Is Your Technology Company Talking to You About GDPR Compliance?

The European Union’s General Data Protection Regulation goes into effect on May 25, 2018. Many U.S. and Canadian businesses have been working hard to meet the new GDPR guidelines., but it’s not clear if others have the technology in place to notify individuals that their data was breached within the required 72-hour period. This is one of the primary components of the 2018 GDPR. No matter how you look at it, three days can go by very quickly when it comes to sending out data-breach notifications, especially if you haven’t planned in advance.

Watch Our Free GDPR Training Online

GDPR ComplianceMany U.S. and Canadian businesses, even large enterprises, don’t always plan ahead and, instead, operate in a reactionary mode. Security professionals in the U.S. and Canada are concerned–The mandatory 72-hour GDPR breach-notification period has them worried because they don’t think most businesses are prepared.  The U.S. doesn’t have a national data-breach notification requirement. However, most states do require notification within 30 to 45 days. If businesses don’t comply, they will be fined 4% of their global revenue up to $20 million. Plus, the consumers whose data is breached can file class-action suits against them for noncompliance.

Experts know that the GDPR is something to take very seriously.

They believe that the regulators in the European Union will impose the largest fines they can and that they’ll make an example of organizations that lack compliance–and will do so within the first 90 days of the breach. This is much like the U.S. Health, and Human Services/Office of Civil Rights does with their “Wall of Shame” and HIPAA breaches of personally identifiable information (PII).

The GDPR requirements apply to any organization that does business in Europe and collects personally identifiable information on European citizens. It doesn’t only apply to large multi-national corporations; it applies to any business that has 250 or more employees. Smaller companies are typically exempt, except in the case where a data breach results in a risk to the rights and freedom of individuals, isn’t an occasional occurrence, or where the processing of data includes special categories like those relating to criminal offenses or convictions.

The 2018 GDPR replaces the old Data Protection Directive of 1995. The most recent GDPR breach notification requirement was enacted in April 2016.  It set a higher compliance standard for data inventory, and a defined risk management process and mandatory notification to data protection authorities.

Breach notification is a huge endeavor and requires involvement from everyone inside an organization. In-house tech support and outsourced Technology Service Providers should have acquired a good understanding of the consequences a data breach causes and the data breach notification requirements for their organization.  They must be prepared in advance to respond to security incidents.

Is your technology ready for the GDPR?

Smart CIOs and CEOs in the U.S. and Canada have been preparing for the GDPR for the last year. And many larger enterprises, especially those that regularly do business in the European Union, have seen this on the horizon for a while and have taken advantage of the two-year implementation period to seriously prepare for GDPR. These organizations are ready and won’t need to worry that they can’t meet the 72-hour notification deadline.  Many U.S. financial organizations and banks are already prepared as they are accustomed to notifying regulators and customers, and they have the IT infrastructure in place to respond quickly. Plus, banks in the U.S. have been functioning under more stringent regulations since the 2007-2008 financial crisis–They’re already well prepared.

The following are steps your organization should take to prepare your technology for the GDPR.  

  • Perform a thorough inventory of your personally identifiable information, where it’s stored–in onsite storage or in the Cloud, and determine in which geographical locations it’s housed. Don’t forget about your databases. PII is often stored in databases.
  • Perform a Gap Analysis. This is a process where you compare your organization’s IT performance to the expected requirements. It helps you understand if your technology and other resources are operating effectively. By doing this, your Technology Solution Provider (TSP) can then create an action plan to fill in the gaps. The right TSP will understand the GDPR regulations and how your IT must support your compliance efforts.
  • Develop an Action Plan. Your TSP should document a detailed action plan for how to use technology to meet the GDPR if you experience a data breach. This should include individuals’ roles and responsibilities. Conduct tabletop exercises to practice how the plan will work with specific timelines and milestones.
  • Ensure data privacy. If you don’t have a Technology Solution Provider, then you need one for this. Data protection is key for organizations of any size. Consumers have the right to have their data erased if they want. This is called “the right to be forgotten.”  This is a concept that has was put into practice in the European Union in 2006, and it’s a part of the GDPR. You won’t be able to do this if their data is stolen.
  • Be sure to document and monitor everything that you do that’s related to GDPR Compliance. This includes any changes or upgrades that your Managed Service Provider makes to your IT environment. You may need to demonstrate that you’ve done your due diligence when it comes to protecting citizens’ private information and that you practice “defense-in-depth” strategies where you use multiple layers of security controls when it comes to your technology.

If you have all these processes properly in place, you should be able to meet the GDPR breach notification 72-hour period. The organizations that have met most of the International Organization for Standardization information security requirements should also be ready for the new regulations.

Watch Our Free GDPR Training Online

Unfortunately, many organizations won’t do this, simply because they’re not educated about the new GDPR, or they’re so busy they don’t think they have the time to make it a priority. Some think that the GDPR doesn’t apply to them. And others who don’t undertake proactive technology methods, in general, simply “bury their heads in the sand.”  These organizations have waited too long now to make the May 28th deadline. Hopefully, yours isn’t one of them.

10 Major Reasons Small Businesses Are Still Vulnerable To Malware Attacks

We have seen firsthand the common errors and oversights that lead to infections and intrusions – and we want to help your business learn from those mistakes.

Malware Attack

When it comes right down to it, cybersecurity best practices are not nearly as complicated or confusing as they seem on the surface. That’s not to say that security is simple, but rather that the best precautions have more to do with common sense and practicality than anything else. Yes, the software and safeguards you choose matter, but the best way to avoid something like malware damaging your business is to be smart about all aspects of your cybersecurity – not just the technological parts.

Here are the 10 main reasons businesses like yours are still at serious risk of suffering a malware attack.

1) You Still Think It Can’t Happen To You – Smaller businesses have a habit of assuming that just because they’re not a Fortune 500 company, a cybercriminal would have no interest in disrupting their operations or stealing their data. The reality is that couldn’t be further from the truth. It takes minimal effort on a hacker’s part to successfully target an SMB that has invested very little in their IT security, letting them use your business for practice or sport, and profit off of your stolen data. Most of the new malware variants are automated and target ANY business that lacks protection from a particular vulnerability.

