Actively Managing Cybersecurity

Businesses and companies are always looking for new and improved ways to actively manage their cyber-security of their client information and company files. I have attached an article written by The Globe And Mail explaining how to properly manage the cyber-security of your business.

Malware Analysis Report

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a Malware Analysis Report (MAR) on Wednesday warning industry about cyber attacks from the Lazarus Group, which is widely believed to be backed by the North Korean government. DHS and the FBI have identified the malware variant to be HOPLIGHT.

The report includes an analysis of nine malicious executable files, seven of which are proxy applications designed to mask traffic between the malware and the remote operators.

One of the remaining files contains a public SSL certificate and the payload of the file appears to be encoded with a password or key. The final file does not contain any of the public SSL certificates, but attempts outbound connections and drops four files.

The alert continued, “[t]his MAR includes malware descriptions related to HIDDEN COBRA (how U.S. Government refers to malicious cyber activity by the North Korean government), suggested response actions and recommended mitigation techniques.” It further noted that users and administrators should flag all activity related to the malware and report the activity to the Cybersecurity and Infrastructure Security Agency or the FBI Cyber Watch.

Malware Attacks

In today’s society technology is advancing at a very high rate. I have attached some reading material that will give you in-depth knowledge on how a security breach could affect your personal information even if you think you are safe. Please see the article below:

Approaching Penetration Testing

The Right Approach To Penetration Testing

Cybercriminals are always probing for new ways onto our networks, and they frequently sit there undetected. If we want to combat them effectively, we need to employ the same intelligent and determined approach. Here are some quick tips to help you do that:

 Consider the risk: What are you trying to protect? Where does the greatest risk lie? Talk to the right people in your organization and ask them. Figure out where a breach would cause the most damage so that you know what you need to safeguard. Brainstorm on where the risk lies and how access might be gained.

 Profile attackers: Figure out who might try to gain access to your data and build a profile of them that your pen tester can emulate. Are you concerned about rival companies, criminals and disgruntled employees? Each will likely take a different approach and pose different risks.

• Take a holistic view: You can’t just pen test your apps and call it a day. Attackers will probe and search until they find a weak spot that can be exploited. Try to analyze and test your entire network and infrastructure.

 Harvest actionable insights: You need detailed reports on your pen test findings that are then attached to remediation action. The point is to improve your security, so you need to act to close gaps and then test again to verify your actions were successful.

Real-time protection and continuous assessment of security strategies are crucial to the success of any cybersecurity plan, and penetration testing is an important part of that.

Digital Forensics Market

The digital forensics market was worth USD 3.14 billion in 2017 and is projected to reach USD 5.37 billion by 2023 growing at a CAGR of 9.32 % over the forecast period (2018 – 2023). The scope of the report is limited to component hardware, software, services, and type, along with the segmentation based on type, including computer forensics, mobile device forensics, network forensics, and others. The report is segmented on the basis of end-user verticals into telecommunication & IT, BFSI, retail, automotive, government, healthcare, manufacturing, and others. The regions considered in the report include North America, Europe, Asia-Pacific, Latin America, and Middle East & Africa. The study emphasizes the benefits of digital forensics with respect to diverse industries and the future prospects of the same.

Simplifying “Digital Forensics”

Simplifying the Umbrella Term “Digital Forensics”

Digital devices such as smartphones, gaming consoles, tablets, laptops, desktop computers, and a few others are a usual part of our daily life. They also serve us as the most convenient go-to data storage devices; it can be our banking details, credit card information, or other private/confidential files, and a lot more. These data attract cybercriminals as it can benefit them in many ways. Now, when a cybercrime occurs, digital forensic investigators lead us through the whole incident investigation process and look for proof to either solve the case or present them as digital evidence in the court.

Digital Forensics can be defined as a branch of forensic science dedicated to investigating and identifying evidence in a digital device-assisted crime. Until the late 1990s, the term was used interchangeably with computer forensics but later years witnessed the expansion of the term “digital forensics,” which categorized it into five major branches:

1. Computer Forensics

Originally, digital forensics was used as the synonym for computer forensics. But now, the term “computer forensics” is limited to analyzing and collecting evidence from the computers systems, embedded systems, and any static memory (like USB pen drives) of the perpetrators. It also includes reporting, like any other branch or sub-branches of forensic science demand.

