SPF, DKIM, DMARC: The Email Authentication Trinity Oct 28, 2025 Step-by-step email authentication guide for municipal IT. Configure SPF, DKIM, DMARC in M365 to prevent domain spoofing and support FOIPPA compliance. ...
The Email Security Crisis Hiding in Plain Sight Oct 26, 2025 Municipal leaders approved M365 Business Premium for email security, but 70% operate with default 'Built-in' protection. How to activate Standard/Strict policies at zero cost. ...
Real-Time Device Monitoring: Moving Beyond Quarterly IT Audits Oct 14, 2025 Quarterly IT audits leave 90-day security gaps. Your M365 license includes continuous monitoring—here's the implementation reality for municipal IT teams. ...
Shared Responsibility and FOIPPA: What Municipal IT Teams Need to Know Sep 24, 2025 Understanding the shared responsibility model and its impact on FOIPPA compliance for municipalities using Microsoft 365. ...
The FOIPPA Compliance Gap Hiding in Your M365 Environment Sep 22, 2025 BC municipalities face a critical compliance gap: M365 deletes emails after 30 days, but FOIPPA requires 1-year retention. Learn how to fix this 335-day gap. ...
ASR Rules - Hidden Security Controls Sep 12, 2025 Attack Surface Reduction rules in Microsoft Defender could have prevented major Canadian ransomware attacks. Learn how to enable these hidden security controls. ...
M365 Token Protection Sep 6, 2025

Your organization deployed multi-factor authentication. Password attacks dropped to zero. Credential stuffing became irrelevant. You won the authentication war.

Then the attackers adapted.

Cybercriminals realized they don’t need to break down your front door when they can steal your house key after you’ve already unlocked it and walked inside. This approach bypasses MFA entirely because the authentication already happened—legitimately.

You’ll see it in your logs as successful sign-ins from legitimate user accounts. No failed password attempts. No MFA bypass alerts. Just normal-looking authentication events that aren’t normal at all.

...
When Hackers Get Through Your Municipal Risk Management Reality Aug 31, 2025

When Hackers Get Through: Your Municipal Risk Management Reality

Your job isn’t fighting hackers. It’s protecting your community’s ability to function when hackers win.

Recent incidents across Canada prove a harsh reality: sophisticated attackers eventually breach even well-defended organizations. The City of Hamilton faced an $18.5 million ransom demand. BC’s government networks suffered “sophisticated cybersecurity incidents” from state-sponsored actors. These weren’t IT failures—they were organizational crises that tested every aspect of municipal leadership.

...
AI Agent Risk CIA Triad May 25, 2025 Comprehensive analysis of 24 AI agent security risks reveals critical patterns for enterprise security professionals. ...
The Sixth Element: AI Agents as a New Security Paradigm May 4, 2025

Introduction

Modern security frameworks recognize five interdependent components that form a complete digital ecosystem: Users who interact with systems, Devices that provide access points, Networks that connect components, Applications that perform functions, and Data that holds value.

What happens when a new species enters this carefully balanced ecosystem? AI Agents—with their ability to act autonomously, access sensitive resources, and make consequential decisions—create ripple effects throughout our existing security paradigms.

Unlike adding another device type or data classification, integrating AI Agents into our security thinking requires a fundamental reconsideration of how we define protection boundaries. These entities exist simultaneously across multiple domains, blurring the lines between user and application, between data processor and decision-maker.

...