Mandatory Data Breach Notifications
Bill S-4, the Digital Privacy Act, implemented some significant changes to the Personal Information and Electronic Documents Act (PIPEDA). What does this mean for Canadian businesses and cyber security risks?
With this bill, new reporting requirements are the biggest highlight. Increased reporting standards state that if your business falls victim to a data breach, you must notify any potential clients affected by the violation as well as the Federal Office of the Privacy Commissioner. Failure to do so may result in fines from $10,000 to $100,000 depending on the offense. These changes to PIPEDA go a long way to protecting consumers’ data, but it also means businesses now need to be more aware than ever. One potential repercussion from these amendments is the increased potential for costly class-action suits against companies who do not meet the stringent reporting requirements.
To protect your business – there are some ways to develop a cyber security system that gets your team engaged while ensuring you have protection. Matthew Held outlined some great ideas in his article “6 Tips to Build a Cyber-Security Culture at Work.” Below a few of those tips are highlighted – with the addition of some other tips to follow.
How to Develop your Cyber-Security Program
Lead your team
Leading by example is the key to improving your cyber security. Having upper-management as the champions of these policies is an excellent way to ensure the whole organization follows suit. If employees know the goals of the organization and why these systems exist – they come on board in helping your company stay protected.
Establish security policies and procedures – stick with them
Developing policies and highlighting them in the employee manual serves as a solid reminder for staff if they are confused about any of the policies. Examples of where to outline necessary security protocols include:
- Social Media
- Client Communications
- Document Sharing
- Unknown attachments
- Software Updates
Get back to the basics
Identify a strong password policy. Identify what makes a strong password vs. a weak password. Highlight password requirements and ensure that passwords frequently change.
Have a designated response team
Ensure that you have a dedicated team that is there to respond if and when an incident does happen. Typically this is left to an IT department but if you have a smaller business – that department may not exist.
Train, train, and train some more
Train employees and engage them in a conversation about the importance of a strong cyber security policy. These systems play an instrumental role in protecting your organization.
Empower your IT department
The IT department frequently gets the blame when anything happens with the computers. Be it user error or software error – it usually falls on that team. By having clear and transparent communications employees can reach out if they have questions or concerns about their system – be it security or otherwise. There needs to be an element of trust in place that if a user makes an unintentional mistake – they will not be punished for it – but it serves as a learning opportunity for the future.
Develop procedures for remote employees
With the increased inter-connectivity of the world we live in – remote workers are becoming the new norm. To ensure your network stays protected – implement procedures specifically for those employees. These procedures include the additions of Virtual Private Networks (VPN) along with virus and malware protection. These inclusions, along with your cyber-security policy go a long way in protecting your business.
Cyber risk is hard to quantify and hard to identify. Sometimes it’s important to get a second look at your policy to see if there are any areas of exposure for your business. Your team at WMB Insurance Group is here to help you during that process. Contact us today to receive your free Cyber Risk Scorecard to find out where you might need some extra protection.
Download your “State of Cyber Security in Canada” here to start developing your strategy.
To receive a copy of the Cyber-Security ToolKit, contact our office and talk to our team today.