2. Mobile Device Forensics

Under this subbranch, digital evidence is collected from mobile devices. Mobile devices are different from computers as they have inbuilt communication systems such as GSM. The data retrieved from mobile devices are not limited to short message services or emails; it also includes data regarding the location of the user, call log, user dictionary content, data from installed applications, system files, usage logs, and any other deleted data.

3. Network Forensics

Network forensics involves capturing and analyzing network traffic and network packets over local and wide area networks (or internet). The analysis also covers intrusion detection. Being volatile and not easy to log, network data are often considered as a proactive investigation element.

It uses two systems to collect data:

  • Catch-it-as-you-can

This approach requires a huge amount of storage as, under this system, all the network packets are stored at a traffic point and, later, analyzed in batch mode.

  • Stop, look, and listen

The network packets under this system are analyzed in a primitive manner. Not all the data are saved for future use. This system requires a faster processor that can pace up with the massive incoming traffic.

4. Database Forensics

The forensic study of databases and its metadata falls under database forensics. Database forensic investigator analyzes database content, log files, and in-RAM data to recover pieces of digital evidence or to build a timeline for the incident.

5. Forensic Data Analysis

It covers the investigation of financial crimes associated with structured data (such as data from application systems or their databases). The primary motive of forensic data analysis is to find a pattern behind the fraudulent activities. Unstructured data are usually analyzed under computer forensics.

Cyber Security

Statistics Canada conducted a survey in October of 2018 that found that more than 20% of Canadian companies were hit with a cyber attack in 2017, with businesses spending over $14 billion on cybersecurity. Cybersecurity experts feel that the numbers of companies affected are drastically higher. Are you taking reasonable and appropriate efforts to keep your clients’ information safe from a data breach? 


Law firms are a high-priority target for hackers, ransomware and nefarious miners of cryptocurrency. Data breaches affecting law firms continues to increase by double-digit percentages year over year.


Your clients are also becoming much more tech-savvy and are seeking lawyers who are implementing more secure methods to safeguard their data. A survey by Microsoft found that 91% of people would stop doing business with a company because of its outdated technology.


Communication with clients is key to representation. Lawyers are responsible for protecting client information when communicating digitally. It’s best practice to utilize the tools available to secure and possibly also encrypt any digital communications between you and your client. Email is the weakest link for many law firms, with phishing emails being one of the most common types of hacking encountered by lawyers.


Lawyers must not only safeguard client data but must also notify a client if a data breach exposes their confidential information. The legal sector tends to stand out due to its large cache of sensitive client data which makes law firms an attractive target for hackers. From patent disputes to employment contracts, firms have a high-level exposure to sensitive information. Hackers will try to find and exploit vulnerabilities if they exist.


Lawyers are required to act reasonably and promptly to stop the breach and to mitigate any damage. It is their duty to inform clients of the breach to the extent that a client can make informed decisions regarding the representation. Having a protocol in place that everyone is aware of if a data breach occurs is essential for law firms. You will be able to better handle the incident to mitigate risks.


Law firms can retain a cyber consultant to assess your vulnerability, create incident response measures and help you set up ways to protect your data. Measures like these are usually conducted by gauging if your law firm can detect or respond to a simulated cyber-attack and then providing practical recommendations to handle your cybersecurity moving forward. Unfortunately, even with preventive measures in place, data breaches may still occur.


It’s best to be proactive rather than reactive in these situations. Let us help you put a plan in place in the event of a data breach. This will allow you to respond quickly and competently.


Breach Reporting


November 1, 2018, marked the enforcement date of the Canadian law that requires organizations in the private sector to report data breaches.

The Canadian Government officially set November 1, 2018, as the enforcement date of the mandatory data breach reporting obligation of organizations in the private sector in line with the Digital Privacy Act, a law that amended the Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPEDA is a Canadian privacy law for private sector organizations which came into force in January 2001. This law sets out rules that organizations in the private sector must follow whenever they collect, use or disclose personal information in the course of their commercial activities.

