Six things you’re doing wrong when it comes to backups

No matter how agile your business is, or how good your employees are, one backupsaccidental tap of the “delete” key on your customer database, or one ransomware infection could cripple (or worse, end) your business.

There has to be a way to avoid this, right?

There is! It’s called backups.

I know, I know, I can hear the groans. Backups? We already do those!

You might be backing up already, but I bet you’re doing it wrong.

See, most people and businesses know they need backups, but don’t back up at the right frequency or do one and then put doing more off entirely. 

Or they think that their yearly backup is sufficient to get them back on their feet and never test it until ransomware has taken out all their computers, only to realize that their backup is too old or doesn’t work.

So, how could you be doing backups wrong?


Only doing full backups

When most people think about backups, they think about full backups. 

These backups are where you include everything on every computer, device, and online storage you have. It would be best if you also created full backups of the configuration of IoT devices, online account settings, and files.

A full backup is what you would use to restore each computer, device, or account from scratch.

While full backups are the best to recover when things go south, with data changing so rapidly and the amount of time and effort it takes to do full backups, they’re not always feasible to do regularly.

That’s where incremental backups come in. 

Incremental backups only backup changes since the last full backup. They’re beneficial because they’re much quicker (so you can do them more often) and usually smaller. 

If you use backup software, you shouldn’t have to worry about the full and incremental backups (of course, confirm with your documentation!). Your software will usually do a full backup every so often, and then use incremental backups to keep updating that full backup. 

However, if you’re one of those that backups files by hand, be sure to start doing both full and incremental backups!


Not backing up frequently enough

Of course, you should backup as often as you can since the more you update your backups, the less information you’ll lose in the event of an issue. Though, doing that is not always realistic. 

That’s where using a combination of full and incremental backups at different frequencies can help.

The idea is to take full backups at regular intervals and then at shorter intervals take incremental backups to adjust for changes.

The most common recommendation is to complete full backups every month, and incremental backups every week. 

Ultimately though, you should choose a backup frequency that works for your business and will give you the best head-start if you need to rely on that backup.

Some things to consider when choosing a backup schedule:

  • The data on each computer or device, its importance, and how frequently it changes.
  • The chances of something happening to your computer or device.
  • The amount of data you could lose and still be able to operate effectively.

The more critical the data is to your business, and the less data you could afford to lose and still be able to operate, the more frequently you should backup.

For example, if you have a computer that only provides read-only access to historical records that never change, and each backup would be identical, then full backups each month probably aren’t the best use of your time.

However, if you use one laptop for your entire business and you’re prone to forgetting it at coffee shops, then at least daily incremental backups are a good idea.


Not creating offsite backups

In today’s world of access to the Internet everywhere and always-available online services, it’s easy to forget that the real world is fallible.

Fires, floods, natural disasters, break-ins, and thefts can and do happen.

Believe it or not, storing a backup in an offsite location could be your saving grace in one of these situations. It won’t help you avoid any of these issues, but the moment your office suffers a fire, or all your computers stolen, you’ll be glad you have another copy of your data elsewhere. 


Not creating offline backups

Just a few years ago, creating backups and storing them on a network-connected storage drive was sufficient. 

However, with ransomware steadily increasing (XX% in 2019!), things have changed.

These days, if you were to leave your backup on a network-connected computer, and your network becomes infected with ransomware, that ransomware could end up encrypting your backup. 

If that happens, you’d be unable to restore your computer using that backup. You’d be in the same situation as if you didn’t backup at all.

Talk about a waste of time!

The best way to protect against this is to keep a copy of your backups offline. Not just on a computer or device that is powered off, either. But on a device (such as a portable hard-drive) that is unplugged from power and your network.

That way, there is a reduced chance of the backups accidentally being encrypted in a ransomware infection because someone turned on or plugged in the backup drive.


Not testing backups

Of those that do backups, few test those backups.

When I say testing backups, I don’t mean testing that your backups are completing successfully, but testing that the backups you’ve made are going to work to restore your computer. 

That way, when you need them, you know they’re going to work, and you can quickly restore and get back to business.

Don’t wait to test your backups when you need to restore!


Not encrypting backups

One final thing you’re probably doing wrong with your backups is encryption. If your backups include any confidential or sensitive information, it’s essential to encrypt them before they’re stored. 

The main reason here is loss or theft. If the hard drive containing your backups is stolen or lost, there is a reduced chance of your confidential or sensitive information getting into the wrong hands.



Now while most the backups here are dependent on your risk level, many of them are essential regardless.

Are you doing backups correctly? Leave a comment here and let me know if you are going to be adding anything to what you do for backups!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Do You Have a Cybersecurity New Year’s Resolution?

new year resolution

The new year is here. You’ve already started working toward your New Year resolution for this year. Did you include a cybersecurity resolution?

If not, why not? 

If nothing else, what we’ve seen from the past few years is that with the increasing amount of information about ourselves that we share online, and with the rate cybercrime is increasing, it’s only becoming more critical that we protect ourselves. 

Regardless of who you are, what you do, or how much you use the Internet and connected devices, cybersecurity shouldn’t be an afterthought. 

So why not use a New Year’s resolution to make some headway on your cybersecurity?

Why add cybersecurity as a New Year’s resolution?