2) Threats Evolve Faster Than You Realize – Like any other aspect of technology, malware and other cyber threats are constantly changing and evolving. Hackers are continually coming up with new ways to target businesses, and are creating more advanced threats. If you’re not up to date on the latest malware strains and zero-day exploits, you very likely have a gaping hole in your cyber defenses. This level of vigilance is all but impossible to achieve without full-time IT security staff at your disposal.

3) Your Staff Isn’t Up To Date With Security Best Practices – Your employees are both your best defense and your biggest weakness. Just about every cyber threat out there relies heavily — if not entirely — on the unwitting assistance of someone inside your organization to be effective. If your staff isn’t well-educated on security best practices and offered ongoing training and information to keep them up to date, any number of threats can target your business with ease.

4) Your Policies And Protocols Are Lacking – Your policies need to focus on more than just password control. At the minimum, you should have two-factor authentication and access controls in place to protect mission-critical data. By tightly regulating access to your files, folders, and systems, you can reduce the odds of an unauthorized users getting their hands on your data or finding a way inside your network.

5) You’ve Got Major Exposure To Multi-Vector Attacks – A standard firewall or antivirus will only protect your network against certain types of infections or attacks. If your security measures and protocols don’t take into account email, web browsing behaviors, file sharing, and network activity, your defenses won’t hold up under a multi-vector attack.

6) Your Technology Is Too Complex For Your Administrators To Manage Effectively – When you leave the responsibility for your business’ cybersecurity in the hands of a single in-house IT person or designate a staff member the administrator of these systems, you could be setting your business up to fail. A solid IT security system is far too complex for a single individual to manage on their own. Automating as much of your cybersecurity as possible can help to lighten the load, but these systems still need oversight to run effectively.

7) Your Systems And Software Are Out Of Date – An alarming number of malware infections — including the now-infamous WannaCry ransomware virus — use pre-existing system or software exploits to gain access to targeted systems. More often than not, security experts are aware these exploits exist, and release patches and updates designed to rectify the problem long before a hacker figures out how to make use of said exploit. However, if you’re not keeping on top of these patches and updates, you’re essentially propping a door open for a cybercriminal to waltz right through.

8) You’ve Got Zero Network Visibility – If you’ve got little to no idea about what’s going on inside of and around your network, it’s more than a little difficult to spot threats. Network monitoring tools can quickly detect both internal and external threats, and contain them before they can cause damage.

9) You’ve Got Lackluster Data Backup Practices – The most terrifying malware infection to date has been ransomware, and no other infection makes a better case for the importance of data backups. Without current and complete backups available for your business to restore from – specifically offsite backups that are insulated from threats that target your network and systems – it’s next to impossible to survive a ransomware attack. Businesses that don’t have reliable and up to date data backups to count on will typically close their doors within six months of a major data loss incident.

10) You’re Falling Short Of Compliance Requirements – Any compliance regulations your business is subject to – whether that be HIPAA, PCI, or any other industry-specific guidelines – will make strict recommendations for security. Simply by working to make sure you’re meeting these requirements, you can take a huge step towards better cybersecurity practices.

At the end of the day, great cybersecurity is not impossible to achieve. Often, it just comes down to having the right support in place. The true value of working with an MSP like {company} comes not from the specialized tools and support we can offer, but from the guidance and advice, you can only receive from experienced and knowledgeable technology professionals who understand your world, and the threats present in it.

Want to learn more about the industry-leading cybersecurity solutions and support we have to offer? Contact us at {phone} or {email}.

SECURING YOUR DATABASE

In the era of modern technology, effective database security is more important than ever. Your business stores a range of sensitive information (for clients and employees) all of which needs to be kept safe at all times. Should any of that data get exposed, either by malicious hackers or internal human error on your staff’s part, it could very quickly lead to severe consequences for your business. Loss of business, the trust of your clients, financial damages, lawsuits, compliance infractions, or worse. Don’t let it happen to you.

Database Security

Why Should Database Security Be Enhanced?

Information stored on your business database is more than likely to be misused – either hackers who want to access, steal or corrupt it, or simply by employees who aren’t entirely sure of what they’re doing. Additionally, the database is at risk of malware infections that may lead to inappropriate effects, unauthorized access, or deletion of crucial data. Data breaches can cause an overload that would result in poor business performance and lower operational efficiency. Besides, if hackers access your private business data, it could lead to data corruption and inappropriate activity that would potentially damage your reputation. That’s why it’s so important for you to enhance database security by employing various strategies aimed at protecting the information from any unauthorized access. These strategies involve physical, administrative, and software controls. They include:

Enhancement of Physical Database Security
It may sound simple, but it’s a vitally important part of database security – make sure your servers are kept protected by physical security implementations. Locked closets, numbered keypads, video surveillance, etc. Similarly, you need to ensure that you allocate different machines from those running the web servers for your database. Given that such servers are publicly accessible, they are at a higher risk of hacking and may help in accessing the database irregularly.

Use of Database Firewalls
A firewall will help to enhance the security of the database by denying access to traffic from unidentified sources and reducing the initiation of unnecessary outbound connections. In this case, it identifies a few web servers of applications that are allowed to access the data. Web application firewalls can also be used to prevent malware such as SQL injection attacks that have a potential to delete database information.

Encryption of Data
Encryption should be a foundational aspect of your cybersecurity practices, but especially those concerning your database. In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.

Use of Secure Passwords
Given that a password grants access to your database, it is imperative that you ensure it is complex enough that it can’t be easily guessed. In recent years, hackers have developed sophisticated tools and systems for identifying simple passwords. Therefore, combining letters, numbers, and symbols are simple ways to ensure your passwords are more difficult for hackers to crack using their standard methods.

Auditing and Monitoring Database Activity
Regular database auditing and monitoring help to detect any unusual activity or login attempts by an unauthorized individual. In addition, doing so can help you detect cases of account sharing or any other suspicious activity. The organization may need Database Activity Monitoring (DAM) software that is important in monitoring such activities automatically and independently. Additionally, auditing the database helps to identify accounts that are no longer in use, which could increase the risk of hacking.

Tight Management of the Database Access
It’s important to limit the number of people accessing the database in order to enhance monitoring. Besides, your administrators should only get the minimum privileges that are necessary for their jobs. In some instances, employees are caught colluding with external hackers to defraud an organization or steal crucial data. Therefore, it would be prudent for your business to consider acquiring access management software that provides temporary passwords to authorized users and more specific privileges when necessary. That way, any attempts to access the database with these credentials after they expire won’t work and will notify you of such attempts.

