The InfoSec Blog

  • All
  • Answering Security Questionnaires
  • Building Your InfoSec Program
  • Growing Your SaaS Company
  • Trends in InfoSec
  • Updating Your Security Policies

How to Complete Security Questionnaires [For Vendors]

For technology vendors, data privacy and security questionnaires are increasingly common. But they are also becoming longer, more complex, and more of a burden for the companies receiving them.  We’ve helped companies answer hundreds of security questions for their enterprise customers — sometimes as many as 400 in a single questionnaire. Here we will break […]

Our Story: How a Security Questionnaire Changed the Trajectory of a Startup

When the security questionnaire landed in Laird Wilton‘s inbox, he felt sick to his stomach. He scrolled down the long list of detailed information security questions. His team at a growing SaaS startup could easily stumble in their responses here. Laird’s team had to give satisfactory answers about their security policies during the vendor auditing […]

How to Encrypt a Hard Drive with BitLocker in Windows 10

Encryption is key to making sure that your data is protected. It’s also an easy best practice to include in your security policies. The encryption process can vary between systems and devices so we’re going to break it down one at a time for you, starting with Windows 10 and Bitlocker. BitLocker is Microsoft’s proprietary disk encryption […]

What NOT to Say During a Security Audit of Your Startup

Founders and CTOs often say or do terrible things in security audits. Over the last three years, I have personally played a role in over 100 vendor security audits as both the auditor and the audited. I’ve worked with 100s more startup founders and CTOs as they navigate through enterprise vendor security audits. Many of [...]

How to Disable Automatic Login in Windows 10

When you first set up a new PC with Windows 10, you create a user account which is set by default to log in automatically at startup. This likely isn’t a problem if you’re at home all the time, but if you have a laptop this becomes a serious security risk. Especially if you travel […]

Why Every Company Needs a Disaster Recovery Policy

If a company relies on computers, it is highly likely that an IT failure would have a negative impact on the business – and make you wish you had a disaster recovery policy. It is important for businesses to understand that no matter how small they are, a disaster is inevitable at some point. Cyberattacks […]

But First, Security Policies and Procedures

I’ve seen first-hand what happens when companies fail to fully implement information security policies and procedures. It’s hard to do it properly on your own. That’s why as the Customer Success Manager at Securicy, a central part of my job is recommending the steps for updating and implementing a new information security program. Policies and […]

Top Security Trends for 2019

Now that we’re halfway through 2019, let’s take a look at our top five security trends for the year 2019. Some of these might seem obvious to you, which means that you’re paying attention (nice job). But it’s not enough just to know about these, you want to make sure that you are ahead of […]

7 Tips for Office LAN Security

Office network security is the local area network (LAN) in the workspace or office. Security of this network is a top priority. It doesn’t matter how big your company is or if you’re a startup, you don’t want a malicious actor taking down your network or breaking into your proprietary software. The first thing that […]

Staying Secure on Social Media

Social media is an almost unavoidable part of our daily lives. Whether that be personal use or professional, we’re exposing ourselves every day. This is why, as business owners, we need to consider if we’re allowing our team to access social media on their own devices. Or on company devices, that are connected to the […]

4 Tips for Implementing Physical Security

In our world of online information security, most of the time people are thinking about passwords and server protection. While these are obviously very important things to be thinking about, one huge part of security is being overlooked; physical security. Small businesses are really not thinking about physical security. Even when managers do think about […]

The Process Behind Third-Party Risk Management

The decision to use a particular service or software is often already made before third-party risk management is engaged. Common process would be that a department head decides they want to hire a service or buy software to solve a business problem. They engage with a few vendors and based on the look, feel, features, […]

Security While Working Remote

Working remotely is becoming more common in today’s modern workspace. Now more than ever, managers and leaders in all sorts of companies are seeing the benefits of allowing remote work. However, they are also thinking about the risks that come with allowing their employees to work from anywhere. They’ll start to consider what they can […]

How to Protect Yourself When You Travel & Security Tips

Travel security isn’t always the first thing on your mind when you’re planning a business trip. But security is always a top priority when I’m working remotely and traveling. Not just for myself and personal belongings, but also for work devices and sensitive company data. Traveling is a huge part of many people’s jobs these […]

