WannaCry is why you should never store your data on an unsecure device

The breaking news arrived early Friday afternoon. Hackers managed to restrict access to important data files at Britain’s National Health Service, canceling surgeries and causing hell for emergency room doctors and nurses. By the end of the weekend, the unleashed ransomware affected hundreds of thousands of computers in over 150 countries. It was the largest ransomware scheme in history, affecting hospitals, banks, telecommunications companies, and a host of players in other vital sectors of our daily lives.

It’s still too early to know exactly who launched the attack that preyed on vulnerabilities found in Microsoft’s older operating systems (some are already pointing the finger at North Korea). However, what it clear is that the hackers stole the complex coding from the NSA, who kept files on Microsoft’s weaknesses. While Microsoft issued security patches for newer operating systems to avoid mass-scale breeches, they left everyone else – including those running the still popular Windows XP – unprotected. The hackers are now threating to take advantage of security gaps in Windows 10 and to expand their damage.

When it comes to internet security, you cannot rely on anyone but yourself. Governments like to flaunt cybersecurity strategies and claim that they’re preparing for the future. Yet when an attack comes, there’s little they can do. In this case, the coding for the global crisis came from a government agency. Similarly, Microsoft failed to protect their most vulnerable users, even after hints that a virus could exploit the issues in their platform.

When it infected a computer, the WannaCry ransomware warned affected users that files on a system would be erased if a bitcoin payment was not made. Decades of medical records in Britain were held hostage, as were financial documents and proprietary information around the globe. The destructive nature of this threat was catastrophic.

While Microsoft may not be able to protect all its users, there is no reason for people to be held at a digital gunpoint. The issue at hand here is the proper storage of files. If important files are not stored directly on a computer, that computer can be compromised without worrying about what happened to important files. Getting hacked is not ideal, but it’s much less worrying if you know that all your files are safe and cannot be held for ransom.

This is what using Evizone brings you. Whether your phone gets stolen, you get hacked, or you lose your computer, you can rest assured that all your files are stored in a single, secure server protected by Evizone’s patented encryption. Since no files are actually stored on any device you would normally use to access the data, there is no way for hackers or thieves to gain entry into your most sensitive information.

Who is Evizone right for? The answer is simple: everyone. Whether you manage a Fortune 500 company, run a hospital, work at a law firm, or head a small investment company, you stand to lose in the event of a systems breach, whether it’s indiscriminate or targeted directly at you. Don’t wait until it’s too late to take cybersecurity seriously.

Are cyberattacks in Canada ‘exploding’?

While cybersecurity issues have existed since the first days of connected computers, there is no question that hackers are becoming more sophisticated as every day passes. This has prompted many to ponder the consequences for the future of business. Warren Buffett recently told Berkshire Hathaway shareholders that cyberattacks are a bigger threat to the world than nuclear weapons. “I don’t know that much about cyber, but I do think that’s the number one problem with mankind,” he told them during their annual meeting.

Businesses have already been convinced to fork over billions to hackers to regain access to their data – $3 billion over the last 3 years, according to one estimate. Cyberattacks have also had a perplexing effect on recent elections around the world, most notably those in the United States and France.

Canada, of course, is not immune. Not by a longshot. Check our blog archives for proof. One American cybersecurity firm expects their business in Canada to grow 30% this year and double every year after that. FireEye Inc.’s president told Postmedia that “We’re starting to see Canada really start to explode … It’s a trend we’re going to see getting a lot worse before it gets better.”

Similarly, the Paladion firm in Ontario says that Canadian companies spend less than Americans on cybersecurity. While in the U.S. it is common to set aside two to five percent of an IT budget on these matters, Canadians routinely plan for less.

No one should wait for their data to be taken hostage by cyber criminals to take digital security seriously. Not even Canadians.