Segmentation of Database
A large, singular database is at a higher risk of exposing private information because it involves so much data. That’s why it can be useful to segment the data by creating various roles within the database. This help prevents all administrators from viewing all data whenever they like. Were you to segment your database, depending on the roles, your administrators may be classified with different privileges and access to different levels of database information.

The security of a database is undeniably important for businesses like yours. Be sure to follow strict cybersecurity practices in order to keep your database secure from malicious hackers and careless employees.

Hey Brother, Can You Spare $2.7 Million?

Don’t Be Like The City Of Atlanta That Paid Millions After A Ransomware Attack

In March 2018, Atlanta’s city government was hit with a ransomware attack that paralyzed them. They couldn’t process payments, provide information or other citizen services because their IT system was locked down. The note attached to the SamSam ransomware demanded $51,000 in bitcoin to restore their systems. However, the City of Atlanta spent much more than this trying to recover their data; a whopping $2.7 million! Plus, some services still aren’t up and running.

We’re not sure if they paid the ransom, but it doesn’t look like it went through if they tried. The hackers took down their communications portal, which they would have needed to pay the ransom. Agencies like the FBI tell us not to pay ransoms because it only encourages these criminals to continue hacking us. Plus, paying doesn’t necessarily mean that the thieves will provide the decryption keys to unlock your data.

It would have been so much cheaper to have protected their network beforehand. The City of Atlanta paid $600,000 in emergency data recovery costs after the incident. They could have set up a more secure system throughout all their departments for 10 percent of this. If I were a taxpayer in Atlanta, I’d be pretty angry about this, wouldn’t you?

Unless your organization has $2.7 Million to spare, it’s time to up your IT security.

Government entities are advised to follow the standards mandated by the Federal Information Processing Standards (FIPS) through the Federal Information Security Management Act (FISMA).

FIPS are a set of standards for document processing, encryption algorithms and other information technology standards for use by non-military government agencies, government contractors and vendors who work with them.

The US government’s National Institute of Standards and Technology (NIST) disseminates these standards via their Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, recently published on April 16, 2018.

Had The City of Atlanta followed these standards, they may not have been hacked.

The voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. It’s broken down into five segments:

Identify, Protect, Detect, Respond and Recover

1. Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

2. Protect: Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

3. Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

4. Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.

5. Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact of a cybersecurity incident. Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.

The NIST Framework is a good reference for guidance. {company} can do the rest. The days of using only in-house techs are gone. Your organization requires the up-to-date expertise of IT experts who can keep your data secure.

What Else Can You Do?

6 Steps To Take To Protect Your Organization

Step 1: Ignore Ransomware Threat Popups and Don’t Fall for Phishing Attacks

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, don’t do what they ask. If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Beware of messages that:

  • Try to solicit your curiosity or trust.
  • Contain a link that you must “check out now”.
  • Contain a downloadable file like a photo, music, document or PDF file.

Don’t believe messages that contain an urgent call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Try to start a conflict.

Watch for flags like:

  • Misspellings
  • Typos

Step 2: Always Use Secure Passwords

  • Never use words found in the dictionary or your family names.
  • Never reuse passwords across your various accounts.
  • Never write down your passwords.
  • Consider using a Password Manager (e.g., LastPass or 1Password)
  • Use password complexity (e.g., P@ssword1).
  • Create a unique password for work.
  • Change passwords at least quarterly.
  • Use passwords with 9+ characters.
    • A criminal can crack a 5-character password in 16 minutes.
    • It takes 5 hours to crack a 6-character password.
    • Three days for a 7-character one.
    • Four months for eight characters.
    • 26 years for nine characters.
    • Centuries for 10+ characters.
  • Turn on Two-Factor Authentication if it’s available.

Step 3: Keep Your Passwords Secure

  • Don’t write down passwords.
  • Don’t email them.
  • Don’t include a password in a non-encrypted stored document.
  • Don’t tell anyone your password.
  • Don’t speak your password over the phone.
  • Don’t hint at the format of your password.
  • Don’t use the “Remember Password” feature offered on programs like Internet Explorer, Portfolio Center or others.
  • Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with “http://” instead of “https://”. If the web address begins with “https://”, then your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

If you believe your password may have been breached, you can always change it.

Step 4: Back Up Your Data Onsite/Remotely and Securely

  • Maintain at least three copies of everything.
  • Store all data on at least two types of media.
  • Keep a copy of your data in an alternate location.

If you haven’t backed up your data and you get attacked, it’s gone forever.

Step 5: Secure Open Wi-Fi with a VPN

  • Don’t go to sites that require your personal information like your username or password.
  • Use a VPN whenever possible.
  • Limit your access to using sites that start with “https://”
  • Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

Step 6: Hire a Reputable IT Company to Conduct Testing and Training

  • Conduct a social engineering test.
  • Share the results with your staff.
  • Debrief and train your users.
  • Test again each year!

Don’t run the risk of getting hit with SamSam or any other form of ransomware. Follow the FIPS and NIST Framework and ask the experts at {company} to help.

Is Your Business Compliant with The New DFARS/NIST Requirements?

What DoD Contractors Need to Know About Controlled Unclassified Information (CUI) & Using a Technology Solutions Provider to Ensure Compliance with the DFARS and NIST.

DFARS

Today, more than ever, the Department of Defense (DoD) relies on external contractors and suppliers to carry out a wide range of missions. Sensitive data is shared with these companies and must be protected. Inadequate safeguards for this sensitive data may threaten America’s National Security and put our military members at risk.

In response to this threat, the DoD has implemented a basic set of cybersecurity controls through DoD policies and the Defense Federal Acquisition Regulation Supplement (DFARS). The DFARS rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit Controlled Unclassified Information (CUI). These security controls must be implemented at both the contractor and subcontractor levels based on information security guidelines developed by the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations.”

As a U.S. DoD contractor who collects, stores, or transmits Covered Defense Information (CDI) or Controlled Unclassified Information (CUI) you must comply with NIST (The National Institute of Standards and Technology) regulations 800-171 and DFARS (Defense Federal Acquisition Regulation Supplement) 252.204-7012. Your subcontractors must comply as well and be able to maintain compliance. If you don’t, you can’t bid on DoD contracts, and you may lose the ones you have.

