October is Cyber Security Awareness Month

Message from Ralph Goodale, Minister of Public Safety and Emergency Preparedness

Week 4: Oct. 23-27
Digital Citizenship in an Increasingly Digital World

When navigating the internet, it's important to ask yourself:

  1. Is it legal?
    The availability of unauthorized, copyrighted content makes illegal downloading, digital cheating, and plagiarizing easy. That doesn't make it right. Understanding what content is safe to access or download is important to obeying the law and practicing good online behaviour. It also prevents risks such as copyright infringements, downloading malware, potential lawsuits, or criminal consequences. It's your responsibly to use a legitimate media source when you access and download content.
  2. Is it hurtful or embarrassing to someone else?
    42% of youth say they have been bullied online. Cyberbullying can damage a young person's self-esteem, reputation, and mental health. Be aware of the ethical and legal implications of posting inappropriate pictures, saying mean things, doxxing (sharing someone else's personal info to invite harassment), and other acts of cyberbullying.
  3. Is it harmful to my or someone else's reputation?
    It's also possible to cause harm unintentionally by oversharing your (or other people's) lives and private information.  It's important to get consent before sharing someone's posts, photos, or other content. Everyone deserves to have a say in how and where their information is being shared.
  4. Does it put personal information at risk?
    Many sites have default settings that provide more access to your information than you may like. Where possible, do a privacy check and customize your settings so personal information, such as your phone number and address, are hidden. Read the privacy policy or terms of use agreement of any social media sites or apps you use, and make sure you're not sharing more than you'd like to.
  5. Is the online me the authentic me?
    The ability to be anonymous online can make it easy to ignore ethical thinking. However, this does not make us less responsible for our actions. Some actions can have serious social or legal consequences. While you may have good reasons to use a separate online identity in some online or social media communities (when permitted by the terms of use), that doesn't mean you can't be true to yourself and practice the same empathy and ethics you have in face-to-face interactions. You may find that the “real you” is much more appreciated online!

The Government of Canada has an informative Guide for Parents - worth looking into.

Week 3: Oct. 16-20
Privacy Protection and the Internet of Things

The Internet of Things (IoT) refers to physical devices (also called “smart” or “connected” devices) that connect to each other via the internet. They collect and exchange information with one another and with us. Smart devices can be remotely controlled and monitored, or work automatically, through a variety of software, cameras and sensors.

Types of IoT technology

There are many types of smart devices, and more emerging every day.

IoT in the Home

  • Entertainment systems including a television, gaming system, speakers and headphones
  • Heating and cooling systems such as the a thermostat, ceiling fan, carbon monoxide detector and smoke alarm, and lights
  • Home security systems including alarms, smart locks, garage door openers, baby monitors, cameras, and home assistants
  • Smart home appliances like a refrigerator, coffee maker, oven, and vacuum

IoT on the Go

  • Connected smart cars, buses, trains, and airplanes
  • Wearables like a fitness tracker, watch Healthcare devices like heart and blood pressure monitors are converting to smart devices as well. Even your pet can be connected with a tracking collar.

How IoT technology works

Web-enabled smart devices transmit information gathered from their surroundings using embedded sensors, software and processors. Smart devices communicate with one another (machine to machine) or with us through our smartphones. After initial setup, most smart devices work automatically, collecting and sending information.

Why IoT is popular

Because of the automatic nature of the IoT, smart devices have many advantages. Coffee starts brewing when your alarm goes off in the morning. Your child forgets their keys, but you can unlock the door from work. You can remotely monitor your home and your family to keep them and your belongings safe. You can streamline your home's functions to make things run more efficiently. The IoT can change how you organize and schedule, and adding convenience and connection.

What are the risks?

With the automatic flow of information and connection between IoT devices comes a new set of cyber security risks. If you can access all your data remotely, a cybercriminal might be able to as well. The very nature of the IoT is connectivity, but with so many devices on one network, hackers could have multiple access points to your information. That's why security settings can be important. For example, a thermostat connected to your home network that is not properly secured could be a gateway to your identity, money, your address and other devices.