There are plenty of companies offering “email protection” and digital security services – though anything alluding to safer emails is a clear oxymoron. However, Evizone is the only company that offers full-circle control of all communications and content. If you’re using our Evizone Secure Communications (ESC) system, only one copy of each message and copy-protected document exists on a secure server with double layer military-grade encryption. Users never take possession of the data, so there is nothing to find on a lost device or to hack on a compromised device.

Cyberattacks may be exploding, but you can rest easy at night knowing that Evizone’s patented technology is keeping you safe.

Email generates $3 billion in spear-phishing losses targeting 400 businesses a day! Are you next?

When computer engineer Ray Tomlinson sent out the first email in 1971, there is no way he could have imagined how conventional this method of communication would be just 46 years later. Some estimates suggest that 2.4 million emails are sent every second, which translates into over 75 trillion emails per year.

Yet as revolutionary as email has been, it has propagated a slew of security issues.

Symantec Security Response recently published its Internet Security Threat Report, which seeks to bring insight into cybersecurity data collected over the past year. And by all accounts, 2016 was a doozy.

According to the software company, one in 131 emails contains a malicious link or attachment, the highest number tracked over the last five years. This presents an enormous security risk. Even employees in modest-sized companies get hundreds to thousands of emails daily. All it takes is one click on a corrupted link for the business’ data to be at risk. In fact, the report found that spear-phishing scams extracted more than $3 billion from businesses over the last three years, targeting over 400 businesses every day.

Cybercriminals love ransomware for this reason, and the U.S. is the most likely targeted country in the world. Cloud services are also making it easier for hackers to gain access:

“Symantec found 64 percent of American ransomware victims are willing to pay a ransom, compared to 34 percent globally. Unfortunately, this has consequences. In 2016, the average ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.

[…]

A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.

Cloud security continues to challenge CIOs. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier.”

Email served us well for a long time, but it is an inherently flawed and outdated technology. The vulnerabilities to personal and corporate security found in email are nonexistent in Evizone’s secure communication platform, which provides TELM electronic communications security.

No business should have to beg for mercy to criminal organizations using technology as a weapon. Whether you’re a small business or a multi-billion-dollar firm, it is time to switch to Evizone for all your communication needs.

You may have to cross a border, but your data can stay safely at home

With bipartisan support, the Protecting Data at the Border Act has been introduced in the United States House of Representatives and in the Senate. The bill would require customs and border officials to obtain a warrant based on probable cause before searching the electronic devices of travelers. It would also prevent “law enforcement from denying or delaying entry to the country if a person refuses to turn over PIN numbers, passwords, or social media account information”, according to Real Clear Policy.

But here’s the caveat: the bill would only apply to the devices of a “U.S. person”. For everyone else, the current unconstitutional vacuum would likely persist.

As the Electronic Frontier Foundation points out, non-citizens are already likely to face different treatment at the border:

“The consequences for refusing to provide your password(s) are different for different classes of individuals. If you are a U.S. citizen, [Customs and Border Protection] cannot detain you indefinitely as you have a right to re-enter the country. However, agents may escalate the encounter (for example, by detaining you for more time), or flag you for heightened screening during future border crossings. If you are a lawful permanent resident, agents may also raise complicated questions about your continued status as a resident. If you are a foreign visitor, agents might deny you entry to the country entirely.

But whatever your status, whether you choose to provide your passwords or not, border agents may decide to seize your digital devices. While CBP guidelines set a five-day deadline for agents to return detained devices unless a CBP supervisor approves a lengthier detention, in practice, device detentions commonly last many months.”

For citizens, residents, and foreign travelers alike, the best way to protect yourself at the border is if your sensitive data is not on your digital device when you cross the border. Whether you are coerced into giving up your information or a search warrant is obtained against you, your documents and communications can remain securely held within Evizone’s encrypted server, easily accessible world-wide, and yet never on your device. Your data will never cross a border.

This is true no matter where you are traveling. While the focus is often put on the United States because of its commitment to freedom, your data is even more likely to be searched everywhere else – often in places with fewer constitutional rights.