The Department of Defense enforces a specifically defined set of cybersecurity controls through the DFARS. The DFARS rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit Controlled Unclassified Information (CUI). These security controls must be implemented by both you, the contractor, and your subcontractors according to levels based on information security guidance developed by the National Institute of Standards and Technology (NIST).

Finding everything you need to know about DFARS regulations and NIST cybersecurity guidance to ensure that your technology is compliant can be a daunting task. Using the services from a Technology Solutions Provider who has expertise in DFARS and NIST requirements is essential if you want to attain compliance and remain compliant.

Complying with DFARS and NIST requirements isn’t easy. You and your subcontractors must meet DFARS cybersecurity standards and NIST Guidelines, or you can’t apply for DoD contracts. To do this requires a complete scoping and readiness assessment to measure your compliance. You must then remediate any identified gaps in security.

To do this requires the support from a Technology Solutions Provider who specializes in providing compliance solutions. The right IT Provider will help you understand the risks of storing Controlled Unclassified Information in your IT system, and what you must do to comply. Your Provider should also be adept at conducting gap analyses services, vulnerability scans, and penetration testing to ensure your IT security.

Your Requirements as a DoD Contractor

Cyber attacks have reached epidemic proportions in the U.S. Even government agencies are at risk of breaches. This poses a real risk to National Security. It’s imperative that you, your personnel and your subcontractors safeguard classified information and Controlled Unclassified Information. The security of the U.S. Government depends upon the measures you take as a contractor, as well as those in your supply chain. Unfortunately, many businesses don’t have the right cybersecurity controls in places like firewalls, anti-virus and anti-malware, and identity-authentication processes. They also lack detection and response controls for IT exploits.

Until now, strict security processes, controls, and standards that applied to federal information systems weren’t required for CUI. The DFARS 225.204-7012 and NIST SP 800-171 regulations were developed to cover unclassified federal information for nonfederal organizations. You must implement the security controls outlined in the NIST SP 800-171 to be compliant with DFARS.

The U.S. Government provided a disciplined and structured process for contractors to follow. If you want to comply and be accepted for DoD projects, you must leverage the following IT solutions.

  • Security Information and Event Management
  • Intrusion Prevention System
  • Vulnerability and Threat Management
  • Database Security Controls
  • Log Management
  • File Integrity Checking
  • A Tested Incident Response Plan

The Right Technology Solutions Provider Will:

  • Identify Information Security Gaps in your system design, architecture policies, and planning exercises.
  • Utilize Advanced Security Engineering for remediation and enhancements so there are no interruptions in IT service.
  • Deploy Cyber Operations Support with proven methods to maximize your operational security.
  • Conduct Continuous Risk Management with a proactive rather than reactive approach.
  • Use Advanced Cyber Security Testing to identify vulnerabilities in your IT assets that are at risk for cyber attacks.

What Specifically is Covered by the DFARS/NIST Regulations?

The DFARS 252.204-7012 | NIST SP 800-171 requirement for CUI includes any information related to a DoD performance contract, as well as anything that supports the contract. This is a very broad requirement and could have a dramatic impact on the number of systems that must be covered.

These systems are broken down into four categories:

  1. Controlled Technical Information: Any and all technical information as defined by DoD, including those with space or military applications.
  2. Operations Security Information: Any intentions, capabilities or activities that an attacker could use to guarantee failure or unacceptable consequences.
  3. Export-Controlled Information, like biochemical or nuclear data.
  4. Any additional information specified in the contract.

The new rule also applies to your subcontractors. They must meet the same applicability definitions described above.

As a DoD Contractor, you must know what CUI you store, process, or transmit in the course of performing your duties. You and your subcontractors must be prepared to apply NIST SP 800-171 security controls to your information systems. You must create and sustain an environment for the proper storing, processing, or transmitting of CUI. This includes ensuring your employees or any individuals involved in the contract practice security and privacy when it comes to information systems.

As you can see, this broad scope of requirements demands the expertise of a Technology Solutions Provider who can develop, deploy and enhance a secure and compliant environment for your CUI processing needs. You need one who can engage with stakeholders to identify the key security objectives and critical requirements to develop a prioritized IT roadmap, information security architecture, security controls and operations that comply with the DFARS 225.204-7012 and NIST SP 800-171 Guidelines.

Minimum cybersecurity standards are described in NIST Special Publication 800-171 and broken down into fourteen areas:

  1. Access Control– You must limit system access to authorized users.
  2. Awareness & Training– You are required to promote awareness of the security risks associated with users’ activities, train them on applicable policies, standards and procedures, and ensure they are trained to carry out their duties.
  3. Audit & Accountability- You must create, protect, retain and review all system logs.
  4. Configuration Management– You are required to create baseline configurations and utilize change management processes.
  5. Identification & Authentication-You must authenticate information systems, users, and devices.
  6. Incident Response– You’re required to develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.
  7. Maintenance-You must perform timely maintenance on your information systems.
  8. Media Protection– You must protect, sanitize and destroy media containing CUI.
  9. Personnel Security– You’re required to screen individuals before authorizing their access to information systems, and ensure these systems remain secure upon the termination or transfer of individuals.
  10. Physical Protection-You must limit physical access to and protect and monitor your physical facility and support infrastructure that houses your information systems.
  11. Risk Assessment– You are required to assess the operational risk associated with processing, storage, and transmission of CUI.
  12. Security Assessment– You must periodically assess, monitor and correct deficiencies and reduce or eliminate vulnerabilities in your organizational information systems.
  13. System & Communications Protections– You must monitor, control and protect data at the boundaries of your system, employ architectural designs, software development techniques and system engineering principles that promote effective information security.
  14. Protection System & Information Integrity– You’re required to identify, report and correct information and any flaws in your information in a timely manner. You must also protect your information systems from malicious code at appropriate locations, and monitor information security alerts and advisories so you can take appropriate actions.

Plus, there are specific security requirements comprising 110 individual controls that you and your subcontractors must implement in each of these areas.

