more didn’t necessarily equate to better security. Spending less is an obviously bad idea.

Unfortuantely, the security budget is usually the first thing to get cut.  Which makes no sense, because why bother building something, if you’re not going to protect it?

Moreover, as a small business owner you have a responsibility to protect your customer’s information, especially if you’re processing credit card numbers.

How much are you currently spending?

Compare yourself to the rest of Canada:

About 30% of organizations spend the minimum, I hope you’re higher than that.

Protect your kingdom guys!

Because always remember,
it’s not IF you’re breached, it’s WHEN.

Blog tag = TELUS Security

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.

 

 

It’s not IF You are Breached, it’s WHEN

That’s one of the oldest saying in security, because it’s true.

Thinking you are going to be forever immune is delusional.

Do you not lock your front door? Lock your car when you park it downtown? Take a different walking path at night than during the day? Why would online actions require less diligence and care?

Here’s the mean number of breaches to Canadian companies, over the last 4 years.

Note that none of them are 0.

If you are a small business owner:

You have a responsibility, especially if you are accepting people’s credit card numbers. Because you may be more of a target than you realize… think like an attacker: is it easier to go after 1 large business, that likely has security systems and staff in place? Or 10 smaller businesses, who probably have no clue and are lazy about protecting their assets?

The type of breaches Canadian companies experienced last year.

1 – one careless click, on one stupid link…
2 – how old-fashioned! Never leave your laptop unattended
3 – from the inside…
4 – lock your WiFi network. And change your router password too, how to here
5 – the counter to this attack is listening to your gut. Blog tag = social engineering

***

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

More about that here.

 

 

How ‘Security Responsible’ are You?

TELUS has released their 6th annual study of Canadian business security practices.

The report focuses on which best practices businesses have in place, that go beyond just compliance (as in, the bare minimum forced on you by the government.)

Ideally, your business is in the quadrant with the *.

How does your small business compare?  Take this test to find out.

Give yourself a score between 0-7 (0 being terrible, 7 being excellent), then compare how you operate to other Canadian businesses.

Do you…

1 – monitor and/or have rigorous procedures to act on new threat information

2 – understand the security drivers impacting your business

3 – conduct regular security awareness training for employees

4 – involve security early and throughout the development of new infrastructure/systems

5 – communicate social media policies to their employees

6 – have and/or execute on a comprehensive mobile security strategy

7 – conduct enterprise mobility security testing and Threat Risk Assessments (TRA)

Now compare:

The more “security responsible” companies have: less breaches, retain staff longer, better managed risk, and are positioned better to take new risks (side-note from me: they have better business karma, because accepting a credit card and being careless and lazy about it is terrible.)

And ideally, you have ongoing employee training sessions, because the human is always the weakest link.

Note:

This is an excerpt from my interview with Hernan Barros, Directory of Security Solutions at TELUS, and Walid Hejazi, Associate Professor, Rotman School of Management, University of Toronto, about their new study, the 2014 TELUS-Rotman IT Security Study.

The study is in its 6th year, and TELUS remains the country’s only telecom to proactively study security, and this is the only Canadian study this in-depth on a single country.

How it was conducted: 400+ security professionals were surveyed in the 2nd half of 2013, looking for both qualitative and quantitative data on how companies are executing their security strategies. Respondants were Private 48%, Government 23%, Publicly Traded 20%, and Non-profit 9%.

Blog tag = TELUS Security

 

 

My First Data Block

What Happened – using my mobile blog app, I hit publish on a blog post, and it failed to upload.

Fine, I’ll post from my laptop then.

Tethered my phone > opened a new browser > this page is there:

  1. an alert: you have exceeded your monthly data plan by $50, you’re now denied access to all data
  2. to restore data, text TELUS “Yes”, you understand, and agree, to additional data costs
  3. or instead of text, call. Which I did, because I’m not clicking on something so odd

And it’s TELUS, so I got back an educated, helpful answer:

To avoid bill shock, the CRTC has set a cap on additional phone charges. Once the cap is reached, the data connection is shut off unless the consumer actively agrees to spend more.

Caps are: $50 data – $100 phone calls

That feeling, when I had no data: gah

All my accounts out there, all logged in, alone and unattended.

To get online I’d have to leave the house, and even then it wouldn’t be on my phone, my usual tool, where all my information is… find a computer, import contacts, good thing I have a copy of my contacts… do you… here’s how to properly backup.

A giant wave of “how will I run my life tomorrow, if I can’t use my phone?”.

I wouldn’t be able to. Gah.

 

 

A BlackBerry Q10 Review

While physically it’s a beautiful phone, and the OS is greatly improved since my old Bold…

BlackBerry’s security is why you buy.

Of the 3 big ones (Android / BB / iPhone) BlackBerry does end-user security best.

3 small examples:

1 – find most of the features I’m talking about in there
2 – the security section of the help file has 32! items, huge
3 – more feedback and control over

I didn’t realize I missed having more control over my phone, until I did (currently on iPhone).

Security aside, the Q10 made me miss having a BlackBerry. Remember the BBM days? (I’ve had a cel phone for 15 years, see my history here).

Saturday night Skyping.

It was nice to type on a physical keyboard again.

BB Q10

(aside: best part of getting a new phone is this)

Modified my GoPro for filming.

It worked well as my car stereo.

Before I hooked it into my home WiFi, I took the opportunity to change my router password.

(here’s how to do that)

Lastly, the OS.  I had an epiphany about the OS when writing about cars a couple weeks ago… click here to read about BlackBerry’s QNX OS, which is poised to become the go-to-OS for all auto infotainment systems… this is HUGE, this is what could bring BlackBerry back to its former glory.

I feel excited for you BlackBerry; I think this Q10 is terrific,
and good luck with your comeback! #GoCanadaGo

PS – fellow car-nerds: it’s a 2013 Infiniti M37xS, here’s the blog post about it

PPS – Thanks to TELUS for this opportunity