Next time you travel, save yourself some worry by signing up for Evizone Secure Communications. With our unique security architecture – which never stores information on your device – and military-grade encryption, you can communicate safely worldwide.

Evizone can protect you against the police’s Stingray devices

News that governments have been using IMSI catchers to collect mobile device data is not new. Back in September 2016, we shared information on our blog about how one correctional facility in Ontario used these devices to monitor cell phone transmissions within the prison. The repercussion was that prison guards were actually hacking their own phones and having their communications monitored as well.

Now we have more information: police forces across Canada are using these devices to monitor regular Canadians. The Ontario Provincial Police, the Calgary police, and Winnipeg police have confirmed that they are using IMSI catchers, according to the CBC. The RCMP had already confirmed to using Stingray technology to assist Toronto and Vancouver police with investigations. The CBC contacted 30 different law enforcement agencies, but only Calgary answered in full.

The CBC report states that “while Ontario and Winnipeg police refused to say whether they use the technology to intercept private communications, Calgary police and the RCMP insist they only deploy their IMSI catchers to identify — and occasionally, in the RCMP’s case, track — cellular devices.”

They also described the surveillance tool as vital when “used under warrant to help pinpoint suspects, and as a first step toward applying for wiretaps in serious criminal and national security investigations.”

Many are worried about what these devices can be used for. As the B.C. Civil Liberties Association expressed, “we want the police to have the appropriate tools.”  Yet at the same time, the public should care that they “don’t have the appropriate oversight and that those tools have the potential for abuse.”

As we wrote in September, IMSI catchers access information that is unprotected or only moderately encrypted. If you’re storing information directly on your phone, it can be accessed. If you’re storing information in an account that is always logged on your phone, they can likely access it too. It’s also unclear if criminal elements could have access to these types of monitoring systems.

With Evizone’s patented military-grade storage and encryption, there is absolutely no way for the government to access your data with this questionable technology. Evizone’s mobile app uses numerous security features to protect your data and always logs out when you exit the app.

We respect the work done by police forces across the country, yet we do not have a clear picture of what Stingrays are used for and it’s unclear if there are any oversights. For this and many more reasons, everyone should take precautions and protect their data today.

WhatsApp, encryption and public safety

Last month brought news of yet another lone wolf terror attack, in London this time, and yet another instance involving modern communications technology. It seems that the attacker was communicating on his smart phone just moments before the attack using WhatsApp. Naturally the security services want to know who he was communicating with and the content. The wrinkle is that WhatsApp is refusing to break their own encryption to cooperate with the authorities.

At Evizone we have thought long and hard about the dynamic tension between legitimate rights to privacy and the public good. It is technically feasible to build an encryption system so that not even we could break our own encryption. Possibly this is what WhatsApp has done. Is it the right thing to do however? We think not. There are circumstances, and the London attack is certainly one, where the public good must prevail.

Furthermore, Evizone’s secure communications and compliance systems are designed for use by enterprise and government. The need for transparency in the workings of the organization is just as imperative as the need for security. Imagine if employees or public servants are all communicating with unbreakable encryption so no one can monitor what actually is going on. This is why compliance regulations and the duty to provide “Proof of Supervision” exist. The need to maintain transparency and oversight while still preserving appropriate security of sensitive information is critical. Unbreakable encryption and “Proof of Supervision” are mutually exclusive.

It is a difficult needle to thread, but we have done it at Evizone. Information is secure when it needs to be, but transparency and control are maintained and “Proof of Supervision” is unquestioned. Give us a call and we will be happy to show you how we do it.

Bill Wells is the Chairman of Evizone. This blog originally appeared on Bill’s LinkedIn page.

Law firms should worry about their cybersecurity

It should be no surprise that law firms store vast amounts of confidential and valuable information in their digital networks. This makes them a treasure trove for hackers – and all too often, an easy target.

As the National Post reported in their March 22 issue, the potential for a breach has led many Canadian law firms to focus more on cybersecurity. Past intrusions – including recent reports that nearly 500 UK law firms and two in the U.S. were infiltrated by hackers – help make the case.

