BUSINESS
CAREERS
Security
Continued From Page 20
words and confidential data right off of
someone’s desk. Many of these risks can be
easily avoided with proper precautions.
A common phrase in the IT industry is
that “security is a moving target.” This is apt
and, as such, your approach to mitigating
the risks must also be ever evolving.
Security measures to protect your systems, your data and your clients’ data must
be a layered approach, combining robust
security technologies (properly suited and
configured for your environment and kept up
to date), strict policies governing your
employees’ conduct and standard operating
procedures, and continuing and structured
education for staff regarding risk recognition
and mitigation.
Some points to consider are as follows:
n;There is no “one size fits all” in IT
security. All types of protection are equally
necessary and equally important. Invest in
firewalls, intrusion detection/prevention
technology, anti-spam firewalls and anti-
virus software. Technologies such as these
create multiple “roadblocks” that aid in
stopping intrusions and malicious code at
multiple levels within the IT infrastructure.
n;Set the service identifier on a wireless net-
work to not broadcast. Every wireless access
point has an SSID, which is the public name
of a wireless network. By setting it not to
broadcast, it will be hidden and not come up
as an option for others to click on as a wire-
less network.
n;Lock down unused network jacks/ports
in all areas of the building to avoid unauthor-
ized access to the physical network
n;Consider a policy for telecommuting
employees to ensure they are not down-
loading programs/software that can jeop-
ardize the network security.
n;Ensure all employees have a password-
protected screen saver and that they always
log off from the computer when away from
the desk. Computers should be set up to log
off after a set time of inactivity.
n;Ensure all data, mobile devices, memory
cards, etc. are not only password-protected
but encrypted.
n;Institute password policies in the work-
place that are enforced to ensure staff do
not leave them in the office space and do
not use easy to guess phrases, such as their
IN-HOUSE CORPORATE COUNSEL
Our Europe and Reinsurance division in Toronto is recruiting for an
in-house corporate lawyer with 3-5 years corporate transactional
experience. If you are a member of a Provincial Bar, practicing
corporate commercial law, are self-motivated, have a practical
solution oriented approach, are quick to learn and a multi-tasker with strong drafting, legal and communication skills, this
opportunity will appeal to you.
Reporting to the Vice-President and Associate General Counsel,
you will be a key member of the business team providing
practical and timely advice and recommendations to various
client departments and management on business issues and
transactions which affect or involve the Companies and their
subsidiaries. Working with a highly skilled and dedicated team of
experienced lawyers and legal assistants, your responsibilities will
include:
•;contract drafting, interpretation and negotiation
•;internal/external compliance and regulatory matters
•;emerging governance issues
•;financing,;capital;management
•;corporate M&A transactions
• retaining, instructing and managing external counsel and
reviewing all related output
•;travel;to;our;various;international;offices
We offer a challenging, team-oriented work environment,
competitive income and benefits, on-site fitness and daycare
centre and opportunities for professional and personal growth.
Take the next step.
All Great-West employment opportunities are available on our
web-site www.greatwestlife.com. Please submit your cover
letter and resume with your salary expectations by May 9, 2012.
We are committed to employing a diverse workforce and
encourage all qualified individuals to apply. Candidates selected
for an interview will be contacted.
name or address. Ensure that passwords
are changed on a regular basis.
In order to determine the potential security issues in a workplace, consider performing a risk analysis. This will help to
identify how effective the security measures
are and whether employees are adhering to
the policies and procedures in place.
This remains a challenging activity as
technology changes so rapidly, but there are
tools and methodologies that can assist IT
To aid in identifying vulnerabilities,
consider performing a penetration test,
also known as ethical hacking, to attack
the network using known threats, comparing internal documentation on operational or management controls in the
area of IT security to known “best practices” (i.e. ISO 17799) and then comparing
the actual practices against the company’s
documented processes.
When considering the security of an
office, it is imperative not only to worry
about preventing people from physically
entering the building but to ensure that
the data and systems inside are protected
from intruders.
Neglecting to do this will not only put
security of sensitive client or company
Password Protected
A good password is hard to guess but
easy enough to remember. Here are
some suggestions:
Create acronyms
Use the first letter from each word in
a phrase; e.g., Twinkle Twinkle Little
Star How I Wonder What You Are
would be TTLSHIWWYA
Combine words
e.g. aprilshowers, youwontbelievethis,
7ftgrandpiano.
Combine upper and lower case
Alternate between upper and lower
case to form the password e.g.
ApRiLsHoWeRs
Add numbers and symbols
In addition to mixing upper and lower
case, add numbers and symbols to
make the password even stronger
e.g. @pRiLsHo WeRs565
information at risk, it could ultimately
compromise the company’s reputation. n
Douglas W. Grosfield is president of Xylotek
Solutions Inc. in Cambridge, Ont. Contact
him at dwgrosfield@xylotek.ca.
Legal hurdles come full circle
Foreign
Continued From Page 21
eign law degrees and rights of practice.
The Federation of Law Societies of Canada (FLSC) evaluates each applicant’s
foreign legal credentials against the
norms of approved Canadian law degrees
to determine what further work is
required to demonstrate competence in
Canadian law.
To be sure, knowledge of the fundamental principles of Canadian law is a
reasonable requirement for all foreign-trained lawyers seeking to serve the public. However, under the guise of public
interest, the requirements of Canadian
law have been set at artificially high levels
that create financial and other barriers to
entry. For example, in a recent decision,
the FLSC refused to grant an English law
graduate with a first-class law degree
(ranking in the top 2 per cent) any credit
for her LL.M from the University of
Toronto law school.
Ironically, there appears to be more col-
laboration among legal academics than
there is between members of the practis-
ing bar. Cornell Law School, for example,
has signed an Agreement of Cooperation
and Memorandum of Understanding with
Jindal Global Law School (an Indian
national law school) committing the two
institutions to promoting collaborative
initiatives — such as faculty and student
exchanges, and joint teaching and research
initiatives. Other American Ivy League
schools are racing to sign agreements with
the national law schools in India.
Vern Krishna is tax counsel with Borden
Ladner Gervais LLP, and executive
director of the CGA Tax Research Centre,
University of Ottawa.