A Security Guide to Surviving Tax Season in Canada

Tax season security is just one more thing to worry about. All year round, scammers try to impersonate the Canada Revenue Agency – through phone, text, email phishing or paper mail – to gain access to taxpayers’ personal information and finances. Individuals are particularly vulnerable around tax time when the CRA is on everyone’s mind. […]

Network Security in a Shared Workspace

Securing a business network seems straight forward when you have your own office or building that hosts only your employees. For many start-ups and smaller businesses, their physical office might be a shared space with a shared network. This raises the question of how these businesses can work securely, reduce risk, without spending a fortune […]

How to Build Your Security Team

Building a security team within a company can be a time consuming and confusing process. There are many roles and branches of the Security Team. When assembling your team it’s important to keep in mind that having people from different aspects of the business is useful. Like HR, development, management, and marketing. That is because […]

Information Security from a Customer Success Perspective

Implementing an information security program can seem like a daunting task for any company. Whether you are starting a security program for the first time, looking to consolidate your security policies and procedures into one place, or are being asked how you comply with the latest compliance standards by your vendors… we’ve seen it all […]

How to Secure Your Business for Free [Free Security Tools]

Many companies, especially small businesses or startups, start off with an information security program that relies on free security tools. One of the biggest hurdles to overcome in setting up a security program is, and will forever be, money. Budget is always the biggest obstacle to improving security. However, people believe this myth that having […]

Securicy Launches Free Tools for Small Businesses

The Struggle of Information Security Free tools can do a lot to improve things for small businesses. Information security has been an expensive part of business for many years. Managers struggle to effectively manage and mitigate risks associated with user data and privacy. When these businesses are attacked, managers quickly call IT support teams to resolve […]

The Future of InfoSec is Leadership

Today’s business leaders are measured by their ability to relay brand consistency, authenticity, and company transparency. In addition, they’re judged on their corporate values, strategic vision, management practices, and community contribution. In short, there’s a lot more to management than just bookkeeping, sales, and renewals. But forward-thinking leaders will keep information security on their priority […]

How Big Tech Companies Can Regain Customer Trust

Distrust towards big tech firms has grown around the world. Users have legitimate reasons to be concerned about the large amounts of personal data they share with these companies. Big tech companies collect an incredible amount of data from their users that malicious hackers could potentially exploit. The public demands that the industry demonstrates a […]

Best Practices For Email Security

Your email accounts are where you are most vulnerable to being a victim of a cybercrime. Yet email security is often forgotten. Cybercriminals are attacking email accounts on a daily basis with phishing scams. The numbers don’t lie. Between the first and second quarters of 2018, email attacks against businesses rose 36 percent. Industries like […]

Guide to Starting a Basic Risk Assessment

A risk assessment is one of the first steps in implementing your information security program, which will help provide an overview of your entire business. You’ll use it to track what assets you have, what the risks are to your company, and what the possible consequences could be if a breach occurred. Importantly, the assessment […]

6 Reasons to Update Your Security and Privacy Policies

With frequent data breaches in the news and regulators hammering down on security and privacy issues, many executives and technical leaders are updating their policies and procedures.  We recently asked Louis Sirico, an expert in RFID technology, and the Director of Information Technology at Connect&Go, to share his advice on how his company launched an […]

The Greatest Obstacle to Security Programs

You’d think every business that deals with customer information and data would have a security program in place by now. But that’s not the reality. There are trends and obstacles that seemingly stop businesses from setting up security measures to protect sensitive information. The chart below from Cisco reports that from 2015-2017 the greatest obstacle […]

The Status of Marketing in the Aftermath of the GDPR

What “GDPR Readiness” really looks like and how businesses say they’re doing it. The General Data Protection Regulation (GDPR) swept the nation in the later half of 2017. Companies holding European citizen data would fall under the jurisdiction of the European Union’s regulation over data privacy. The rollout was messy, to say the least. Even […]