Not only is a breach of information a risk, but also someone taking control of a device and its functions. For example, someone hacking your smart lock system may not steal information, but they may be able to unlock the doors and steal your belongings.

How a cyber attack works

Using malware, hackers can turn devices into remote-controlled "bots”. These “bots” can be used to spread viruses and other malware, and even conduct a distributed denial-of-service (DDoS) against other systems. Once compromised, a device's camera and microphone can also be used by the hacker. In fact, some baby monitors, children's toys, as well as certain insulin pumps and pacemakers have been shown to be hackable. An added concern is that some manufacturers of smart devices reserve the right, in the terms and conditions, to store data and share it.

Protect yourself: #ConnectSmarter with the IoT

As more and more everyday objects become connected IoT devices, there are simple things you can do to protect your privacy and security:

  • Change the manufacturer's default user names and use strong passwords for your Wi-Fi network and smart devices. Don't use anything that could be associated with your name, address or phone number.
  • Enable a lock-screen password on devices.
  • Use up-to-date security software on your home computer and connected devices. Update operating systems of all your devices.
  • To limit the damage of a cyber-attack, separate your IoT devices from your main network. Ask your service provider for help to create a ‘guest' network for your IoT devices.
  • Understand what personal information is being collected and why it's needed before you buy IoT devices or download apps. 
  • Turn off geolocation when it isn't needed; if an application can see your location, a hacker could too.
  • Set the camera and microphone off when you are not using it.
  • Maintain good cyber security practices (e.g. don't open attachments from people you don't know, don't use automatic login, etc.)

Week 2: Oct. 9-13
Cybersecurity in the Workplace Is Everyone’s Business

From the boardroom to the lunchroom, creating a culture of cybersecurity in the workplace is essential and is a shared responsibility among all employees.  Protect your business, your staff, and your customers from threats to their privacy by following these five best practices.

1. Keep software and operating systems up-to-date

When a security update to your operating system or software becomes available, make sure all employees take the time and effort to download and install it without delay. These updates can address vulnerabilities to emerging threats, and staying updated is your best defence.

2. Secure your wireless networks

An open network is an invitation for anyone to connect to your IT network and possibly compromise it. Secure your wireless networks with strong passwords. Avoid having them written down in plain sight. If you have a “guest” network for visiting colleagues and customers, consider a regular password change since their devices may save login data indefinitely.

3. Set up firewall and other security

Firewalls protect your internal networks from threats. Make sure to install them not only on your servers, but on all office computers, laptops, and mobile devices as well. Make sure your computer systems are installed with most up-to-date antivirus and anti-spyware software.

4. Secure access to your devices and computers

Ensure  your office space is safe from unauthorized visitors, and that easy-to-grab laptops and mobile devices are stored securely and installed with remote tracking software. As well, encrypting portable devices such as laptops, USB keys, and DVDs is easy to do, and can significantly reduce the damage done by a lost or stolen device.

5. Educate your employees on cyber safety

Even the most sophisticated security software won't protect your business if employees click on improper pop-ups or fall for phishing scams. Train your employees on the threats they face and the safest way to use the company's internet and email.

For more tips on running a cyber safe business, the Government of Canada provides a Guide for Small and Medium Businesses.

Week 1: Oct. 2-6
Get Cyber Safe and STOP. THINK. CONNECT.™: Simple Steps to Online Safety

Canadians are among the highest users of internet-enabled computer technology.  Staying safe and secure online is paramount to ensuring your online experience remains a positive one. Below are three easy-to-follow, actionable steps everyone should consider:

STOP: make sure security measures are in place

Keep a Clean Machine

  • Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

THINK: about the consequences of your actions and behaviors online.

Protect Your Personal Information

  • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Make  your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords. 
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.

CONNECT: and enjoy the internet.

Connect With Care

  • When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your $$: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” or “shttp://,” which means the site takes extra measures to help secure your information. “Http://” is not secure.