Canada’s Digital Privacy Act, which received a Royal Assent in June 2015, sets out the general rules that private sector organizations must follow in case of a data breach.

Under the Digital Privacy Act, deliberate failure to report a data breach to the Privacy Commissioner of Canada and deliberate failure to notify the affected individual are considered as separate offenses and subject to separate fines of up to $100,000. The Digital Privacy Act also consider the deliberate failure to keep, or the destruction of data breach records as an offense and subject to a fine of up to $100,000.

On April 18, 2018, the Government of Canada published on Canada Gazette the “Breach of Security Safeguards Regulations”, the Digital Privacy Act’s regulations that set out the specific rules that private sector organizations must follow in case of a data breach.

On April 18, 2018, also, the Government of Canada published on Canada Gazette the order setting November 1, 2018, as the enforcement date of the mandatory data breach reporting under the Digital Privacy Act. Organizations in the private sector then have a lag period between April 18, 2018, and November 1, 2018, to prepare for the mandatory data breach reporting. During the regulations’ consultations, business representatives stated that they need time to adjust their information systems, procedures, practices and to train employees.

Mandatory Data Breach Reporting Rules

The Digital Privacy Act’s Breach of Security Safeguards Regulations requires private sector organizations to determine if the data breach poses a “real risk of significant harm” to any individual by conducting a risk assessment, taking into consideration the sensitivity of the information involved and the probability that the information will be misused.

Here are 3 important rules under the Digital Privacy Act’s Breach of Security Safeguards Regulations that must be followed by private sector organizations once it’s determined that the data breach poses a “real risk of significant harm” to any individual:

1. Data Breach Report to the Privacy Commissioner of Canada

The Digital Privacy Act’s regulations mandate that any data breach that poses a “real risk of significant harm” to any individual must be reported to the Privacy Commissioner of Canada “as soon as feasible”, specifying the following:

  1. a) Description of the circumstances of the data breach and the cause, if known
  2. b) A day or the period during which the data breach happened or, if neither is known, the approximate period
  3. c) Description of the personal information that was breached

(d) The specific number of people affected by the breach or, if unknown, the approximate number;

  1. e) Description of the measures that the organization has undertaken to lessen or mitigate the risk of harm to the affected individuals
  2. f) Description of the steps that the organization has undertaken or intends to undertake to notify the affected individuals
  3. g) Name and contact information of a person who can answer, on behalf of the organization, to the Privacy Commissioner of Canada about the breach.

Under the Digital Privacy Act’s regulations, a report may be sent to the Privacy Commissioner of Canada by any secure means of communication.

2. Notification to Affected Individual

The Digital Privacy Act’s regulations mandate that affected individual or individuals must be notified about the breach “as soon as feasible”. In terms of content, the required notification to affected individual or individuals is similar to the content of the data breach report to the Privacy Commissioner of Canada.

Under the Digital Privacy Act’s regulations, notifying the affected individual can be done through direct or indirect means. Direct notification under the regulations refers to telephone, mail, email or in-person communication; while indirect notification refers to public announcements that could reasonably be expected to reach the affected individual or individuals.

Indirect notification is allowed under the regulations when any of the following condition is present:

  1. a) Direct notification would likely result in further harm to the affected individual
  2. b) Direct notification would likely result in undue hardship to the organization
  3. c) An organization has no contact details for the affected individual

3. Data Breach Record-Keeping Requirements

The Digital Privacy Act’s regulations mandate that an organization that suffered data breach must maintain a record for 24 months, starting from the day the organization found out that the breach has occurred.

The Government of Canada, in a statement, said that the mandatory data breach reporting has social, economic and public security benefits.

The Canadian Government said that in terms of social benefits, the mandatory breach reporting allows affected individuals to take immediate action to protect themselves; in terms of economic benefits, the mandatory breach reporting creates certainty across the marketplace about how organizations notify affected individuals; and in terms of public security benefits, the mandatory breach reporting contributes positively to the security of individuals and the cybersecurity readiness of businesses in Canada

TCS Forensics New Office Location

Richmond, British Columbia, Canada June 7, 2013 —TCS Forensics Limited is pleased to announce the relocation of their office. On June 1, 2013, TCS Forensics moved their main office to Unit 125- 3751 Jacombs Road in Richmond British Columbia V6V 2R4.

