Our Blog

A Guide to Strengthen Security Teams

Published on 10 December, 2013 - 22:54 by
A group of security experts, the SBIC (Security for Business Innovation Council) has recently published a guide on strengthening security teams facing advanced threats such as cybercrime, insider threats and hacktivism. The purpose of this guide is to help companies appropriately manage the IT risks they face. The information security mission has evolved; it is no longer simply represented by the implementation and operation of security controls. Indeed, its mandate must also include activities...

Information security awareness against targeted attacks

Published on 21 November, 2013 - 11:36 by
In recent years, Advanced Persistent Threats or APT have emerged and have become increasingly sophisticated. They use insidious social engineering techniques to access corporate networks and conceal malware. Cybercriminals then use the malware, at an opportune moment, to retrieve sensitive or valuable information (intellectual property, confidential information, credit card data, etc.) resulting in data breaches and significant business impacts. Most of the defense strategies used against...

Emails too tempting not to open

Published on 23 September, 2013 - 09:17 by annieboulanger phishing, News
A recent study showed that approximately 30% of users open emails despite suspecting that they contain malware or seeming dubious. Nearly 10% of respondents admitted to falling victim to infection on their system after having opened an attachment in a malicious email.The study showed that the most common malicious emails that respondents fell prey to included emails mimicking a financial institution (15.9%), a social networking site (15.3 %) or an online payment service (12.8%).According to the...

Business Continuity Management Program BCM (part 2)

Published on 18 September, 2013 - 16:45 by annieboulanger Planning
As a follow up to the Business Continuity Management program article, here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components:Emergency action plan and damage assessmentThis is a response plan to deal with activity-disrupting incidents. It aims, in the following order, to ensure the health and safety of...

The ISO/IEC 27002 standard

Published on 16 September, 2013 - 08:49 by annieboulanger
The ISO/IEC 27002 standard is part of a family of international standards (ISO 27000) for the management of information security. It includes the best industry practices to protect the availability, integrity and confidentiality of information. A risk assessment is initially necessary to identify priority controls to be implemented within a company in order to improve the information’s security level.This standard is the indisputable benchmark in information security management. It consists of...

NETrends 2013

Published on 9 September, 2013 - 13:09 by annieboulanger News
A recent CEFRIO study shows that advancing technology as well as the rise in the number of Internet users has led to increasing risk. Although Quebecers have progressively adopted necessary measures and precautions, it seems that nearly 3% of them have been victims of bank fraud or online extortion. In fact, about 145,000 adults (2.7%) have had their credit or debit card numbers or bank account information stolen, and 43,000 have been victim of a fraudulent money transfer.As for fraud relating...

Lise Lapointe, Nominee for the « Femmes d’affaires du Québec 2013 » prize

Published on 5 September, 2013 - 13:21 by annieboulanger Lise Lapointe, nominee, prize, News
Lise Lapointe, president and founder of Terranova Training has been selected as a finalist for the prestigious « Femmes d’affaires du Québec » prize, in the Internationally Active Entrepreneur category.This annual contest, presented by the Réseau des Femmes d’affaires du Québec, honors Quebec women who have distinguished themselves in the business world, and ardently supports the excellence of working women and their crucial contribution to the socio-economic development across Quebec."I am...

Universities become targets of Email Phishing attacks

Published on 30 August, 2013 - 11:11 by annieboulanger fraudulent emails, identity theft, phishing attacks, scams, News
McGill University, like many other institutions, has recently been a victim of fraudulent emails, a scam commonly referred to as "phishing."It is easy to deceive an inexperienced user by sending him an email with a strong incentive to click on fake websites which closely mimic legitimate ones. Once the user’s trust is gained, he may provide the requested information, such as his access codes and passwords, his account numbers or other personal information. After the information is obtained,...

A bank educates its clients on identity theft

Published on 30 August, 2013 - 09:39 by annieboulanger banks, engineering techniques, phishing, scam, social networks, News
Do you think Internet users can recognize phishing emails and prevent a fraudster from stealing their identity for financial gain or to commit other crimes?A federation of Belgian banks demonstrated that these techniques were feasible by engaging in the following experiment. With the help of an agency, a phishing email was sent to various bank clients. One of them was scammed by this fake email and provided personal banking information. The agency then had access to his bank account and used...

Identity Theft

Published on 28 August, 2013 - 15:29 by annieboulanger News
Identity theft is not a new phenomenon, but has evolved with the advent of information technology. Nowadays, access to a large amount of information available on the Internet, the exploitation of IT or the use of various scams allow fraudsters to obtain private or confidential information about their victims in order to steal their identity and then commit malfeasance.Information sought for identity theft includes social insurance numbers, birthdates or birth certificates, identity cards,...