How to Start Implementing a Cybersecurity Program

It is a major mistake to run a small or medium-sized business without any kind of cybersecurity program. But it’s not necessarily your fault, if that’s the situation you are in now. Cybersecurity can be difficult to understand and due to time or budget constraints, it’s not always a top priority. It is easy to […]

Buyers are Scrutinizing the Data Protection Practices of SMBs

It’s no surprise that customers have high expectations for companies when it comes to data protection. In fact, 71% of consumers believe organizations have an obligation to control access to their information. Data Protection is a Big Deal in B2B In the case of B2B businesses, data protection is a top priority. Data breaches cost […]

A Poor Cyber Security Posture Damages Your Sales

If you’re a small business that’s selling, or hopes to sell, products to larger companies /organizations, you need to level-up your cyber security posture. Any weakness in your cyber security strategy can stall the sales process. Compliance StandardsIn B2B selling it’s common practice for the larger entity to expect you, the supplier , to become […]

Protecting Your Intellectual Property

Your intellectual property (IP) is your company’s holy grail. It’s what you put out into the world to get a return in revenue. And because there are people in the world who are willing to break laws to get information, your IP is at risk of being stolen and used against you. What Classifies as Intellectual […]

1 in 30 Canadians Affected by Facebook Data Breach

Facebook has announced how many Canadians have been impacted by the Cambridge Analytica data breach and the number is quite surprising. 622,161 Canadians have had their personal data shared with the British analytics company. While on the large scale of 87 million people who have reportedly been affected the number seems small. In fact, Facebook […]

GDPR: What it Means for Your Sales & Marketing Team

You may have heard about GDPR (General Data Protection Regulation). It’s a new regulation that affects business owners that work with the personal data of European citizens. Companies like Hubspot have taken the time to let their clients know that they have worked to become GDPR compliant. If you’re a SaaS company that uses inbound sales and […]

How to Setup an Incident Response Plan

Incident response plans are a critical part of any business’s information security program. We know that it’s important for employees to care about cybersecurity – but what do they know what to do if an incident occurs? What classifies as an “incident?” There doesn’t have to be a full-blown breach to classify an incident. Anything […]

How to Make Your Team Care About Cyber Security

Whether they know it or not, employees are on the frontline of the defence against cyber attacks. The mindset of “it won’t happen to us”, when it comes to being breached, can be hard to change but it’s important to keep the team motivated to care about cyber security. We talked about why employees are […]

How to Encrypt a Partition in Linux

With Linux you have a number of ways to add encryption to your servers and desktops. One of the more secure routes is encrypting an entire partition (as opposed to folder-level encryption). By encrypting an entire partition, you no longer have to worry that you might have left a crucial directory unencrypted. Let us walk […]

How to Install Antivirus on Linux (Ubuntu)

Linux is generally considered to be more secure than other operating systems. However, it’s increasingly a target of attackers; as Linux systems are used for critical roles like web servers and internal file servers. In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux machines can also become distribution points for Windows, Mac, […]

Best Practices for Printer Security

The printers in your office can be an easy source for a data breach. In addition to documents that lay unprotected in output trays, some printers can store information in memory that can be recalled or intercepted. These devices should be managed and protected, just like the rest of your IT infrastructure. Secure the Device: […]

How to Setup a Password Protected Screensaver in macOS

Protecting your Mac’s screensaver with a password is simple. Yet many users don’t think about doing it. If you’re a Windows user, don’t worry, we’ve got you covered right here! How It’s Done Step One: Open System Preferences. If the icon in not in your dock, you can access it by opening the “Apple Menu” that is […]

Employees, You Are The Weakest Link

When an employee signs a policy they acknowledge they have read and understand the document but is that really the case? Turns out, the answer is no. A recent study from Kaspersky says that 46% of cybersecurity incidents in the last year have been due to careless actions by uninformed staff. It may not be intentional, in […]

Strong Passwords and 4 Types of Passwords You Should NEVER Use

Strong passwords are a good defense against persistent cyber attackers but weak passwords can be the entryway to confidential data and operating systems. While there are so many types of passwords that are easy for hackers to guess, here are four quick examples of ones to avoid and tips for picking a strong password. 1. […]

Protect Your Business During Tax Season

Between Winter and Spring there is another season that brings its own highs and lows: tax season. This is when hackers think that businesses are at their most vulnerable. These bad actors will pull out every trick up their sleeve in an attempt to steal identities, data, and money. Being aware of the warning signs […]

What is the “Internet of Things (IoT)?”