No doubt, you already knew that creating New Year’s resolutions could be useful. One reason for this is because the new year feels like a fresh start and a clean slate.  

We already have the sense that the new year is an opportunity to enact whatever change or self-improvement we desire.

If you’re not so sure a New Year resolution is useful, consider this study conducted by researchers at the University of Scranton.

They found that at six months into the new year, 46% of the people they studied who made a New Year’s resolution were continuously successful compared to only 4% of those who did not.

They found that those who made a New Year resolution were ten times more likely to achieve the changes they set out to make compared to those who wanted to change but didn’t create a one.

Another reason is that a New Year’s resolution also affords us the time to plan and easily track on any calendar. Are you halfway to your goal in June? Not sure how long you have left – Total the months or days left in the year!

What to Choose for a New Year’s Resolution

Especially if you’re only starting to work on your cybersecurity this year, choosing a resolution can seem daunting. Where the heck do you start?

One good starting point is to look at an area of your cybersecurity that you haven’t focused on much. Choose one thing from that area to focus on that you know will help improve your cybersecurity.

Another good starting point is to complete a cybersecurity assessment or have a look at one you’ve done previously. Choose one of the higher-rated items to focus on for your resolution this year.

4 New Year Resolution Ideas

A cybersecurity resolution can be but doesn’t need to be lofty. If you’re still stuck, think about starting with something simple like the new year resolution ideas below:

  • Make a complex password for every new password created this year; Change all your passwords to be different at every site and keeping them that way. Have a hard time remembering passwords? Check out: Two Simple Tips to Remembering Passwords
  • Review the configuration of all existing and new devices bought during the year (the wireless router included!) to ensure the security settings are set as secure as possible.
  • Read and review each of the Terms of Service and Privacy policies for all of all cloud and online services you use to understand how they affect your security and your privacy.
  • Review every social media post to make sure none reveal anything they shouldn’t.

It’s important to remember that when choosing a resolution, it should be realistic, specific, and something that you know you can achieve. Even if it’s lofty, it should still meet these criteria.

A New Year Resolution Needs a Plan

Of course, a New Year resolution by itself isn’t going to get us anywhere. They require work to achieve success, and a great way to achieve success is to plan!

Once you’ve decided on what your New Year’s resolution is going to be, the next step is to set up some goals.

When we set up our resolutions each year, we like to break them down into multiple SMART goals, each of which we intend to meet throughout the year.

Setting SMART Goals

SMART is an acronym that stands for:

  • Specific
  • Measurable
  • Attainable
  • Realistic
  • Time-Bound


The goal has a particular outcome in mind and isn’t something general. 

For example, if you’re going to change your passwords to be different at every website, then your goal could be specific by saying that you’re going to change 4 per month.


You can write down concrete criteria to measure your progress towards the goal.

For example, you can note the running total of how many passwords you’ve changed, or note down 12 groups of 4 and cross them off as you work on them each month.


Being attainable means that the goal is one that you are reasonably confident that you can achieve. It also helps if the goal is something you have control over. If not, the goal could become much harder to attain or become unreachable entirely by factors out of your control.

It can also help if the goal is something you have control over.

For example, stating that you’re going to change all your passwords in 1 month when you know you won’t have the time or the task itself seems daunting might leave you frustrated and without the motivation to continue. On the other hand, stating that you’ll change four might make the goal much more obtainable.


The goal is something you are not only able to work towards but one that matters to you and that you are willing to put effort towards until it’s complete.

For example, you aren’t too concerned about the strength of your passwords, changing four each month might slowly slide down the to-do list until it eventually sits at the bottom for the rest of the year.


The goal needs to be bound to a timeline. Setting a timeframe to your goal not only creates a sense of urgency around reaching the target, but also provides a marker to march toward and aspire to achieve.

For example, if you’re changing all your passwords, not only will all the changes be completed by a specific date, but commit to changing a number by the 15th of each month.

How Many Goals Do I Need?

The number of goals you want to set is entirely up to you. 

We like to break down our resolutions into several smaller goals that we can achieve during the year. It gives us measurable results at shorter intervals and helps us keep the motivation by seeing the small achievements along the way.

Let’s make this the year you do something about your cybersecurity

Make a security resolution, set some goals, and follow-through. The return on your investment of effort may not be as immediate as you’d like. However, when you do see that return and avoid becoming compromised in a cyber-attack, you’ll be glad you took the time to put in the effort. 

Have you made New Year’s resolutions to improve your cybersecurity this year?

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


3 Mindset Shifts to Improve Your Cybersecurity

I’m sure it’s not surprising that cybersecurity isn’t a destination, but a process of continuous improvement that’s always evolving.

If cybersecurity is constantly evolving, then how could we possibly learn how to keep ourselves cyber secure?

By using a mindset shift

Shifting away from looking at cybersecurity as a task to be completed, or a problem to be solved and towards a continuous process of analyzing whatever situation we find ourselves in along the way and making the best cybersecurity choices.

Does that seem crazy?

Mindset shifts to improve your cybersecurity? Doesn’t make much sense, right?

Think about your personal safety in the real world. Do you put a lock on your front door and call yourself safe? Or do you analyze if its safe to cross the street, make that left turn in your car, or jump off that cliff into the lake below?

