“It’s not a matter of If but a matter of When.”

On September 26th the Community Foundation for Kingston & Area hosted a Cyber Security and Privacy Risk Management Seminar, at the Harbour Restaurant, attended by not-for-profit and small businesses in the Kingston area.  This seminar was made possible by the connection that CFKA former board member Chrystal Wilson has with George Takach, an expert in this field. Chrystal has summarized this presentation with key facts below.

Blog by Chrystal Wilson

Advances in technology are revolutionizing they way we all work and interact with our stakeholders.  However, as leading technology lawyer George Takach of McCarthy Tetrault pointed out at our recent Cyber Security and Privacy Risk Management Seminar, the design of the internet not only connects us globally and makes collaboration easier, it also creates the perfect environment for criminals to generate easy money.  In this new crime environment, criminals don’t need to put on masks and hold up banks, they can create new sources of income for themselves from the comfort of their own homes.  It is now especially important for organizations of all sizes to take steps to protect themselves and their customers from cyber security threats.  No longer is it a question of ‘If’ there will be a cyber security attack, it’s now a question of ‘When’ that attack will take place.

George lead us through a discussion highlighting some of the most important things organizations can do to lower their cyber security risks.  If you missed our Cyber Security and Privacy Risk Management Seminar, McCarthy Tetrault has developed a informative Cyber Security Risk Management website (http://www.mccarthy.ca/marcomm/cybersecurity/index.html) containing some of the content discussed.

Our guest speaker stressed that one of the most important steps an organization can do is to think about the data the organization collects, whether that data is actually needed and how long it should be kept.  Reducing the amount of data collected, and protecting the most sensitive information with extra safe guards can help reduce the risk of loss in the event that a criminal does make their way into your networks and hard drives.  Developing a written and reasonably enforceable cyber security policy helps clarify procedures and internal controls around data, for staff, volunteers and Board of Directors.  George cautioned that this policy should include steps which are achievable by the organization given financial and staff constraints.

It was suggested that organizations can find a security standard they are comfortable with and adapt as those standards evolve.

Data breaches can occur through internal sources as well.  Who, within your organization, has access to your data?  Do they actually need that data to complete their tasks?  George recommended that organizations also think about physical data security.  What information is visible when a volunteer walks by your desk or computer?  Locked cabinets and ‘clear desk’ policies are recommended.

Technology is changing at such a rapid rate, it’s difficult to be a safe computer user.  George suggested making sure software, especially anti-virus software, is always up to date from reputable companies and you have reliable backups in place.  As well, he stressed that active password management is necessary to help ward off the criminals.  Organizations without internal cyber security expertise should consider engaging knowledgeable professionals on a regular basis.

For more information on the subject, consider reading a 3 Part Series George wrote for Lexpert Magazine:

https://www.mccarthy.ca/pubs/Legal_Considerations_for_Data_Breach_Preparedness.pdf

https://www.mccarthy.ca/pubs/Legal_Considerations_for_Data_Breach_Preparedness_2.pdf

https://www.mccarthy.ca/pubs/Legal_Considerations_for_Data_Breach_Preparedness_Part3.pdf

This event was followed up by the opportunity for attendees to ask questions as a group and then network afterwards. Thank you to George and Chrystal for sharing their time and expertise!