Large enterprises probably have these security systems in place. Smaller businesses probably don’t–And this is a big undertaking. With the right experience in CUI requirements, your TSP can help by handling these responsibilities for you. They can:

  • Periodically assess the security controls in your company’s systems to determine if the controls are effective in their application.
  • Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in systems.
  • Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
  • Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

As a DoD contractor, you and your authorized employees must fully understand what Covered Defense Information you store, process, or transmit in the course of doing business with the Department of Defense. You must also be ready to provide adequate security using controls outlined in the NIST SP 800-171, Security and Privacy Controls for Non-Federal Information Systems.

Your Technology Solutions Provider must be adept at integrating methodologies for incorporating security and privacy into business solutions. They should leverage the following services:

  • Compliance Services that include security awareness training, information technology security training, computer-based training classes, IT oversight, system registration and categorization, and continuous monitoring planning.
  • Risk Management Services via successful risk management programs and concise, actionable risk assessments.
  • A 24/7 Virtual Network and Security Operations Center (VNSOC) with a team of highly trained, certified and experienced network and security analysts that monitor your network and systems around the clock with log management.
  • Security Assessments that utilize the latest trends in data protection, technology advancements, and legislative changes, and that test the security posture of your information systems.
  • Security Controls that determine how to implement NIST SP 800-171 R1 security requirements.
  • Identity, Credential & Access Management (ICAM) to simplify the identification, credentialing and assessment of your IT infrastructures to ensure privacy, security, privacy, compliance, and efficiencies.
  • Cyber Incident Reporting to plan, develop and execute testing of a cyber-incident plan.
  • Response and Recovery Service if a cyber event is confirmed. Your TSP should support and advise you during the Incident Response lifecycle. Your TSP should immediately preserve and protect all evidence and capture as much information about the incident as possible. They should review your networks to identify compromised computers, services, data, and user accounts and identify specific covered defense information that may have been lost or compromised. You must always be helpful and transparent with the DoD and cooperate with them to respond to any security incidents.

Meeting the SP 800-171 is not a one-time fix–Rather it’s a continuous assessment, monitoring and improvement process. Your TSP should periodically assess the security controls in your company’s systems to determine if the controls are effective in their application. They should develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in systems. They must monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls that are in place. And, they should develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with connections to other systems.

If the Department of Defense determines that other measures are required to provide adequate protections and security, you and your subcontractors may also be required to implement additional precautions. It’s essential that you stay up to date on these requirements if you want to keep your standing with the DoD or to bid on future contracts. Again, your Technology Solutions Provider is your best friend where this is concerned.

 

7 Ways to Reduce Your Paper Usage

In spite of the move toward living digitally, Americans still use over 90 million tons of paper each year. Everyone nowadays seems to be reading everything online, and yet more than 2 billion books are printed each year. In addition, over 24 billion newspapers are printed annually, along with 350 million magazines. Only about half the available waste paper is recycled each year, leaving the other half to end up in local dumps and waterways.

Paper Usage

Of course, much of this wasted paper originates from commercial enterprises, such as offices, publishers, schools, colleges, and manufacturing. The average consumer has cut way back on their personal paper usage.

Saving Trees

You may have learned this stuff in grade school but forgotten it. Trees make oxygen, the air we breathe. They filter out harmful pollutants. They also produce foods like maple syrup, walnuts, pecans, and almost all fruits. A tree has its own self-replicating technology: it drops seeds each year so that new trees can be born. Many birds and small animals call a tree their home.

When we slash and burn a rainforest, we do irreparable harm to our planet. Rainforests are precious and delicate eco-systems that are simply remarkable on every level. There’s no way for humans to cheaply create, build or invent the machine that does what one common oak tree does. These are just a few of the reasons why it’s so important to save every tree possible. By taking strong actions now, we can ensure that our grandchildren will be able to walk through a lovely forest of aspens or look out on a field of evergreen trees and smell that unmistakable essence of evergreen.

Saving Other Resources

Each time someone prints something, there is other waste involved. You can’t print out a letter without using ink. You also need electricity. In the end, there are numerous direct and indirect costs associated with printing anything. And there are always harmful effects to the environment, such as the pollution caused by a single paper mill. When you add it all up, the cost to print a book includes damage to the eco-system, waste of natural resources, and it adds to the landfills. Instead, let’s all look for ways to reduce our paper usage so we can save as many trees as possible. We begin with these seven timely suggestions.

One: Recycle Phone Books

In this day and age, very few people use a phone book, yet most cities still print them. They are rarely recycled, but it’s possible to save approximately 30 trees simply by recycling 500 phone books of average size. Each year, when the new phone books arrive, be sure to throw the old ones in your recycling bin. These items can be recycled just like any other paper product. There’s nothing hard or complicated about the process. Most of us simply forget.

Two: Opt Out of Junk Mail

Many of us can fill a trash can with the junk mail we get in just one week. It’s time-consuming to open all those letters, plus it’s wasteful. Simply opt out. You can stop receiving certain emails, but many people are not aware that you can also do this with printed junk mail. It’s dangerous in this day and time to allow companies to send you pre-approved credit card applications through the mail. These can be stolen and used by thieves to obtain credit cards in your name.

The consumer reporting companies maintain a website and a toll-free number that consumers can call to opt out of receiving these offers. Simply by calling the toll-free number, you can opt out for five years. If you’d like to stop receiving junk mail permanently, then you must go to the website. The process is a bit more complicated but still worth it.

Three: Go Paperless

Many people have already done this, but it’s simple to go paperless at your bank and all creditors. Since it’s much cheaper for businesses to send your statements and bills by email, most companies make it very simple to choose “go paperless”. Go to their website and look for information about this on the homepage. Usually, you need to log into your account and then set up the paperless option there. It’s normally just a matter of a few clicks and you’re all done.

Four: Stop Printing So Much

The average consumer has a much better handle on this concept than the average business. Most homeowners barely use their printer these days. At the office, it’s a totally different story. The average office still prints out reports, surveys, journals, meeting notes and many other items. When you do need to print something out, you can easily adjust margins to .75 inch and thereby get more writing on each page. This reduces the number of pages on every document.

Five: Sign Up for Online Magazines

Who among us has a dusty pile of old magazines somewhere in our home? This is quite a common problem. You can eliminate this problem by signing up for online magazines. When you think about it, online publications make more sense. Once a document is digitized, you can quickly search through it for information. We’ve all read something interesting that we wanted to go back and look at again, but just can’t find the correct book or magazine. It’s easy to search through digital documents of any length using a single keyword and find exactly what you’re looking for. If you’re one of those people who hate to throw away old magazines, this is the perfect solution. Just choose digital publications from now on.