Some of this analyzing might be second nature or subconscious, sure. But you’re still analyzing each situation and making a call based on the safety risks you find.

The goal is to begin doing the same for cybersecurity and shift our mindset to thinking this way.

There are three mind shifts we need to make. What exactly are they? Lets look at them below:


Mind Shift #1: Stop thinking of cybersecurity as tools and methods

Most of the traditional cybersecurity advice includes what tools and methods you should be employing right now. Tools such as Antivirus or Multi-Factor Authentication and methods such as how to identify phishing emails are all important.

While these are good right now, at the end of the day they’re all solutions designed to reduce certain cyber risks. They’ll also change as technology or your situation changes.

How do you know how many tools and methods you need, and which ones are applicable to your situation? How do you know how much security is acceptable?

The first mind shift is to understand that cybersecurity tools and methods are solutions to reduce certain risks, such as flu shots are solutions to reduce your chances of getting the flu, or seat belts are a solution to reduce your chances of getting seriously hurt in a car accident.


Mind Shift #2: Start thinking of cybersecurity the same way we think of safety

You wouldn’t leave your home with the front door unlocked, leave your tax returns or personal documents in a public place or cross the street without looking to ensure its safe to do so. So why would you do that on the Internet?

Just as we evaluate each situation we find ourselves in to ensure we’re safe in the real world, we need to shift our perception of cybersecurity from the idea that we can’t “see” the risks, so we don’t need to worry about them to the idea that even though we can’t “see” any cyber risks, there are still some there and we need to be able to identify them for ourselves.


Mind Shift #3: Not everyone has the same risk or cybersecurity needs

While everyone has the potential to be a victim of cybercrime, the more we share, communicate and integrate our lives and businesses with the internet the more we open up ourselves to the risk of being caught up in cybercrime.

While for most of us the risk is manageable, there are many factors which can increase your risk level and make you a more appealing target to cybercriminals. Some of those factors include:

      • Wealth
      • Business Status
      • Publicity, Fame or large social media followings
      • Frequent travel
      • Internet-connected  Technologies or Internet of Things (IoT)
      • Business or domestic employees

The traditional cybersecurity advice intends to cast the widest net as possible and secure the most people possible. The goal of the third mind shift is for you to understand what your personal situation is, and what in your life might be exposing you to cybersecurity risk. Then you can employ the tools and to reduce the risk most applicable to you.

Of course, the list above isn’t exhaustive. It’s meant to get you thinking and considering all aspects of what could impact your cybersecurity, both online and offline.

So, how can we shift our mindset? Stay tuned for our next post!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


6 Factors That Can Increase Your Cybersecurity Risk

The Internet has become a mainstay in our lives in recent years. With that trend, it should be no surprose that there are some factors that can increase your cybersecurity risk.

While everyone has the potential to be a victim of cybercrime, not everyone has the same chances. The more we share, communicate and integrate our lives and businesses with the internet, the more we increase our chances.

While for most of us the risk is manageable, there are many factors that can increase your cybersecurity risk level and make you a more appealing target.

#1 Your Wealth

It should be no surprise that cyber attackers are interested in those with lots of wealth. While there are other motivations, one motivation of cyber attackers is financial gain. Those with obvious wealth are prime targets because it signals that there is a high chance of a good payday.

#2 Your business status

Companies usually have significant resources to dedicate to protecting themselves. 

Cyber attackers are keying into this. Instead of attacking companies directly, they are turning their focus to key individuals within those companies. Key individuals are those which have the access, authority or influence to help carry out the cyber attackers’ intentions.

These roles may be in the target company itself, such as executives, finance or accounting, IT, vendor relations, etc.

They could also be at other companies related to the target, such as trusted partners which could be used as a gateway.

#3 Publicity or Fame

If you are a public or famous individual, there are the people who love you and those that don’t love you as much. 

Especially if you create photos or videos for social media, revealing too much information even only a couple of times can give a cyber attacker enough to put the pieces together.

This goes further than your location as well. Confidential and personal information could be hiding in the background of photos or videos.

#4 Frequent Travel

Nowadays we’re so connected, almost any coffee shop, restaurant, and hotel now offers free WiFi. However, cyber attackers are wise to our need to stay connected.

There is the possibility they could be monitoring the WiFi and stealing the information going across it. They could be sitting behind you reading your screen over your shoulder. They could even be stealing your devices out of your hotel room while you’re out enjoying the pool.

#5 Lots of Tech

Lots of unsecured internet-connected or IoT (Internet of Things) tech can be a haven for cyber attackers. They can use them to create botnets, as a foothold in your network, or as they were intended (such as a camera) to monitor your movements.

#6 Employees

Even though employees may not have the same access, authority or influence as an some in an organization or household, they can still be a target. A cyber attacker can use them to access your network. They could use them to access those that do have access, authority or influence, or to achieve the cyber attackers’ goals by other means.

Regardless of whether they’re business or domestic employees, a cyber attacker can use them to obtain information and access to you or your network.

Whatever you do online could impact your finances, reputation, career, business and even personal safety. Protecting yourself and being mindful of the factors which can increase your cybersecurity risk can help you reduce the chances of getting caught up in cybercrime.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Here’s Why You Need to Level-Up Your Cybersecurity This Year

Remember the days when a household would have one computer, and that was only if you were fortunate enough to have one?!

