Today we are all dealing with the same potential threat; at any moment, a breach, a failure, a glitch or error could take down our company, or inadvertantly cost you time and money without so much as a moment’s notice.
You can take as many precautions as you like, and you will still be impacted by malware, cybersecurity threats or human error. Case in point: ActiveCo Technology Management. We consider ourselves a leader in the IT industry, having processes and procedures in place that ensure our clients can rest well knowing that our multi-layered approach to security helps mitigate concerns for the threat of unwanted access to their network.
Despite best efforts in security protection, coupled with continuous awareness training for end users, 2 of our clients were hit with cybersecurity threats within 1 week of one another.
One came from ransomware (the infamous threat that acts like a vampire in that it must be invited in).
The other came from malware that made it’s way through multiple security layers, a stark reminder that the bad guys are working just as hard as the good guys in the realm of security.
Business owners may want to stop, take stock of your day-to-day operations and ensure they have at least 4 out of the 4 topics below covered (yes, 4 out of 4 = 100%) to ensure that your business threats are mitigated, but also that you are falling within the realm of Canadian compliance legislation.
1) Work with a responsive IT partner.
Not all businesses run on a 9-5, Monday to Friday schedule, and it’s important to have a responsive IT partner to ensure your users, your servers, your applications are all running at all hours of the night (especially where global satellite offices or users are concerned). If the call goes out at 4am Pacific Standard Time, will your technology success partner be there to answer the call, and have the capacity to re-mediate the issue as soon as possible?
2) Your backup and disaster recovery should be with a trusted provider.
Work with a sophisticated backup system that you, or your IT team/provider know, trust, and have a long history of success with. What are you looking for? Best case scenario is a cloud and a local fail-over. Both, or a combination of, is key to getting your team back up and running from a breach. You may need to connect with your business peer groups for some direction, as well as contacting your IT provider (or ActiveCo, if currently not your IT provider!).
3) Keep on top of evolving threats.
This one takes some time for weekly research, the simplest way to get started is to sign up to bulletins and technology news sites that provide regular security information and updates (ActiveCo partners with KnowB4, for example, as they provide weekly reports on global threats).
4) Pursue, or fall within guidelines of, Canadian Compliance Legislation.
As of November 1st, 2018, every organisation in Canada must be in pursuit of compliance guidelines as per The Office of the Privacy Commissioner. It is not just a best practice anymore, it is now a mandated federal requirement to have the right systems in place:
Policies – ensure your company has, or is working towards having, essential company policies in place that have been read and signed off by staff. This ensures that guidelines are understood and followed, protecting your business from in-depth investigations for breach of compliance.
Procedures – every company has procedures that must be followed, you should already have an emergency evacuation plan, for example, including a muster point where staff all know to meet up in the event of an event. Right? Good. So, does your organisation have the same level of knowledge when it comes to security procedures such as file access?
Proof – “aka”: documentation. This is one of the most important aspects of a successful security process, especially in the realm of compliance. The Office of the Privacy Commissioner wants to see all of your documentation including, for example, security awareness training events, who attended and what was reviewed (including sign-off from all attendees).
It’s easy to get lost in running your organisation and to ignore, or simply be unaware of, the requirements going on “behind the scenes”. The world is moving so fast that compliance legislation mandates organisations to have a compliance manager in charge of ongoing requirements being met, and documented.
If you’ve made it this far, there may be urgency to connect with a technology success partner that can take care of the most important aspects of your business that are happening behind the scenes. Without a successful technology success plan in place, and being consistently executed, there are gaps in your organisation’s processes that need to be remediated.
If you’re still reading even now, there should be nothing stopping you from contacting us for further details for your business or industry, or calling us now at 1.866.931.3633 and having a stress-free conversation about next steps.