Six: Use Electronic Storage

Occasionally, we all get receipts, instructions, forms, and other important documents that we need to save. It’s very easy now to snap a photo of these types of items and then store them on your hard drive. You can create files specifically for warranties, receipts, or whatever it is. There are a number of handy apps now available that can make this even more convenient to use. Once you get these copies on your computer or phone, they can be saved by the date or type of item. This is much better than having a shoebox full of old receipts lying around gathering dust.

Seven: Buy Recycled Stuff

Recycled items are good for the environment. Because of the lower costs involved, you can now purchase countless recycled items that you use every day. These products include paper plates, envelopes, greeting cards, books, notebooks, household paper products and others.

The average person simply doesn’t think to look for this on the packaging. These recycled items are for sale on the shelf, right alongside products of the same type. It’s just a matter of looking for the phrase, “Made from Recycled Materials”.

Tips for Success

Sometimes we all receive important papers and worry that we’ll lose or misplace them. This happens with printed documents as well as digital items. To keep track of your important papers at home or at the office, purchase a small filing cabinet. For each topic or item, create a single file folder. You can include the date and any other important information like PIN numbers or due dates.

Saving digital documents is simple too. If you have a word processing program like Microsoft Word, be sure to save these items to your hard drive. If you already have too much on your hard drive, programs like Google Docs allow you to store everything in the cloud. A number of companies have created apps and software for saving important documents. It’s just a matter of finding the program that works best for you.

Of course, it goes without saying that we should all back up our phones and computers on a regular basis. It can be helpful to have a few blank thumb drives lying around for this purpose. Blank DVDs are cheap and you can store from 4.7 GB to 9.4 GB. These disks can last for years but be sure to stick them in a paper sleeve so they aren’t accidentally scratched. No paper sleeves available? Plastic lunch bags work perfectly.

Electronic document collaboration is superior to paper document collaboration. Here at Vision of Earth, we use Google Docs for all of our writing. It is a simple system that allows us to cooperatively edit documents, as well as track the changes made by each person. For more information on how we at collaborate, see our post on software tools that we use to collaborate across the world.

It is possible to do effective editing and collaboration even using standard word processors. For instance, you can learn to use “track changes” in Microsoft Word, or Edit->Changes in OpenOffice Writer. This lets you put editing marks in documents, and also view the editing changes that have been made by other people.

Use email (electronic mail) rather than paper mail when you can. Most businesses and even governments are in the process of transferring over to electronically available services. This will drastically reduce the costs of postal service as well.

Use a USB stick, also known as a ‘thumb drive’, to move around or share electronic documents rather than printing them. Encourage people coming to meetings to bring their reports in electronic format, and for attendees to bring electronic storage of their own (or share via an Internet-based document storage). Many companies are utilizing an ‘intranet’ now, allowing them to securely distribute documents to company employees only.

Use electronic fax services. There are a number of them available, some of which are even free for one-page faxes such as fax zero. The quality can sometimes be a bit low with the free services, so it is recommended that you phone the fax receiver to make sure that they can read the sent document.

Don’t place paper contacts on business cards (such as a postal mailing address). Only put email, and phone. This forces people to contact you through these electronic mediums.

Home

Use cloth napkins.

Use rags instead of paper towels.

Try to not use paper plates. Use durable washable ones if you need something for a BBQ. In terms of environmental impact, the trend usually goes like this: Reusable plates are better than paper plates which are better than plastic plates.

Use a handkerchief instead of kleenex.

Use a whiteboard for lists/notes/announcements.

Buy bulk foods using your own reusable containers rather than buying supermarket boxed

How Much Paper Does Your Office Use Each Year? Tips For Reducing Paper Use

Are you an average worker? If so, statisticians say you use around 10,000 sheets of paper every year.

If that sounds like a lot, that’s because it is. The bottom line is that the average American worker uses way too much paper. To put it in perspective, here are some facts to consider:

4 billion trees are cut down each year to make paper

16% of landfill solid waste is comprised of paper

In one year, the average American citizen will consume 800 million pounds of paper

If you’re having a hard time visualizing how much paper that really is, imagine 5.5 million printed copies of the Hunger Games Trilogy. In terms of trees, you would have to cut down every tree in New York City’s Central Park, or enough trees to build a city with 25,000 houses.

No Office Is Alike

The real issue is how that paper is being used or, in this case, not used. According to a recent survey, 70% of the total waste in offices is made up of paper and as much as 30% of print jobs are never even picked up from the printer. Even worse, 45% of printed paper ends up in the trash by the end of the day. When you consider that the total amount spent annually by U.S. companies on printed documents is $120 million, it’s clear that there is a lot of pointless printing in modern offices (and a lot of wasted money).

Of course, no one is an average worker and there is no such thing as an average office.

I recently visited a small startup that operated out of two different offices. In one office, the company’s engineering team does the coding and support for a Cloud-based software system. These workers are coding all day and hardly ever speak to one another — that’s done on chat — and they almost never print anything. The lead programmer could barely understand why he needed a printer at all and was satisfied with an inexpensive multifunction machine.

Meanwhile, in the same company’s main office, marketing, sales and support staff had multiple printers running all day to publish reports, marketing materials, and more, and stacks of unread documents ended up being piled in bins next to the machines. These are two very different offices within the same company with very different needs: one office barely needed a printer while the other was in desperate need of a Managed Print solution.

It might surprise you to know that even though we sell and service printers, we want you to print less.

Reducing paper usage isn’t just good for business; it’s good for the planet. Take a look around the office. What do you see?

Reams of wasted paper in the recycling bin?

No strategic supply management process?

Underutilized or inefficient printers?

Color copies that should be printed in black and white?

If that sounds familiar, then you need to manage your printers more effectively. We recommend a three-step approach to designing a print strategy that eliminates wasteful printing and matches your business needs.

Evaluate your device use, output, supplies, and viability to align them with a purchasing process

Integrate best-of-class software and printer hardware into your current system

Continuously assess your consumption based on actual usage — because it will always be in flux

Managed Print is ideal for controlling costs and can help ensure that your machines are helping you better serve your clients. To see how such a print partnership can benefit your company, download the Major Signs You Need Managed Print infographic below.