The days when we didn’t do much on a computer other than sending emails with funny cat pictures, and motivational sayings? When leveling-up your cybersecurity wasn’t much of a concern?

Today the average household has not only one, but a growing number of connected devices. A survey in 2016 by Business Insider estimated that by 2020, there would be more than 4 devices for every person on earth! (Source)

Not only is the number of devices growing quickly, but they’re growing smarter as well. As they become smarter, do more tasks for us and become a more integral part of our lives, the bigger the consequences could be to you and your business if they were to be hacked, stolen or under the control of an attacker in some way. 

You’re probably thinking:

 “Yeah, so what. I don’t have any sensitive information. Attackers would want to go after a company, not me. I don’t need to level-up my cybersecurity.”

And, partly that is right. Companies would seem like a much more lucrative target.

The problem is…

While we are becoming more tech-savvy, so are cyber attackers. They’ve recognized that while large companies have become better at protecting themselves, individuals haven’t had the same opportunity. 

Cyber attackers are increasingly targeting individuals because it is easier, more profitable, and requires less investment. The chances of their attack failing are also much lower than going up against the defenses of a company.

Ok, but what if you think you don’t have any sensitive information? Should I still level-up my cybersecurity?


#1 Not all sensitive information is obvious

With convenience comes a lot of sensitive information, though not all of it is obvious. 

Not all of this information is what information give to a device or store on a device (such as your email or passwords). But what these devices collect as well (such as your location, or usage patterns).


#2 Attackers aren’t just after your information anymore

While they will take any sensitive information they can get from you to resell later, your information isn’t the only thing attackers are after. 

They may want you to do something for them. Such as initiating a fraudulent payment transfer or purchase gift cards and send them the numbers on the card.

They may not want anything from you at all, but instead, use your access and influence for another goal. If you are a trusted partner or executive of a business, they may use your influence to get that business to re-route payments to the attackers’ bank account. They could also use your accounts to publicly humiliate or damage your reputation.

They could even just use your devices as a jumping-off point in part of a larger attack.


#3 Being cyber-aware is becoming an advantage

Employers are becoming more concerned with their employees’ susceptibility to cyber-attacks. Some even review social media as part of the hiring process. 

It is also only a matter of time before customers start to prefer companies who are cyber secure or cyber aware.

Being cyber secure yourself will ensure that your online presence doesn’t reveal more than you’d like. It’ll also enable you to translate that cybersecurity to your job or business and do your part in keeping what you do for a living cyber secure.


#4 Setting and forgetting doesn’t work – technology and attacks are constantly changing

Being cyber secure isn’t just changing your passwords once, or buying antivirus and forgetting about it. 

Whatever tools and tactics we use to keep ourselves cyber secure today won’t be the same in another decade, nor will cyber attackers be using the same tactics against us either.  It is about being able to adapt and evolve your cybersecurity as situations and technologies change and evolve. 


#5 No cybersecurity is perfect, stuff will fail

Of course, no cybersecurity is perfect. Good cybersecurity practices will help you create a plan for what to do when everything fails. When your passwords are stolen or information is breached and help decrease the stress when this happens because you have a plan to respond.

It’s no surprise that cyber attackers are becoming more tech-savvy and are increasingly targeting individuals. Protecting yourself and being mindful of your cybersecurity can help you reduce the chances that whatever you do online could impact your finances, reputation, career, business, and even personal safety.

Are you planning to level-up your cybersecurity this year?

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Don’t Let Your Connected Devices Ruin Your Holidays

Ah, December.

It’s the time of year when we go out and buy our friends, family and even ourselves (You know you’ve done it!!) brand new computers, phones, and *insert gizmo here*.

Connected devices, wearables, drones, and so many other tech gadgets are all making the holidays much more fun.

However if not configured or set up correctly, these devices could put your personal security and privacy at risk.  They could even expose important personal and financial information.

Default credentials

Many of these devices are shipped with default usernames and passwords. This means that the default username and password combination is well-known by the manufacturer, and support people. It may even be written in documentation posted on the Internet.

Yikes. Because of this, it is important to change the default password and even the username, if you can.

If the device will allow you to use a passphrase, then even better! This will prevent anyone from being able to access your device if someone gets on your home network, or if it accidentally gets connected right to the internet.

If your device also connects to the cloud or an online component (i.e. you log into the manufacturers’ website to use it) its a good idea to change this password as well!

Default configurations

Normally the default configurations these devices are shipped in, are ready for you to use immediately. This means that any barrier to the shortest setup-and-go has been turned off.

Often most security features may be turned off, or be optional. It’s a good idea to acquaint yourself with all the features of your new device – security and otherwise. Acquainting yourself will help in understanding what the implications to your personal security and privacy are when each one is turned on and off. Then make the decision on which ones to turn on.

Some devices will also include administration portals or some advanced network administration tools. If you don’t have any intent to use these, turn them off. This will ensure an attacker can’t use them.

Connected directly to the Internet

Most connected devices out there aren’t mean to be connected directly to the Internet.

