TELUS Spends More on Security Than Anyone

So interesting to me. So when I’m invited to blog events, when I’m supposed to be focusing on whatever, instead I gravitate to this fact, “sooo, what are you spending it on?  Here’s where I think the biggest security holes are, what do you think?”, like that.

Which is how I ended up in a phone meeting with Dave Weiss, VP Solutions Development and Marketing at TELUS.

The timing of the meeting was great, because the night before I was at their flagship store launch party.

I like the store, because it’s all white (you’ve seen my home).

It was at the party, that I heard about, “Smart Set Up“.

Smart Set Up – basically, they’ll help you get your phone up and working, before you leave the store. Email installed, voicemail, Twitter accounts setup, whatever it is you need, and all with security in mind.

They’ll help you create strong passwords, remind you to change them regularily, and to be aware of the value of the information now in your pocket (BYODish).

(I’ll throw in my 2 cents here: don’t click on stupid stuff)

This is a good email password: [j~w=A{v(%9cs8_t<3hif

I’d way rather have my credit card compromised,
than my email. Wouldn’t you?

On their end, the one you don’t see, they’re taking sercurity seriously.

You want them to do this, so you never have to. Things like securing data centres and networks, both virtually and physically.

That’s why you’ll never find me on a tiny provider; the smaller companies don’t have the money, and security is almost always the first thing to get cut at budget slashing time.

I talk a lot with my hands, a lot

Think I was demonstrating locking down a data centre here, to the people on the phone :|

View from the meeting.

 

Encourage Your Kids to #WeDay

We Day is Free The Children’s annual “youth empowerment” event. Held in cities across Canada, We Day motivates youth to take action on local and global issues. Each student group that attends is asked to make a commitment of one local and one global action throughout the year in order to help create positive change in the world (source)

These kids earned their way this this event, by being the most awesome at giving and charity, and they genuinely enjoy doing it.  The money rasied is for the Canadian organization, Free the Children: the world’s largest network of children helping children, with more than one million youth in 45 countries involved.

These kids are into learning how to build healthy and sustainable communities, how to “foster a stronger more compassionate nation“, said Marc Kielburger, co-founder of Free The Children.

You’ll recognize some of these supporting faces.

They called it the, ‘Generation Without Borders‘, and the most activist generation, ever.  There will be over 90,000 youth participating this year across Canada.

Here’s 22,000 screaming teenagers.

Know what they’re cheering for? The founder of ‘Doctors Without Borders’.  Their teachers.  Getting water to an impoverished African village.

I KNOW :O

This was the first TELUS WeDay, they just shook hands with ‘Free the Children’ for 5 years.  Congratulations guys!

Backstage I ran into my long-time hair stylist, Brennen Demelo.  He and his team had volunteered for today’s event.  See internet, I’ll only steer you towards good.

I think if your kid participates in one WeDay, spends the months earning their way here, and then experiences an event like this, they can’t come out that bad.

Watch Toronto WeDay on TV:

– Much Music, November 11 at 7pm

– CTV, November 24 at 7pm

Maybe one of the most pure atmospheres I’ve ever been in.  Even my robot eyes misted up.

WeDay Coming Soon:

• We Day Waterloo Region: November 14, 2012, Kitchener Memorial Auditorium Complex
• We Day Montreal: November 20, 2012, Theatre St Denis
• National We Day: April 29, 2013, Robert Guertin Arena in Ottawa

(an aside)

To me, online means public

It’s big internet out there, and I worry how the kids put so much of their life online.

Parents please: keep an eye on video chat, not a lot of good ever comes out of video chat; remind them they should have minimum-8-character passwords; that their photos will follow them, the internet doesn’t forget; and no one under the age of 10, needs a Facebook account.

IMPORTANT: make sure their EXIF data, and geo-location services, are turned OFF.

EXIF data – information attached to an uploaded photo.  GPS location, time, model of phone, more. Can be used to track the person, in real time, using a simple web app.

Also parents – if you hear at work about the TELUS WISE program, ask to attend.  It’s the first security-awareness program of its kind in Canada, and it will help you help your kid, to make good online choices.