The National Post reached out to Miller Thompson LLP lawyer Imran Ahmad for comment, who said that “Law firms are fertile ground for hackers because they have precious financial information, like transactional information, client information, and human resource records, that allows hackers to build online profiles of individuals.”

The article continues:

“Canadian law firms have hardly been immune from cyberattacks. The most highprofile attack in Canada started in September 2010 when hackers compromised the security of seven major Canadian firms — Blake, Cassels & Graydon LLP and Stikeman Elliott LLP among them — involved in BHP Billiton’s proposed takeover of Potash Corp. of Saskatchewan. Both Blakes, counsel to BHP, and Stikeman Elliott, counsel to Potash, say that no client information was compromised.

An investigation revealed that the spyware responsible had been formulated on a Chinese- language keyboard and could be traced to servers in China linked to stateowned enterprises.

It was no secret that the Chinese government, worried about a global potash monopoly, opposed the deal. As the Chinese have long been accused of resorting to cyberespionage for various political and commercial purposes, the evidence implicating China was telling.

It subsequently emerged that an unrelated attack had targeted another major M&A, while a third was aimed at high-profile litigation.”

This issue is a big business problem for law firms. If clients can’t trust that their representatives properly secure their confidential information, they may consider leaving for another, more cyber-enlightened firm. Legal practices cannot ignore this issue in the twenty-first century.

Imran Ahmad also added that 2017 will be a big year because new privacy legislation “will require custodians of data, including law firms, to report information security breaches that pose a “real risk of significant harm.””

Luckily, Evizone provides the exact services law firms need to keep their worried clients at ease.

With Evizone Secure Communications (ESC), client and internal communications are protected by the strongest commercially available system for the secure exchange of messages and documents. Our patented technology ensures that client data is not exposed. Evizone Communications Governance (ECG) adds the benefit of complete transparency and accountability, giving law firms the tools to assure clients of their security. ECG’s powerful discovery tools can also automate discovery processes resulting in greater efficiency and happy clients.

If the CIA can screenshot your screen, who else is doing it?

It’s no surprise that the CIA spies on people. But you might be shocked at how they do it.

A massive leak of nearly 9,000 CIA documents, released by the whistleblowing organization Wikileaks, revealed the methods used by the spy agency to get past mobile app security features. While initially reports claimed that the CIA hacked apps like WhatsApp, the truth is that the apps themselves are generally safe – it’s the phones that are the problem. The New York Times reports:

“WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect “audio and message traffic before encryption is applied.”

At a time of increasing concern about the privacy of calls and messages, the revelations did not suggest that the C.I.A. can actually break the encryption used by popular messaging apps. Instead, by penetrating the user’s phone, the agency can make the encryption irrelevant by intercepting messages and calls before their content is encrypted, or, on the other end, after messages are decrypted.”

If the CIA can get into your phone, then of course they can record and take screenshots of what you’re doing. You could be looking at emails, bank statements, sensitive corporate documents, anything – it is all vulnerable if you’re on their target list and they can take screenshots or recordings without your knowledge. If they have access to your sound and your screen, they can bypass any security features.

Except if you’re using Evizone.

Evizone Secure Communications (ESC) is equipped with optional patented Anti Screen Capture (ASC) technology which prevents anyone from making copies of your screen, whether you’re using Evizone on your mobile device or on a computer. The beauty of this technology is that it continues to protect you even if you’re not using the Evizone App. If you have our ASC installed and enabled, everything you view on your phone – including WhatsApp – is protected. You can trust that your communications and documents will not be stolen by anyone using the CIA’s methods.

It is important to note that there’s no proof that the tool has been used against Americans. Yet it is unclear if the U.S. government is the only state or private agent to have developed such technology. It is safe to assume they are not alone in using these techniques and that sophisticated private hackers may be using them as well. Apple and Google should immediately fix the issues with their software that allowed the CIA to penetrate their phones. But responsibility also falls on the user to protect their data. A layered defense using the best technology available like Evizone is a wise precaution. Defense in depth using the latest technology is essential to protect yourself.

