Thank you to everyone who attended our webinar Cybersecurity for Home Networks & Small Businesses during COVID-19 last week, and special thanks to Jon Lewis, Product Marketer with CIRA Cybersecurity Services, for co-presenting.
It was fantastic to have such an engaged and interested group! As promised, and since we were not able to address most of your questions during the webinar timeframe, we’ve collated and answered the majority of them below. As the title suggests, there were three dominant themes in the questions submitted: VPNs, Password Managers & Zoom. So let’s dive right in!
Your VPN Questions Answered
Do you have some recommendations for good VPN providers (I use Brave)?
Brave browser is great for speed and security, besides allowing the use of Tor for VPN, while the Opera browser also includes a built-in VPN. There are several reputed VPN services such as NordVPN, ExpressVPN, etc. you can consider. If you wish to go DIY, you could even build your own personal VPN by purchasing a cloud server instance at a provider like DigitalOcean and installing the right software.
What do you think of Private Internet Access VPN?
A VPN service can be used for a variety of security and privacy purposes, and all are derived from the premise of either changing the location from which you appear to be located on the Internet, and/or securing the transmission of data between your actual location and that apparent location.
If you have needs that would benefit from or require this type of privacy and security, then a VPN service may be right for you.
100% trust your VPN provider with the data you put through their service. Think of them as a private courier vs the regular postal service.
Do you need the DNS service if you use a VPN?
The DNS service (Canadian Shield) filters requests coming from your device (computer, mobile etc) that are deemed malicious. An example of this would be if you were to inadvertently click on a malicious link sent in an email. CIRA’s free Canadian Shield service would halt the loading of the link, however a VPN service certainly would not.
For more information about VPNs, including what they are and whether you need one, we recommend the following reads:
- What Is a VPN, and Why Would I Need One? – HowToGeek.com
- Do I Need a VPN at Home? [Updated March 2020] – PCMag.com
Your Password Manager Questions Answered
Are any of the password managers based in Canada so they avoid the PATRIOT act?
Firstly, there is a difference between account information (name, address, phone number, etc.) and the information that is stored in the service vault (usernames and passwords). Data stored in a service vault cannot be accessed or decrypted by the service provider – only the account owner.
Are password managers safe, and can’t they also be hacked?
‘Safe’ is a relative term. Are password managers safer than not using one? The answer is yes, generally because password managers simplify and enable the easy use of strong, and unique, passwords. Since it is a common human trait to favour convenience over effort, most of us tend to use passwords that we can recall and use without being too encumbered. So if the use of a password manager results in more secure credentials being utilized than not, then yes, the use of a password manager can certainly be viewed as a safe practice.
The least secure (safe) aspect of a Password Manager is the password used to secure it. Therefore it is imperative that a single lengthy, complex password be used, in addition to 2FA, to secure the keys to your digital castle.
For more information about password managers and why you should be using one, we recommend the following articles:
- Why You Should Use a Password Manager, and How to Get Started – HowtoGeek.com
- Cybersecurity 101 – Why You Need a Password Manager – TechCrunch.com
Your Zoom and Zoom-bombing Questions Answered
Can you address security when hosting or joining in on Zoom?
Products always try to strike a balance between ease of use and robustness of security – in Zoom’s case it was a case of the balance going wrong. That said, it is perfectly feasible to host a secure call on Zoom with the right settings.
The resources below cover everything you need to know about hosting and participating in Zoom calls. As one of our webinar attendees wrote in, “Zoom is awesome. Security updates have been rapidly aligned with its growth and very frequent.” Zoom is also refreshingly easy compared to other video conferencing software … so don’t deprive yourself from using it, just follow the best practices for security and privacy.
For more information about using Zoom securely, we recommend the following articles:
- Security at Zoom – Zoom.com
- 10 tips for Zoom security and privacy – Kaspersky.com
- Zoom releases 5.0 update with security and privacy improvements [April 22, 2020] – TheVerge.com
- Zoom privacy and security issues: Here’s everything that’s wrong (so far) – TomsGuide.com
And Now for a Few Odds n’ Ends …
What recommendations do you have for victims of ransomware?
Ransomware protections work best with a proactive approach to building high-frequency backups that will not be affected by an attack, and encryption of all sensitive data to minimize the risk of a breach. Unfortunately, if one is already a victim of ransomware the remedy will depend on the specific type of malware in question and there is no one size fits all solution.
How To Protect Against Ransomware In 2020 – Forbes.com
Do you need an SSL certificate if you aren’t selling anything on your web site?
The short answer is Yes. While SSL encrypts data transferred between your website visitors and your servers, it also determines how a web browser presents your website. Depending on the type of browser, a non-HTTPS website might be flagged as ‘Not Secure’ on the address bar, which can negatively impact the perception of your brand or business. So we strongly recommend that you use SSL certificates, regardless of the complexity of your website.
Free Cybersecurity Tools and Resources
Working on beefing up your working-from-home security? We encourage you to check out the free cybersecurity tools and resources mentioned in the webinar, including CIRA’s Canadian Shield DNS Firewall Service and Cybersecurity Training for Remote Working.
Didn’t see your question covered here?
Please feel free to send it into firstname.lastname@example.org and we’ll be sure to send you a response!