 

Talking with Telus About Security

Last week, Telus invited me to to an information security talk at Reasearch House, one of North America’s largest data-collection facitilities.

I said yes, without fully understanding what I was walking into; check this out:

Sooo, basically I sit in this comfortable chair, on the good side of one-way-glass, and straight-up get to stare and people-watch, while they talk about my favourite topic?  Yesssss.

These are senior-level Security and IT decision makers, from 6 large Canadian organizations, that I know you know.

Security is a difficult discussion for companies to have publicly, because when you point out your vulnerabilities, it opens the door to potential attacks.

That’s why I’ve blurred out their names and faces (learn how to edit a photo you’re posting online here)

These are the kind of guys who protect the company’s information, and yours.  They’re not a help desk, and every phone call they receive is a, “it’s the end of the world” call. Maybe bring them doughnuts sometimes.

Today’s topic was BYOD – Bring Your Own Device.  

Example: your personal cel phone, (not supplied by your employer),
is allowed to send and receive corporate email,
and connect to the corporate network

AKA: Bring Your Own Disaster

EMPLOYEES

BYOD is a bigger deal than you may realize.  Thousands of devices, that are probably less-than-secure, connecting to the corporate network and WiFi.  That’s now at least 3 more operating systems to accommodate, manage, and secure. Even worse, now confidential company information is walking around in someone’s pocket, going to the bar, you have a lock on your phone, right.

Mobiles are not immune to malware and virus’.  One click on something stupid in social media land, and the virus comes in through your phone, out to the company network, and off it goes spreading bad news.

(One day, you’ll connect through a VPN. We’ll get into VPNs here soon)

EMPLOYERS

Maybe re-visit your employee-exit policies and procedures.  I feel this might be a hole that needs plugging.

Even if you are parting on friendly terms, you still must immediately address the large amount of sensitive information on their personal device(s), and what those devices have access to.

I talked about this in my Autonet.ca article, “Toyota Secure Website Hacked”:

“If he was fired Thursday, and he used his passwords to enter the site at midnight, that would make it seven hours during which his credentials weren’t changed. That is not best practice for employee termination; account access should be immediately disabled upon notification of termination.”

And to terminated employees: don’t be offended when they do this, it’s best. You don’t want the responsibility of owning that information, especially on a mobile device.

If you take only one thing from this post:

Much of your company’s security comes down to you, the end user / employee / weakest link.  I know practicing good security can be annoying and slow things down, but there’s more resting on your shoulders than you may realize.

And thanks for having me Telus, this was so neat.

 

Spent All Yesterday Typing and All Today Out

Head down all day Monday, posture so poor OMG it is ever hard to remember sit up straight. Look at your posture as you are reading this. It’s gonna catch up to us so bad.

Went for a walk around 6pm.

I am really good at moving through crowds, like a laser.

Swiss Chalet dinner.  I have only ever ordered ‘quarter chicken white meat fries’ my entire life, since I was a kid, only ever.

Went looking for fall shoes. That the “in look” for ladies this fall is suede, so dumb. They’ll be wrecked in record time, it’s like wearing butter.

Saw this, this was neat:

That’s the new Puma and MINI clothing line collaboration, I wrote about it for the paper. Then I turned the corner at the Bay, and there it was, in real life.

Started using my full name on YouTube:

Come on that’s funny.

And pretty rare, that my official Google profile has ‘Blog’ as my last name.  It took some work, here’s a blog post about it: I’m Part of the 0.0002% .

If Google says it’s true, it’s true, right?

This morning was really fun. Telus invited me to a research facility, where I listened in while senior security people from large enterprises, talk about the issues they face with mobile security and BYOD (bring your own device, eg. users add their phones to the corporate network. A nightmare).  That post coming soon.

Then it was over the hill to Grandma’s house, errands, and all of a sudden the sun was going down. This fall is going fast, eh.

I’ve got a couple car articles to link up, a karting video to finish editing (the post is done), and kay I gotta go, I have another article to finish tonight.  Plus my internet at home hasn’t been working for 24 hours now, and I should hit publish before it goes down again.

Oh and tomorrow I’m attending my first AJAC meeting – Auto Journalist Association of Canada.  Pumped.

TTYT

Keri