The move will accommodate recent growth and enable the company to continue to maintain superior customer service to its expanding clientele. “Everyone here at TCS Forensics is thrilled to move into our new home”, stated Keith Perrin, CEO and founder of TCS Forensics. “The move will allow our company to better facilitate our employees by doubling the square footage of our office and upgrading our in-house technology. The new location includes additional space for new Risk Management & E-discovery Labs. Most importantly, the relocation is driven by the company’s commitment to better serve its clients. The new office will bring our team together allowing a more collaborative approach to the new services.

TCS Forensics is the premiere forensics investigation company that specializes in mobile devices such as Iphone, Ipad, Blackberry, Samsung & 5300 others, computers, laptops and PC’s. We also specialize in network vulnerability/ Penetration Testing, Risk management and E-discovery. TCS Forensics has the largest private forensic lab in Western Canada serving clients from New Brunswick to British Columbia, Washington DC, Texas, California, Washington State and more. We provide onsite forensics 24 X 7 X 365 and service many happy clients from private individuals, corporate & public companies including law firms, municipalities, government ministries, financial institutions and private investigators.

Original Source: “June 2013 Press Release

Subject Matter Expert: Corporate Social Media Policy

By Alan Zisman – Business in Vancouver

Over half a billion of us – including me and probably you – have Facebook accounts.

There are over 100 million of us on Twitter and countless others using Linkedin and other social networking sites. Not surprisingly, what we do in those virtual places has implications for our employers whether we visit the sites at work or at home. How our time on Facebook (et al) affects our employer, however, is more complex than it might seem, as is the way our employer needs to respond.

For example, going on Facebook during work time – an obvious no-no, right? TCS Forensics’ computer forensics and data security consultant Ryan Mattinson notes that a management gut reaction to social media, perhaps as a result of “shoulder surfing” during a quick walkabout, may be to simply decide to ban access to these sites at work.

Mattinson suggests this is the wrong approach. It’s bad for morale, hard to enforce and ignores the legitimate uses of these sites on the job. He points out groups of employees who might need access to social media from work:

• IT staff might find social networks a valuable way to receive expert advice from peers;
• marketers may want to monitor your company’s viral campaign (or the competition’s); and
• HR might be using them to check up on potential hires.

But monitoring potential and current employees raises issues. Most of us understand that our employer might monitor what we do using a company-provided computer on the company network during company time. Your company may also feel it needs to know what you’re posting even if it’s been done using your own computer and on your own time.

Companies feel that it’s their business what you say about your job, the company, your boss, your colleagues and even the competition online regardless of where you were when you posted the comment.

If, however, companies are going to get involved in this sort of monitoring, clear policies and employee awareness and consent are needed. And this is where many companies fall down.

Last fall, Manpower, a U.S.-based company specializing in providing office temps to the marketplace, polled 34,000 employers in 35 countries about attitudes toward social media in the workplace.

Nearly 60% of the employers surveyed thought that social networks could be used to provide benefits to their organizations, including building their brands, fostering collaboration and communication, and recruiting and assessing new employees.
However, three-quarters of the employers surveyed (71% of the North American employers) had no formal policies covering employee use of social networking sites.

Employers who did have them felt that the policies helped prevent productivity loss by limiting non-business-related time spent at these sites.

Other benefits of formal policies noted by employers included protecting their organizations’ reputations, helping with recruitment and protecting proprietary information.

Mattinson points organizations to, which asks a quick 12 questions and then churns out a boilerplate social media acceptable use policy. However, he urges companies to go beyond that – take time, look at the policies in use by other companies ( offers 148 real-life examples) and, most of all, think about the unique needs and culture of each organization.

Sharlyn Lauby of Internal Talent Management suggests that while social networks seem new, “social media or new media is really media. Many organizations … already have a policy in place for working with media. Social media is merely an extension of what you already have in place.”

She hopes that organizations can build on what they’re already doing to develop and communicate guidelines, train staff to use these networks to benefit their organizations and build an environment to use social media positively within the organization.

Original Source: “Companies need guidelines for effective employee use of social media