It’s easy to assume that when you plug the cable into your Internet router or connect the device to your home WiFi that it is only accessible to your home network.

Have you ever actually checked?

It’s important to understand what the internet needs are for your device and make sure that your router and network is configured properly. Any extra port forwarding or other settings are removed if not required.

If your device is accidentally left accessible on the Internet it could be easily accessed or hacked. This could expose important personal and financial information, be used as a gateway to access or hack other devices or computers in your home, or be used as a staging ground to hack others.

Two things that can also be overlooked here. First, ensure you’re using a strong passphrase or password on your wireless network. A weak one will only put your connected devices (and everything else on your network) at risk.

Second, do not put your devices on a guest or public WiFi network. Where devices are concerned, these networks can be just as bad as the internet.

Cloud connectivity

Devices now often include some type of cloud connection capabilities within them. This capability could be for extra features, or at times is required to use the device.

When you have a device that includes cloud connectivity, it’s important to understand what information is being sent to the cloud. This is to ensure you know what it’s being used for and how it’s being protected.

If your device is collecting personal, location or other sensitive information and it isn’t protected well, there is a risk it could be lost in a breach.

Start by reading any manuals that came with the device, the manufacturer’s website and Terms of Service and Privacy Policy documents, to start.

Ensure other computers and phones are secure

Do you connect to your device via an app on your phone, or from your computer?

If an attacker can compromise your other computers, they can take advantage of them to then attack your connected devices.

Update your connected devices

Check if the manufacturer of your device releases software or firmware updates. If they do, update the software and firmware as often as possible.

Software and firmware are only as good as the humans who create them. It’s easy for humans to accidentally introduce errors and security holes while writing software. Because of this, when manufacturers find these errors, they normally create an update to fix the issue. Updating the software allows you to get these fixes and plug any holes that an attacker could use.

It also will ensure you have the latest set of security features. Sometimes additional features can be released after you’ve purchased the device.

Wrapping it up

Connected devices are becoming much more popular. Not only are they fun, but they can make life much easier. However, they need to be used smartly. If they also collect personal or sensitive information or are left unsecured, they could be putting your online security and privacy at risk.

Photo by Alex Knight on Unsplash

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Second Factor Tokens are a Pain. So Why Use them?

The other day I had an interesting conversation with a friend.


Their bank had just told them they had to add their phone number to their bank account.


This was in order for the bank to send them a text message with a code to their phone to input along with their password, every time they logged in to the bank via the web or a mobile device.


What are Second Factor Tokens?

You may have seen this before. Second Factor tokens can also be called a one-time-password, 2-Step Verification, or Two Factor Authentication (2FA).


Second-factor tokens are a part of Multifactor authentication – a way of confirming you are who you say you are when you log in. It requires you to provide two (or more) pieces of evidence (commonly called factors) to prove it is really you. The two pieces of evidence have to be two of these three: something that you know, something that you have in your possession and something that you are.


If you haven’t guessed it yet, your password normally qualifies as something that you know and is your first factor. Second-factor tokens provide evidence for something in your possession and are normally your second factor.


These tokens can range from physical devices you have to plug into your computer or place near your computer, to numerical codes (obtained from an app or physical device resembling a key fob) that you enter after your username and password.


There are even some newer solutions don’t even give you a code at all.. they just prompt you to approve or deny a request to login via an app on your phone.


They don’t exactly make things easier

Not surprisingly, they were not very happy about this change.


Multifactor Authentication means an extra step and more things you need to keep track of and worry about when logging in.


They almost seemed as if they were telling me about this, expecting me to take their side.


To say “of course how could the bank do that horrible thing?!”


But do you know what I did?


I said, “that’s great!”


They were so shocked!


While I had to agree with them that the codes are annoying, the thing is, they are very effective.


For those who don’t use these one-time codes often, or if they’re completely new,


  • they can be very annoying and frustrating, as they’re one more thing you have to deal with
  • If they send the code to your phone, and you don’t have your phone, it presents another problem
  • If you’re not technologically savvy, it’s one more piece of technology to deal with.


So what exactly is the purpose of using them?

If they’re so annoying, then what is the purpose of using them? How are they different than the security questions we already use? Why can’t we just continue using the security questions?


In short, because passwords alone just aren’t good enough anymore on their own and with the amount of information we share on social media, security questions are just too easy to guess.


Not everyone uses long and complex passwords, and even if you’re someone who does there is still the possibility of your password being compromised in a breach.


A second-factor token helps in that if your password is compromised, knowing your password alone isn’t enough information for an attacker to login to your account. They still need the code you have, or for you to tap the “approve” button on your app.


So while this whole second-factor authentication thing might seem like a nuisance, its actually meant to help you secure your logins better.


Second Factor tokens still aren’t completely foolproof.

Although, like other things,second-factor tokens aren’t a silver bullet. For example, if you receive a code via a text message, someone could impersonate you to your cell phone provider. Doing this, they can obtain a new SIM card that has your phone number tied to it. Then a request is made for the code and because they now control your phone number, it’d be sent directly to them instead of you.


Of course, your information on the service is only as secure as the security the service has in place. Even if your password is top-notch and you use second-factor tokens, your information can still be compromised if the service itself is compromised.


Still, these types of codes do provide much more security for your login than a password alone.


