Blog

Home / Blog

Secure websites

Tech Tip
I'm often asked about secure websites. For example, should you trust the connection with your computer and your bank's website? The article is going to get a little technical, but hopefully will give you the tools to know which websites are secure, and which aren't, from now on. There has been a secure encryption using protocol around for a long time called secure sockets layer (SSL), which has been modified and labelled Transport Layer Security (TLS) which can be used in most client/server relationships. By adding the HTTP protocol over TLS, this makes the web based session encrypted. The S in HTTPS stands for secure. This is the difference between HTTP and HTTPS, which should be easy to see in the URL bar at the top of most browsers. Does…
Read More

Asset Cataloging

Policy
I recommend you start asset cataloging before you have a vulnerability assessment done on your organization as you need to know what the assets are you're trying to protect. The cataloging process is similar to the vulnerability assessment process in that you want to identify, quantify and prioritize all of your assets. This is done by first creating a comprehensive catalog of assets. A good place to start is with your financial statements, as you'll have your catalog already started from the assets listed there. Assets are the nouns of your organization, the people, places and things. Your financial statements will likely list the larger assets, such as furniture, computing devices, vehicles etc. In the information economy, you'll also want a list of your digital assets, such as your intellectual…
Read More

Browser plugins for device protection

Tech Tip
These are the three browser plugins for device protection I recommend you install. The first one is arguably more important than anti-virus, and takes a while to get used too as you have to enable scripts on pages you trust. This is an updated post from April 2012 post called the browser tracker test. An important caveat before installing any browser plugin, is that if you read the warnings from your browser, it is likely that the developer of that plugin will have access to every website you ever visit while having that plugin enabled! That being said, if you're going to install plugins to improve your privacy and security while browsing, these are the top 3 recommended browser plugins for 2013: Script blocking (browser plugin that blocks scripts by default, the most important…
Read More

Who can read your chat?

Privacy, Tech Tip
The next time you think you're having a private online chat with a family member, you might want to think about who can read, watch, or log that conversation. The most popular solution in North America is skype, so let's take a look at it's privacy policy. From section 8: Skype may use automated scanning within Instant Messages and SMS Last year, Microsoft also started a commitment to bi-annual law enforcement requests report after industry pressure. They disclose that the governments of Brazil, Ireland, Canada and New Zealand have received content from within chat logs. As you know, I only recommend communication happen with open source encryption. Skype's encryption is closed source, and we know that they have the ability to intercept messages in real-time as demonstrated in an article this week.…
Read More

What information can my organization collect from a person under BC PIPA?

Lunch & Learn
If you've ever wondered, "What information can my organization collect from a person according to British Columbia's Personal Information and Protection Act privacy law?" don't miss the second event in the Lunch and Learn series, May 22. I'll be hosting a free online video conferencing event to talk about PIPA's consent section, and we'll finish with a Q&A. The presentation will be an estimated 20 minutes, with at least 10 minutes available to answer any questions you have on B.C's consent requirements. Feel free to join, and drop off the call at your convenience. A few of the questions I've been asked already: Can I collect email addresses from business cards to add to an email list? Do I need the person's consent to subscribe them to my newsletter? Is verbal consent…
Read More

The top 3 steps to protect your computing device

Tech Tip
If you're wondering what the top 3 steps to protect your computing device, this post is for you. It's important to note I said device and not computer, as the same should apply to any device with a browser, including a smart phone like an iphone or android. 1) Update all of your software when alerted an update is available. When it's realized an attacker figures out how to exploit any version of any of your installed software, the vendor will release a patch or update fixing this vulnerability. If you're still not patched, that means any other attacker to come across this exploit can easily attack you. 2) Enable script blocking in your browsers. Most web based attacked still seem to be through malicious websites using javascript or flash.…
Read More

Integrated Case Management

Policy, Tech Tip
For over four years, the BC Liberals have been working to build a monster database of all of our personal information. Instead of it being limited to one Ministry, minimizing the exposure in the case of compromise, someone privately made the decision to put all of the data every ministry has, into one place. Many years ago, the federal government tried to do the same thing, and as soon as the public was informed, the outrage resulted in the longitudinal labour force file database being dismantled. The more personal information in one database, the bigger target it becomes. Can you imagine if every bit of information every Ministry in BC has on you was in one place? It would be the single biggest target in the province. Civil society groups have been advocating…
Read More

Next Lunch & Learn Topic: Does PIPA Apply to Me?

Lunch & Learn, Tech Tip
If you own or operate a business in British Columbian or have a sole proprietorship  and you wonder, "Does PIPA apply to me?," this talk is for you.  This conference will define who is bound by BC PIPA and who is exempt.  We'll discuss what it means to be PIPA compliant and the steps you need to take if you don't currently comply.  At the end of the call, we'll have an open Q&A session, with the opportunity for additional one-on-one discussion if desired. To attend the call on April 24th, 2013 at noon Pacific time (3p.m. Eastern), sign up for our Lunch and Learn series and we'll send you the login details. You can learn more about the Personal Information Protection Act here.   If you want to review the slides in…
Read More

Facebook for Android

Privacy, Tech Tip, Technology
Have you ever really paid attention to what information an application is requesting? While I'm singling out Facebook and Android in this article, please think about any applications you've added to your smart phone, as the same applies. For example, in the latest update of Facebook for Android, they have added yet another permission - they want the information of every other application you're running on your smart phone. This is just one in a long list of information they already collect, such as your precise location, the number you're connecting to when on a phone call, and as the ability to read and modify anything in your contacts list.  There is also the ability to call phone numbers without your intervention (possibly resulting in charges if the number dialed is…
Read More

What antivirus software do you recommend?

Security
A local LinkedIn group has a discussion recommending a specific anti-virus software. That made me wonder, what antivirus software do you recommend, and why? What metrics are being used to define a particular antivirus (AV) as good or worthy of recommendation? Good AV is that which blocks most viruses, providing you definitions faster than their competitors. Anything else is just emotion... It's also important to remember that AV is effectively useless without regular deep/full scans using the latest virus definitions. If your AV provider discovered the fingerprint of a new computer virus on your computer right now, and tomorrow you download the latest definitions which describe it, you would still need to scan your computer to have that definition match with the virus on your computer. Remember you need all…
Read More