How much paper can be made from one tree?
It is impossible to specify how much paper can be made from one tree, due to its complicated process and multiple factors which impact production.  However,  if we assume that the following paper products have been produced using 100 percent hardwood. A cord of wood is approximately 8 feet wide, 4 feet deep, and 4 feet high. A cord of air-dried, dense hardwood (oak, hickory, etc.) weighs roughly 2 tons, about 15-20 percent of which is water.

It has been estimated that one cord of this wood will yield one of these approximate quantities of products:

  • 1,000-2,000 pounds of paper (depending on the process)
  • 942 100-page, hard-cover books
  • 61,370 No. 10 business envelopes
  • 4,384,000 commemorative-sized postage stamps
  • 460,000 personal checks
  • 1,200 copies of National Geographic
  • 2,700 copies of an average daily newspaper

Notable features of Windows 10

Over the years there have been many versions of Windows such as Windows 8, Windows Vista, and Windows XP. Windows 10, the latest update from Microsoft, has many unique features that distinguish it from its predecessors. While the previous versions ran mainly on laptops and desktops, Windows 10 is designed to run on tablets equally as well. One of the best features of this update, which is also known as Spring Creators Update, is that takes very little time to install – just under thirty minutes. While the previous updates used to take a lot of time, this new version is very time effective.

Notable Windows 10 Features

Windows 10 has many other distinctive features that are very useful for many small businesses.

Cortana on Desktop

Windows 10 brings voice-controlled digital assistance in the form of Cortana to computers. Now you can interact with or give commands to your computer without lifting a finger. You don’t need to type – just tell your computer if you want to launch a PowerPoint presentation, need a specific file, or want to look at specific photos. Your PC can do all this while you work on, say, an interdepartmental email.

Timeline

Timeline has replaced the Task Viewer icon beside the Windows taskbar. This new feature allows the user to view the activity history of their desktop. If you are looking for a file that you were working on last week, Timeline will help you find it quickly. Just click on the Task View button on the taskbar, and you will be able to see all your open files and applications. It is a convenient way to see what applications are running. Windows will display photos, folders, and documents according to the date that they were last used.

Privacy

Another security feature of Windows 10 is the new Windows Diagnostic Data Viewer. This feature allows you to view the amount of information that Microsoft can access from your computer. You can keep your data safe by fine-tuning privacy settings which concern application usage, browser history, web permissions, and connected devices.

The Start Menu is back!

In the previous update the Start Menu was eliminated, but in Windows 10 we can see its revival. The bottom left shows the Start Button, and when you click on it, two panels appear side by side with the left side showing the most used applications. The right side displays a list of live tiles that you can resize, reorganize, and customize. There is a power button at the top similar to Windows 8 for features such as Standby, Hibernate, and Shut down.

Nearby Sharing

Another simple feature that makes office work so much easier is Nearby Sharing, which you can enable from the Control Panel. Select the computer you want to send the file to and then click on the Share button in the Photos app or the Edge browser. The computer will receive a notification asking it to accept or decline the file. This ensures that file transfers can happen without unreliable network folders, beat-up USB devices, or empty email messages.

Snap Assist

In this update, the Snap View feature has also been updated which allows users to open multiple windows side-by-side without being limited by your screen’s resolution. This feature also suggests different apps that you can open to fill the available space.

Swift Pair

This feature allows you to connect to a Bluetooth device within the desktop’s range. You will automatically receive notifications whenever there is a connection opportunity. With Windows 10 you can use wireless headphones to make a call or try out a wireless keyboard by just clicking connect.

Microsoft Edge

The new browser called Microsoft Edge has replaced the old Internet Explorer. This browser has many impressive features such as Cortana integration, which allows you to pull up contextual information without having to search through emails. It has an annotation tool which lets you write anything and share it with your friends on social networks without leaving the browser, and PDF support which makes reading easier by improving the layout of long articles.

Tablet Mode

Windows 10, unlike Windows 8, makes a clear differentiation between tablets and desktops. In Windows 8, if you happen to be using a mouse and keyboard, by default, you will be in desktop mode.

Action Center

The Action Center in Windows 10 has been expanded to allow easy access to frequently used settings such as tablet mode and Wi-Fi connectivity. It also shows all essential notifications as soon as your computer receives an update.

Windows 10 has many impressive features which were missing in the previous update. It is faster, provides invaluable security protection and makes multitasking much easier. Update your computer today to enjoy all the benefits of this new operating system.

Q & A: What is Intelligent Business Continuity?

Is a backup enough to support your business?

Absolutely not.

What causes data loss?

45% is due to human error

45% is due to server failures

50% is due to network outages

 

Can you risk time, security and peace of mind?

No. If your technology comes to a halt, so does your business.

Can you afford to wait for the slow wait times of traditional backups?

No. Time is money. Plus, traditional backups may not be secure.

Can you risk using an untested backup?

No. Because over 50% of tape backups fail.

Can you risk using only one backup location?

No. Your data will be in jeopardy.

Can you afford to wait hours, days or weeks to recover?

No. Your customers will leave and go to your competitors.

What Exactly is Intelligent Business Continuity?

Intelligent Business Continuity is more than a backup. It’s an image-based backup that’s saved as a VMDK (Virtual Machine Disk) that can be instantly virtualized.

Intelligent Business Continuity tests each backup and sends a screenshot to report success.

Intelligent Business Continuity is a Hybrid Cloud Solution that guarantees complete uptime. It utilizes end-to-end encryption protections for your data in transit and in the Cloud.

How does Intelligent Business Continuity with VMDK work?

It preserves your disk file system and system memory of your virtual machine and lets you revert to the snapshot in case of a disaster, deletion or other error that could otherwise erase your data.

 

 

Intelligent Business Continuity is thinking about your business on a higher level.

 

Top security officials advise that businesses like yours in Dallas/Fort Worth strengthen your IT defense structure with Intelligent Business Continuity. Your data will be preserved, protected and easily recoverable 24/7 no matter what.

For more information, contact the Business Continuity Experts at VersaTrust.

 

Datto Siris Data Protection Services from VersaTrust

Your business is at risk every day.