Speaking of passwords…

While second-factor tokens do help, it doesn’t mean you can become lazy with your passwords. Long, complex and strong passwords are still important!


If you’re struggling with creating long and strong passwords and remembering them, we have a few tips for that: Two Simple Tips to Remembering Passwords


How do I get a second-factor token?

Unfortunately, second-factor tokens aren’t something you can just get for yourself. Multifactor authentication and second-factor tokens have to be supported and by whatever service you’re logging into and does take a bit of setup.


However, more services these days do support some type of two-factor authentication. The website at maintains a list of many services which support multi-factor authentication and second-factor tokens.


To find out if your service does support second-factor tokens, try looking in their help documentation. If all else fails, reach out to the company and ask! They may also be able to provide some instructions for how to set it up, too.


Long story short…

While second-factor tokens may seem like a nuisance, they are actually meant to help. They can help username and password become stronger and more resilient to hacks and data breaches.


However, while they do add to the password you already use, they should be used as a compliment. Not as a replacement to your password.


Do you have second-factor tokens setup for all your logins?


Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


10 Tips for Being Back to School Cyber Secure

Back to school is almost here!


You know that that means – friends, textbooks, and late night study sessions, to start.


But did you also know It also means more devices, new accounts, and even more screen time?


Online security may not be the first thing you think of when it comes to back to school. However, with more students carrying laptops and more tech finding its way into the classroom, it’s becoming even more important to review how we protect the digital lives of ourselves and our families.


Even if you or your family aren’t heading to grade school or college, the beginning of a new school year is a great time for a cybersecurity refresher for the whole family. A refresher will make extra sure you’re still being cyber secure in your current digital lives and with all those extra devices and accounts you’ve collected so far this year.


To help you with that refresher, below are some tips to get you and your family ready for the school year.


Ensure your computer and devices have updated security software

The more out-dated software you have, the more holes available for viruses, malware, and other unfriendly things have to compromise your computer and devices.


Ensure that you’ve updated all the software on your computer and all your devices. This includes not just their operating systems but those apps too!


It’s also a good idea here to remove any software and apps that you no longer use and any data that they might contain.


Be careful with your purchases

When purchasing new computers, devices and software be wary of used items and online offers that seem too good to be true.


Used computers and devices purchased from sites like Kijiji or eBay could possibly come with malware and viruses pre-installed. It’s a good idea to wipe or do a factory reset on any used device you may receive.


Online offers that seem too good to be true could be adware, malware, a scam, or a hook to get your personal information.

Backup your stuff

As I am sure you’ve also heard, it’s important to back up all the data you have frequently.


What you probably haven’t heard, it’s important to go further than just one backup! Have at least two different copies of your backup on two different media formats. That way you will have no problems recovering if one of the media formats ends up becoming damaged or corrupt.


Pro Tip: Create a third copy of your backup. Store that copy in a secure location away from wherever the other two copies of your backups are stored.


Then, if something happens to the location the other two copies are stored (fire, flood, hurricane, etc.), you still have a copy to recover from.


Lock it up or take it with you

With people moving about on campus all the time, it doesn’t take long for a computer or device to go missing.


If you’re going to leave a laptop or device unattended, make sure you lock it up with both a physical lock (such as a laptop lock) and either shut it down or lock the screen.


Even better yet, take the laptop or device with you! If you always pack up your laptop and devices and take them with you, then you know they are safe and secure.


Encrypt, encrypt, encrypt!

If your computer or devices are stolen or accidentally lost, then all the data on them is lost as well and could potentially be in the hands of someone you wouldn’t want to have it.


One way to lower the risk of your data falling into the wrong hands in this situation is to ensure you’ve encrypted everything you have which will support it. This includes your computer, devices, and removable media.


Encryption helps because if your devices are encrypted and are lost or stolen, your data can not be easily accessed.


One thing important thing to remember here: If you lose your encryption keys, your data is lost forever. It’s important to do your research and understand exactly how encryption works for your devices before you encrypt anything.


Create or update the passwords for your computer, devices and online accounts

As I’m sure you’ve been told, using the same password for everything is never a good idea. Take this time to create new, unique passwords for computers, devices, and online accounts.


Ensure these passwords are long and strong and complex.


Pro Tip: If you have a hard time remembering passwords and shudder at the thought of creating a new one, try using a password manager. It’s a piece of software that securely stores all your passwords, and then all you have to remember is the one password to open the password manager. Simple!


Enable multi-factor for everything that supports it


More and more online services are starting to support multi-factor authentication. This adds an additional layer of security to your account by requiring you to provide something extra in addition to your username and password to login. Usually, this is in the form of a code or fingerprint.


Enabling multi-factor means that even if someone manages to get your username and password, they can’t login to your account without the additional factor, which you still have.


However, this doesn’t mean you can become complacent with your passwords… Strong and unique passwords are still important!


Watch your shoulders

On crowded campuses and packed buses, be conscious of who is around you and who might be watching your screen.


Someone watching your screen over your shoulder is actually called “Shoulder Surfing”.


Its when someone watches over your shoulder to steal valuable information from you as it is displayed on your screens such as your passwords, PIN numbers or credit card numbers.


The person who now knows tour information can use it for whatever they wish, including stealing your accounts, draining your bank accounts, or stealing your identity.