Living in the 21st Century, we are surrounded by the “Internet of Things.” From the moment we wake up and brew a pot of coffee to when we set the alarm system before bed. What is Internet of Things (IoT)? IoT is a network of smart devices that are connected to the internet so they […]

How to Disable Automatic Login in macOS

When you set up a new Mac, or do a clean installation of a new version of macOS, the first thing you do is create a user account. That account is set, by default, to log in automatically at startup. Convenient, right? Only if you’re working from home 24/7. If you use a laptop and […]

How to Turn on The Firewall in macOS

MacOS includes an easy-to-use firewall that can prevent potentially harmful incoming connections from other computers. To turn it on or off: From the Apple menu, select System Preferences When the System Preferences window appears, from the View menu, select Security & Privacy (10.7 and later) or Security (10.6). Click the Firewall tab.If the orange padlock icon in the […]

How To Turn on The Firewall in Windows 10

This Guest Blog Comes To Us From Computer Hope (Check Out The Original Article Here.) Many users are interested in either enabling or disabling their Windows Firewall for various reasons. Some users want to utilize a different firewall, and some may have turned theirs off by accident. Microsoft Windows 8 and 10 both come with pre-installed […]

How to Backup Your Mac

MacOS has a built-in backup tool called Time Machine. Once you plug in a hard drive and set up Time Machine, it will work automatically in the background, continuously saving copies of all your files, applications, and system files. If you run out of disk space, Time Machine will automatically erase the oldest version of the […]

How to Disable Remote Access in Windows 10

Remote access effectively allows you to control everything on your computer as if you were directly connected to it. In Windows 10, you can do this through the Windows Remote Desktop feature that allows you (or others) to connect to your computer remotely over a network connection. Unfortunately, hackers can exploit Remote Desktop to gain […]

How to Disable Remote Access for macOS

Remote Access is a useful feature of macOS that lets you access files on your computer from anywhere. Remote Access also lets anyone with your administrator login and password access files on your computer, which is why it is a good idea to shut this feature off if you don’t really use it. Click the Apple menu […]

How to Encrypt a Hard Drive in macOS

So we know that encryption is important for the protection of your data. And we’ve covered how to encrypt your Windows 10 software but now we’re talking macOS. Step One: Turn on and set up FileVault Choose Apple menu > System Preferences, then click Security & Privacy. Click the FileVault tab. Click the lock, then enter an […]

How to Set Up File Backups in Windows 10

A sudden hard-drive failure or virus can be devastating, especially if all of your photos, documents, and other valuable data are lost. A regular backup routine is an essential way to protect against losing any important data on your hard-drive. File Backup File Backup allows you to make copies of individual, as well as groups of, files […]

How to Check for Viruses Using Built-In Tools in Windows 10

Viruses can bring down the strongest of systems. But, like the human body, computers have built-in tools to fight viruses. Let’s start with Windows 10 built-in scanning system: Click Start Click Settings or press Windows key + i Click Click Update & Security Click Windows Defender Make sure Real-time protection is enabled Windows Defender should automatically turn on and prompt you update. Do so […]

How to Check for Viruses Using Built-In Tools in macOS

You may have been led to believe that you don’t have to worry about computer viruses on your Mac. And, to some extent, there’s truth to that. While your Mac can definitely be infected with malware, Apple’s built-in malware detection and file quarantine capabilities are meant to make it less likely that you’ll download and […]

How to Enable Auto-Updates in Windows 10

Updating your computer is unavoidable. Here we’re going to focus on Windows software; the guide for Mac users can be found here.  Why do You Need to Update? Windows Update exists to help make it easy to keep Windows up to date with the latest patches, service packs, and other updates. How to Change Windows Update Settings […]

