Talent Development Centre

Tag Archives: security

All Talent Development Centre posts for Canadian technology contractors relating to security and security clearances.

Obtaining a Federal Government Personnel Security Screening

All companies and organizations perform some sort of background check on employees and independent contractors before hiring them, but the extent of the check will vary. One organization in Canada known for its checks is the Federal Government, which requires nearly everybody who works with its information or assets to go through a degree of security screening. For IT professionals new to the government, this can be a long, intense and confusing process.

Types of Federal Government Security Screenings

As mentioned, nearly every individual who works for the feds will require some sort of security screening. There are a number of types and levels of screens. The one you will require depends on your role, project and information you’re accessing, but it will typically be one of the following 3:

  • Reliability Status (valid for 10 years and required when accessing Protected A, B or C information, assets or work sites)
  • Secret Clearance (valid for 10 years and required when accessing information classified as Secret)
  • Top Secret Clearance (valid for 5 years and required when accessing information classified as Top Secret)

The Federal Government Security Clearance Process

A federal government security screening should begin as soon as you become employed with a company or organization that will require access to protected or classified information. In theory, for independent contractors, that would be as soon as you start working for your own independent business, and your business should be the organization initiating the clearance through its own organization security clearance. However, due to various process and efficiency concerns, independent contractors will often obtain their personnel clearance through a Recruitment Agency, who will start the process as soon as they verify that you’re a potential fit for government contracts.

The complete screening process and all the requirements are extensive and you can find all of the information here. Reliability Status can take as little as 2 weeks where a Secret or Top Secret clearance is usually a minimum of 6 months and up to 2 years or longer. The length of time depends on the history of you and your immediate family, including the countries in which you lived and/or worked. More specifically, the screening will require:

  • Background checks (5-years for Reliability status and 10-years for Secret or Top Secret clearance)
  • Background checks of your immediate family (Secret and Top Secret clearances)
  • Law enforcement inquiry through the RCMP (fingerprinting)
  • Credit check
  • Loyalty check conducted by CSIS (Secret and Top Secret)
  • Passport photos (Top Secret)

Depending on your history, you may also be required to complete out-of-country verifications, interviews, and provide supporting documents.

Federal Government security screenings are owned by the organization who completed the screening. For example, if you received your clearance through your recruitment agency, it’s your agency who holds it. This also means that they have the ability to terminate your clearance when you no longer work with them. To be safe, many recruiters will ask you to complete a form to duplicate your clearance, meaning their agency will also hold your clearance. This way, if your first agency terminates your Reliability Status or Security Screening for any reason, it will still be valid and active through the second agency.

There’s no doubt that Federal Government Security Screenings can often be complex, confusing and frustrating. The best advice for getting through it is to remain as detail-oriented as possible, be prepared, and work with the Company Security Officer who is helping you obtain it. For more information, you can also visit https://www.canada.ca/en/services/defence/nationalsecurity/screening.html.

Dangerous Android Apps to Delete Immediately

Android users take note: there are dangerous apps that might be on your phone and you need to delete them. Google Play is great because it allows mobile app developers to easily distribute their latest innovations, but it also allows some sketchy, unethical developers to put their software onto your phone. The results lead to slow performance, drained battery life, viruses and even identity theft.

Brightside decided to look into this a bit deeper. They created this in-depth video with 12 dangerous apps that they recommend you delete immediately. As a technology professional, you may already be aware and diligent when downloading apps. Or if you’re an iPhone user you’re less concerned (although these tips could be relevant to you as well). Either way, we strongly recommend watching this video, or at least sharing it with an Android user who’s less careful when downloading apps.

Are You Concerned Enough About Password Security?

Cybersecurity remains a top-of-mind issue for businesses today, both large and small. In 2017, breaches — like that of the Equifax breach, which put the data of 145.5 million Americans at risk — showed corporations just how damaging a cyber-attack can be. But hacks don’t just affect big-name businesses; according Verizon Data Breach Report, 61 percent of breach victims in 2017 were businesses with under 1,000 employees.

The takeaway? No matter what your company size, you have to be on top of their cybersecurity game.

This is especially true given the role that human error plays in security breaches. As a recent password security study conducted by Varonis demonstrated, the majority of Americans aren’t vigilant about changing their passwords, and often remember them using tactics that aren’t recommended by cybersecurity professionals. If you don’t have strict cybersecurity policies in place, something as simple as a negligent employee could put your company at risk.

To learn more about the password habits — and consider whether it’s time to implement a password standard when you work both with your business and your client — check out the infographic from Varonis, below.

Americans and Password Security
Infographic courtesy of Varonis.com

10 Ways to Stay Safe on Free WiFi

“Free WiFi” can be one of the best signs you see all day, especially if your cell phone data is limited. Sometimes it saves your bacon if you urgently need to download a large report or send large files to client. Other times free WiFi means you can carelessly surf for hours while you’re stuck at an airport or killing time in coffee shop. But should it really be “careless”?

Most IT professionals already know that “Free WiFi” is rarely free and can require you handing over personal information. Even worse, it can be a security nightmare and cause serious harm to your personal identity. Before you sound the alarm and never trust free WiFi again, review this video from Bright Side, which provides 10 simple ways to stay safe in these situations.