Be careful using public WiFi

Public WiFi should always be treated as an insecure network, just like the Internet no matter who is providing it and no matter whether it is password protected or not. You never know how its configured, and who might be watching or intercepting what you’re doing on that WiFi.


It’s a good idea to never access or share any type of personal or financial information over public WiFi. If you can, refrain from also accessing anything that requires a username and password in case your credentials might be intercepted.


If you do need to access or share any personal or financial information and you’re out and about or traveling, consider using a VPN (Virtual Private Network) service or a mobile hotspot on your phone, or a standalone hotspot device.


Be careful what you share

An innocent selfie or comment can reveal much more than you intended. Be careful not to over-share or share too much personal information.


Also, consider what you’ve shared in the past. One piece of personal information might seem innocent enough, but sharing a different piece many times often leads to the formation of a picture of your identity and location.


Another good thing to remember is that it’s not always possible to remove things from the Internet. It is entirely possible that a post or share today can affect your reputation tomorrow.


How to detect phishing emails

Phishing emails are emails attackers send which are designed to entice you to click a link or download an attachment. Once you’ve clicked or downloaded, one or both of two things can happen. You are enticed to give up personal or financial information, or malware is installed on your computer without your knowledge.


Whenever you’re checking your email, remember to check for some of the indications of a phishing email:

  • Fact Check

If the email seems like it is completely out of the blue, it very well might be a scam.

  • Check the “From” Address

Ask yourself: does it make sense that I’d receive an email from this address? Have I received an email from this address before?

  • Bad grammar and spelling

Is the email is full of bad grammar and spelling? Especially if it comes from a business, then this might be a phishing email.

  • A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords. If you’re not expecting a link, or it looks weird, don’t click it!

  • A sense of immediate urgency

Spammers want you to act without thinking. They want you to feel like there is no time to do anything but to do as they ask. Take a moment to think if the threat is practical.

  • It sounds too good to be true

If it sounds like it might be too good to be true, it probably is.

  • Trust your gut

If all else fails and you’re not too sure, or if it just feels “off”, then Don’t open the email. Don’t click on any links and don’t open any attachments.


Read more about detecting Phishing emails: Email Looking a Little Phishy? 7 Things to Look For…


Back to School might be stressful, but staying back to school cyber secure shouldn’t have to be! Putting these tips into practice and creating some new habits are all it takes to be safe and secure all year long.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Is Free Stuff Really Free?

Today’s post is all about free stuff.

Free stuff you can find on the Internet, that is.

You can get almost anything for free on the Internet these days.

Sample products, domain names, subscriptions, even coffee and chequing accounts. Many whole websites and services are even free.

But is any of this free stuff really, truly, free? With no strings attached?

For the most part, NO!

Why? Well, at the end of the day someone has to pay for this stuff you’re getting for free.

There are costs associated with making the material, and then costs associated with putting that material on the internet for you to get. Which, depending on how substantial the material is, and how popular the place you’re getting it from is, the cost can be substantial.

Whatever it is you’re getting might be free as in you don’t have to open up your wallet and hand over some of your hard-earned cash, but you are still going to have tdo give up something in exchange for whatever you’re getting.

So, how does this work? Here are a few ways you might end up paying for the free stuff you get online.

The first one is..


Ad revenue

If you’re part of the generation that is used to sitting down to read the newspaper every day, you’re familiar with how all this started.

Ads are put up on the website and you have to put up with them while using whatever it is you came to use.

These ads generate revenue for the website every time you view a page on the website.

While most advertisements are fairly innocuous, advertising technology is quickly moving towards enhanced ways of figuring out what it is you like so they can show you ads for products and services you are most likely to buy.

You have to ask yourself here, is dealing with the ads worth it for what you’re getting? How about the possibility they may be tracking you?

The second is..


Giving contact information

A business needs customers, but nobody is going to freely give up their contact information and ask to be contacted about products and services they could buy, right?

I mean, how many phone calls have you picked up, discovered its a telemarketer on the other end and been excited about it?

One avenue for businesses to solve this problem is to give something away for free, in exchange for your contact information and your acceptance that they can contact you at a later date to advertise their products and services for you to buy.

Ever been asked online “to download this or that just enter your email address!” ?

This is exactly what is happening. In exchange for the free download, you’ve handing over your contact information.

The third is..


It could be a scam

I think its worth mentioning here, that if it sounds too good to be true, it probably is. As I mentioned above, its expensive to give away free stuff.

Ever get invited to a survey which claims that every participant that completes it will get an iPad? If that were true, not only would thousands of people complete the survey, but the company offering it would go out of business quickly due to the number of iPads they would need to purchase.

Next time you see something for free that just seems way too good, take a second and think to yourself: Is this too good? How does the company pay for this?



Giving Personal Information

The last way I wanted to highlight is similar to collecting contact information, however instead of just contact information, they ask for way more.

Ever seen an online quiz that needs to know your name, address, and income or a contest ballot that wants to know your address and occupation?

That kind of information that gets a little more personal than just how to contact you if you win.


Bottom line..

So, what I’m trying to get at in this episode is not to scare you and Im not saying that you shouldn’t give out information at all. I’m just saying that you should be careful to who and when you give it out.