How to Enable Auto-Updates in macOS

Apple makes updating your macOS as easy as pie. It all happens in the background while you’re going about your day. Apple will never install an update without your permission, but they’ll make sure you don’t have to wait around your desk for hours when you want to install it. Here’s How to Automatically Update […]

How to Use a Password Manager

Password managers are great. We all know the struggles of staring at the computer screen trying to remember the password to a login. Thankfully, password management tools exist to save the day. And your sanity. What is a Password Manager? Password managers store your login information for all the websites you use and even let […]

Securicy Policy Builder Launches in TechStars Boston Accelerator Program

Securicy, a Cape Breton, Nova Scotia and Boston, Massachusetts-based provider of end-to-end cybersecurity tools and resources for small and mid-sized business,  announces today the launch of Policy Builder, the inaugural product in its cybersecurity solution suite.  Policy Builder is an easy-to-use, web-based software solution that empowers businesses to quickly develop clear and concise cybersecurity policies tailored […]

How Do I Set a Windows Screen Saver Password?

Adding a Microsoft Windows screen saver password can help protect your computer for the times when you’re not at the computer. Below are the steps required for creating a password in a Microsoft Windows screen saver.

4 Ways Startups Can Protect Network Security: A Risk-Based Approach

You have a great idea for a startup. So you come up with a solid business plan. You pitch it over and over and over. You get funding. Everything is in place. Then a data breach happens. Your customers aren’t happy. Your investors aren’t happy. What went wrong? network security? For most startups security isn’t a […]

7 Steps to Protect Your Personally Identifiable Information

In light of the Equifax data breach, it is extremely important for organizations to protect their personally identifiable information (PII). Governments are ramping up regulations and fines (see our recent blog post) for organizations that don’t take the real steps to ensure that their citizen’s data is safe from the corrupt intent of cybercriminals. Breaches involving PII […]

Why North American Companies Should Care About GDPR

GDPR isn’t just for tech companies in the European Union. As a measure to improve the levels of protection of European Union citizens’ data, the European Parliament adopted the General Data Protection Regulation (GDPR) on April 14, 2016. It applies to ANY company that handles data of EU citizens. It was designed to harmonize data […]

How to Recover From a Data Breach

Considering that a data breach can happen to any company, at any time, being proactive is often the best tactic. If you suspect that you are a victim of a breach, here are some steps you can take to protect yourself from potential identity theft. 7 Steps to Follow If Your Personal Data was Leaked in a […]

Don’t Keep Your Head In The Cloud: 5 Ways To Secure Your Local Data Backups

Local data backups are still an essential element of an effective security program for many organizations, even in the age of Amazon Web Services, Google Cloud, and Microsoft Azure. We can attribute a significant percentage of security breaches to mishandled local data backups. The process of replicating sensitive data isn’t the only thing that you need to […]

Email Security: A Phishing Tale

Email phishing is tricky – it often comes from a sender you already know and trust. A few weeks ago my wife told me that she got an unexpected email from the Canada Revenue Agency. They wanted to initiate an Interac e-transfer of $980.99 into her account. The alarm bells immediately started ringing in my […]

4 Things You Can Do Today to Protect Yourself from Ransomware Attacks

With attacks like Petya and WannaCry, ransomware has reared its ugly head again. While a recent threat primarily targeted Windows systems, you should still be vigilant when it comes to suspicious activity on all of your systems. Preventative action by you and your employees can protect your computers and company data from being held by ransomware […]

Cybersecurity Policies: A Cheat Sheet [with Templates]

Cybersecurity policies are necessary for all technology businesses at this point. Your company must have information security policies in place and demonstrate that you are following them. The trouble is that very few businesses take the time and trouble to create decent information security policies and procedures. Instead, they are happy to download template examples, […]

5 Things to Secure Your Company Against Cyber Threats

Cyber threats are a serious business concern. Businesses and not-for-profit organizations are processing and storing larger and larger quantities of information about clients, members, employees, and partners. Much of it is personal or confidential information, spread across a myriad of services and devices. All this data increases the fear of cyber threats. As a leader […]