Prevent unauthorized copying of your data and give us a call to get your free trial today.

Evizone Secure Communications would prevent extortion linked to SharePoint hacking

Here we go again.

Everyone is familiar with allegations of Russian interference of the U.S. Presidential Election last fall. Here in Canada, there were also allegations that foreign influences tried to alter our own parliamentary results. We generally think of hackings as a means to blackmail individuals or companies for money, but it is all too common for cybercriminals to target political organizations in an effort to embarrass them or harm them in the minds of the public. Sometimes, they do both.

As Bloomberg reports, Russian hackers have been targeting left-wing groups in the US for months, threatening to release emails and documents unless a ransom is paid.

“At least a dozen groups have faced extortion attempts since the U.S. presidential election, said the people, who provided broad outlines of the campaign. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.

In one case, a non-profit group and a prominent liberal donor discussed how to use grant money to cover some costs for anti-Trump protesters. The identities were not disclosed, and it’s unclear if the protesters were paid.

At least some groups have paid the ransoms even though there is little guarantee the documents won’t be made public anyway. Demands have ranged from about $30,000 to $150,000, payable in untraceable bitcoins, according to one of the people familiar with the probe.”

It’s impossible to say definitively whether the hacks are organized by criminal elements or the Russian government, but as Bloomberg points out, the two are not always mutually-exclusive.

The report continues: “Along with emails, the hackers are stealing documents from popular web-based applications like SharePoint, which lets people in different locations work on Microsoft Office files, one of the people said.”

The source of hacks like this is never a surprise. Hackers likely gained access to organization emails through a phishing scheme, just like what happened to Hillary Clinton’s campaign chairman. Once they can log into an email account, they have access to all organizational documents through unsecure cloud storage programs like Microsoft’s SharePoint. All it takes is for one person to get fooled by spear phishing and the whole business becomes exposed. This is why conventional workgroup collaboration tools like SharePoint are insecure.

That’s why Evizone was created. Our military-grade encryption and secure communications and file storage tools ensure that even if systems are compromised, information held inside Evizone is secure. If you use our services, you can sleep well at night knowing that no one – not even infamous Russian hackers – can access your data.

Canada a hotbed for corporate hackings

If a recent study by Ipsos is anything to go by, you should change all your passwords right now.

As the Globe and Mail reports, the study – developed in conjunction with the consulting firm MNP LLP – found that “half of Canadian C-suite executives and nearly a quarter of entrepreneurs say their businesses’ cybersecurity was breached in the past year.”

This is no small matter. The article continues:

“The survey of 100 Canadian executives of medium- and large-sized businesses also polled 1,000 small-business owners. While 93 per cent of the combined groups said they felt their companies effectively protected customer data, nearly three in five of those polled “either suspect or know for certain” they were victims of hacking attempts.”

An MNP executive rightly called this a worrying fact. “The big thing to note is the gap between the level of confidence businesses have in thinking they can prevent cyberattacks and their experience is quite different,” said Greg Draper, “The level of overconfidence is quite striking.”

Ignorance is bliss, as they say. But the risks associated with poor cybersecurity is not something that should be overlooked by companies nor consumers. Loblaw, Canadian Tire, Quebec’s SAQ liquor stores, and Cineplex have all been in the news recently for fear that their systems were hacked and data compromised. We can all name even larger historical Canadian hacks like the one on the Ashley Madison website.

Every time a company has to announce a digital security breach, consumer confidence in that brand is reduced. This is unfortunate given how easy data protection really is.

With Evizone Secure Communications (ESC), corporate communication and data storage are both protected by the strongest commercially available encryption there is. That means that consumer data will never be exposed and sensitive company secrets will never see the light of day.

Again, it’s important to note just how accessible these solutions are. Companies have no excuses for data breaches anymore. It’s time for them to join the twenty-first century and use Evizone.