While this may seem like nothing, the next time you enter your information for something free, consider these two things:

They could sell your information, or make it available to customers in some way, which means you could get even more unsolicited advertisements and emails from many third parties.
They could loose your information. Either through a hack or by accident, which means your information could get into the hands of a third party which could have sinister intentions.

Make sure that whichever company you’re giving it to is reputable and has some protections in place to protect the information you give them.

Not only that but consider if the information you’re providing is worth the benefit of whatever you’re getting in return.

Are they asking for your name, address, phone number, social status, salary and social insurance number all in return for a ballot for in contest, but the chances of winning are 1 in 50,000,000, for example?

Ask yourself if that much exposure is worth that chance of winning.


This week’s challenge

This week’s challenge is pretty simple. Think about everywhere you’ve submitted your information online in exchange for something free. Can you think of anywhere where it might have not been worth it? Going forward, is there anything you might do differently when it comes to giving up your information?


Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Email Looking a Little Phishy? 7 Things To Look For…

Not sure how to detect phishing emails? Don’t worry! The people who create phishing emails and phishing scams can be very crafty. 


What are Phishing Emails and Phishing Scams?

“Phishing” starting with the P-H instead of an “F” is when a spammer, impersonating another person or an organization sends emails to people maliciously, in an attempt to trick them into doing things like:

  • Hand over usernames, passwords, banking details, or other information
  • download malicious files or viruses,
  • pay or transfer money through fake invoices, fake ransom requests, etc.

If the name sounds funny, thats because it is! It’s meant to be a play on the fact that spammers are trying to lure you in just like a fish so you’ll give them what they want.

Just like how you’d lure a fish into biting down on the hook you’re dangling in the water, a phishing email is meant to get you on a spammers hook.

To convince you that you really do have to give them your bank information, or enter your username and password.

But these types of attacks are really nothing to joke about.

They try to not only look as legitimate as they can, but also instill fear, curiosity and play on our desire to do the right thing.

The scary part is, these types of emails aren’t always that easy to detect!

Spammers like to craft their emails to impersonate popular online services and brands to get you to enter in your usernames or passwords and banking details.


How To Detect Phishing Emails

So, how to detect phishing emails? Here are 7 characteristics you can check for. These aren’t exhaustive, as spammers are always trying to change up their methods, but they are a good starting point.


Fact Check

Is this a company you actually do business with? Is this someone who you normally receive this type of email from? Did you actually order something for which you are expecting a confirmation?

If the email seems like its completely out of the blue, it very well might be.


The “From:” address

Check the from address carefully. Spammers often try to register domain names that look very similar to the organization they’re impersonating. Others will make the name look credible, but the email address its coming from will be something different.

Ask yourself: does it make sense that I’d receive an email from this address? Have I received email from this address before?


Bad grammar and spelling

If the email is full of bad grammar and spelling, then this should be a red flag.

Any email that comes from a corporate business will sound professional, and will have been checked for grammar and spelling multiple times before being sent out.

Also, now many corporations have either removed salutations altogether, or will greet you in a manner consistent with your region and with your proper name.

If your email starts with “Salutations user” and you don’t know anyone who would say that or “hello first [email protected]” or “Dear Member” this should be a red flag.


A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords.

If there is such a link in the email, hover your cursor over it but don’t click it!

This will show you the actual URL. If the URL displayed in the email is different than the URL that pops up when you hover your cursor over the link, its probably a phishing email.

In addition, if the URL that pops up doesn’t look quite right, it might not bew.

For example, is it a misspelling of the legitimate domain name, is it completely unrecognizable, or is the real domain name included in part of another domain name such as:

If you see any if those examples, then it’s probably a phishing email.


A sense of immediate urgency

Spammers don’t want to wait around. Part of their game is the sense of urgency. They want you to act without thinking and feel like there is no time to do anything but to do as they ask.

Sometimes they’ll build this sense of urgency by saying that “Your account is going to be suspended” or “your free gift is going to expire” or “the authorities will be contacted”, or other threatening language.

Don’t fall for this game. Take a moment to think if the threat is practical.

In addition, most government agencies don’t use email as their first means of contacting you.


It sounds too good to be true

Did you win the lottery, but didn’t buy a ticket?

How about a long-lost relative that you’ve never heard of wants to give you millions of dollars?

Maybe that new smartphone you wanted is now 99% off?

If it sounds like it might be too good to be true, it probably is.


Trust your gut

If all else fails, and you’re not too sure, or if it just feels “off”, Don’t open the email, click on any links or open any attachments.

What do I do if I get an email that doesn’t seem right?

Check with the person or company who supposedly sent it if they actually did send it.

If its a company, call their customer service line or get to their website the way you normally do, and ask if the email you received was legitimate.

If its a person, call them on the phone or in another manner that you can verify you’re actually talking to them and not someone attempting to impersonate them.

But, don’t try to verify the email via a reply email.

If the attacker already has access to their inbox, it’s really easy for them to reply with “yes, of course it’s me!”.


This Week’s Challenge

This week’s challenge is to think about these characteristics and the emails you’ve received lately and see if these characteristics apply. Do you now know how to detect phishing emails and can you identify any which you have recieved lately?


Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?