Simple daily backups are no longer enough to ensure your business can keep running in the event of IT equipment failure– equipment fails due to:

  • Human Error
  • Fire
  • Flood
  • Cybersecurity Threats

If a disaster strikes, how will you ensure that your IT environment has enough flexibility, redundancy, and resilience to protect your data, while remaining simple to set up, use and recover?

You can with Datto Siris–the first fully featured, Total Data Protection platform in one integrated solution.

With Siris, you can choose from a family of physical, virtual and software appliances, as well as a variety of storage options to craft a unique data protection solution tailored to your business.

Siris supports a wide array of operating systems, including Windows, Mac, and Linux.

It protects and restores both physical machines and virtual environments. You have the option to restore no matter where your business data lives.

 

Your backups are scheduled every 5 minutes.

They’re tested, stored locally and replicated to the secure Datto Cloud.

And, this isn’t just any cloud. It’s stored within Datto’s Globally Distributed Data Centers.

With Datto Infinite Cloud Retention, you can store your data for as long as your business requires.

You can’t risk losing any piece of data to corruption.

Outdated data backup methods force you to restore an entire system from a single restore point. This results in data loss for any files created after the restore.

Siris uses Inverse Chain Technology and ZFS Snapshots to make each file interdependent. Each snapshot saves the changes between each data point, ensuring that any individual piece of data can be recovered from any previous backup without losing the most recent data.

When disaster strikes your business, there’s no time to waste waiting on outdated technology to restore backups–even 15 minutes old.

With instant virtualization, your business can restore within seconds from your local device or by using Datto’s powerful cloud.

While a complete image of your system runs through a virtual machine, regular backups continue.

And, if you lose the entire source machine, Siris also provides the option for Bare Metal Restore, into new hardware or a virtual destination.

Detect ransomware threats before they happen.

Siris monitors and targets specific patterns of ransomware within a single backup.

Plus, it notifies you and helps you get back to business without paying a ransom.

Imagine the power to backup, restore and secure your business data integrated into one solution.

And supported by a world-class, 24/7/365 tech support group.

With Datto Siris, your business can run anywhere, protect anything and restore any time.

Find out more by contacting the Datto Experts at VersaTrust.

Canada’s Public Emergency Alert System Test Scheduled For May 7th, 2018

On May 7th, all smartphones on an LTE network will receive a test notification for the new Public Emergency Alert System.

Canadian Emergency Broadcast

Don’t let it catch you off guard – coming up on May 7th, 2018, if you live in Ontario or Quebec, your smartphone will receive a test alert for Canada’s Public Emergency Alert System. The same test will run in the rest of the country on May 9th.

Be aware that this first notification will simply be a test by all major broadcast and telecom companies that offer LTE service. In some cases, you may be required to acknowledge receipt of the alert. Depending on your service provider, the alert may also make a notification sound that circumvents the settings on your phone (i.e., even if you have your phone set to silent, in some cases it may still notify with a noise).

These notifications will be sent out as a part of the Alert Ready Emergency Alert System. According to their website, Alert Ready is “designed to deliver critical and potentially life-saving alerts to Canadians through television and radio. The Alert Ready system is developed in partnership with federal, provincial, and territorial emergency management officials, Environment and Climate Change Canada, The Weather Network, and the broadcasting industry and wireless service providers, to ensure you receive alerts immediately and know when to take action to keep yourself and your family safe”.

Once tested and verified, these types of alerts will be sent to Canadians to inform them about a range of types of emergencies and imminent threats, including:

  • Natural Disasters
    • Tornado: a vortex of violently rotating winds, often forming a funnel-shaped cloud that is capable of damaging property and injuring people.
    • Flash Flood: Usually caused by river ice jams and excessive unpredicted rainfall, a flash flood is a sudden onset of water causing immediate flooding of the local area. The danger is in the little to no warning to local residential areas.
    • Earthquake: A sudden release of violent seismic waves due to energy generated by the movement of plates in the Earth’s crust, which can cause extensive damage in urban environments.
    • Hurricane: A violent storm made up of intense winds and heavy rain that can lead to storm surge, floods, coastal erosion, and landslides.
  • Fires
    • Urban Fire: Any urban fire that presents a threat to multiple residential and/or commercial properties.
    • Industrial Fire: A large fire in an industrial building or complex that poses a threat to human health.
    • Wildfire: A large natural fire involving combustibles such as grass, brush, and trees.
    • Forest Fire: As opposed to a wildfire, a forest fire burns in a forested area, grass or alpine/tundra vegetation and poses a threat to human safety.
  • Biological
    • Biological: A potentially dangerous or poisonous substance that is both unstable and easily transferred between living organisms.
    • Chemical: The misuse or release (unintentional or otherwise) of a chemical substance that could result in serious injury or death.
    • Radiological: A radiological (radioactive) substance with sufficient concentration to do serious or lethal harm to exposed populations.
    • Drinking Water Contamination: In the event that drinking water is negatively affected and as such, a boil-water advisory is raised, cautioning use by the public.
  • Hazardous
    • Explosive: A potentially dangerous substance or device that may explode within an affecting radius of an urban environment or concentrated population.
  • Terrorist
    • Terrorist Threat: The use of violence or threat of violence by individuals or groups against civilians or infrastructure.
  • Environmental
    • Air Quality: Caused by an elevated particulate count in the atmosphere that could negatively affect visibility or the health of individuals.
    • Falling Objects: Natural or human-made materials at risk of falling, which may threaten people or property.
  • Civil
    • Civil Emergency: Occurring when humans cause a disruption of services or require varying levels of support, law enforcement, or attention.
    • Animal Danger: Occurring when a wild or domesticated animal poses a threat to human life or property.
    • Amber Alert: Issued when a child has been abducted and police services believe that the child’s life is in grave danger. This type of alert gives the public immediate and up-to-date information about the abduction in order to gain their assistance in ensuring a fast and safe return of the child.
    • 911 Service: This type of alert occurs when there is a disruption or outage of telecommunication services between public and emergency responders.

Check out the Alert Ready website to hear an example of the specific alert tone that will play through television, radio, and wireless broadcasts to notify Canadians of an impending emergency.

Be sure to take note of how the test occurs – it is the public’s responsibility to ensure that they understand what the alert is informing them of, to consider it carefully, and to respond appropriately and as directed.

For more information about Alert Ready, check out their website here.