IT Challenges and Priorities of North American Companies

IT Challenges and Priorities of North American CompaniesHow up-to-date are you on the struggles and strategies of your industry? Understanding what companies are facing can help you plan which skills you will enhance over coming months, as well as help you develop a better sales pitch for your contracting business. There are plenty of sources and studies available to help you understand potential clients’ agendas, and new research is being published regularly. Here are a couple recent ones…

A CDW Canada survey of Canadian organizations learned that their top security concerns are intrusion prevention (39%) and Ransomware protection (35%). Even with these concerns, most are still exploring or implementing cloud deployments; in fact, half of them are planning hybrid solutions in 2017. While most organizations are adopting cloud strategies in one way or another, only 16% would consider themselves a “cloud-first” organization.

The survey revealed some additional IT-related priorities for Canadian organizations. For example, when asked about emerging technologies that will have the most impact on their business, the top responses were analytics and big data, as well as the Internet of Things (IoT). In addition, 10% plan to replace legacy tools and applications with new technologies and 31% plan to upgrade or update their current tools and applications in their unified communications strategies.

South of the border, mid-market US-based companies are having a challenging time attracting and retaining IT talent — that’s according to a recent CFO Research survey. The findings detail how 49% of finance executives state that their challenges to keep tech professionals in the company have an adverse effect on them. Once they do secure IT employees, the struggles with those people continue with technical competency, strategic planning and vision, industry knowledge, project management, and customer service skills.

Naturally, the US companies surveyed are dealing with their issue by turning to external services. Rather than training or continuing their search, CFO Research learned that most are bridging the gap by moving to cloud services and eliminating a need to source, manage and maintain computer hardware, as well as turning to managed IT services. Regardless of their concerns about costs, the provider’s ability to understand the company, service quality or security breaches, the overall feeling among the executives surveyed is that this solution has been successful.

Have you come across any recent studies about your industry that help you prioritize your training? If so, please share the links below so other readers can benefit.

How to Create (and remember) the Perfect Password

How many logins do you have? We’re bombarded with online accounts where we need to create a username and password every day. The result is using the exact same, terrible password in hopes that we’ll remember it. As an IT professional, you already know this is terrible practice, but so many are still using the old “Password123” security method.

Perhaps that one-off account you created to leave a comment on a blog wasn’t all that important, but you do need to place priority on strong passwords for websites like banking and email. This infographic from WhoIsHostingThis provides rules for a strong password (you’ve seen them all before) AND it provides some tips on remember and managing your passwords.

How to Create the Perfect Password - Via Who Is Hosting This: The Blog

Source: WhoIsHostingThis.com

Secure Yourself in the Internet of Everything

The Internet of Things (IoT) has made our lives exciting. Innovators are working overtime, doing their best to connect everything imaginable to the internet. In fact, if you speak to some people in the industry, they’ll tell you companies’ approaches are often to create a solution first and then hope there’s a demand from consumers. The result is an influx of random items we can control with our smartphone, even if we really don’t care to do so.

As fun as it may be to have every smart device connected, it can come with many risks. Anything connected to the internet can also be attacked, which brings the adventure from fun to concerning. If you’re the type who likes to get every smart gadget and dive into IoT innovations, then make sure you also understand how to protect yourself against certain risks. This infographic from TrendMicro can help you start to understand the possible attacks on the Internet of Everything and how to secure your smart device ecosystem.

Layers and Protocols: Possible Attacks on The Internet of Everything #infographicYou can also find more infographics at Visualistan

How Weak Are Your Passwords?

“Passwords are like apples in a fictional garden” – that’s the opening phrase in this video from Seeker. In it, they explain the basics of how passwords work, different security strategies, and above all, how hackers understand all of this to break into your account.

We create passwords for everything — social networks, job boards, online stores, government websites, the list is endless. As such, you should regularly review your security processes to ensure you’re not being hacked. One simple slip can lead somebody to your banking and identification information, which could in turn complicate your life beyond belief. So, we strongly encourage you to review this video. If you’re an IT security expert, we’d love your suggestions as well! Please share any additional tips in the comments below.

2017: The Year of Encryption Everywhere (Infographic)

Security is far from a “rising trend” in 2017 — it’s a fact that has now ruled the internet for years and is not going anywhere. One thing we can be certain of is that as hackers get more sophisticated, so too must our security, and specifically encryption.

According to this infographic from the SSLShop, 2017 is going to see the most encryption yet, due to a number of factors, including Google’s upcoming browser features. If you’re involved in any website or security projects, have a look to see what you can expect in the coming months. Is there anything you can add or would reject from the list?

2017 The Year Of Encryption Everywhere #Infographic

The Top Threats to Mobile Security (Infographic)

There’s a good chance you leverage your smartphone for all sorts of reasons beyond just a telephone. Independent contractors often use their mobile devices to stay organized, connect with colleagues and clients through social media, search and apply for jobs, and a whole variety of leisure activities.

As convenient and helpful as our smartphones are, they can also be quite vulnerable if you fail to take the right steps to protect yourself. That’s why Vasco created this infographic. Have a read  to learn more about the most common mobile menaces and get some tips to prevent them.
Top Threats to Mobile Security and What you Can do to Prevent Them #infographicYou can also find more infographics at Visualistan