The recent LifeLabs ransomware affair has hopefully made you second-guess your current business security solutions. If you hadn’t paused to think about it, that should be telling of how even the most talented business owners can overlook the obvious, even in 2020. Data security is one of the top business essentials and according to daily news headlines, everyone is falling behind.
If you missed the news, 15 million people have had detailed, personal information stolen through a cyberattack at LifeLabs, Canada’s largest community lab most well-known for blood testing children and families as well as genetic and naturopathic testing. The data taken and held for ransom (aka, a “ransomware” attack) included legal names, addresses, birth dates, online login details, health card numbers and years of personal lab test results.
The company says that it paid a ransom to the hackers in an attempt to secure the data and has called in security experts to handle the security details in the wake of the attack, which took place October 28th, 2019 and reported to the Office of BC Information and Privacy Commissioner on November 2nd, 2019.
“I should know the answer but I don’t know if the data was encrypted,” CEO Charles Brown told Stephen Quinn, host of CBC Early Edition, when asked if he had taken reasonable steps to ensure the security of his company’s data.
Why was LifeLabs data not properly secured in the first place to stop such a large scale attack?
You may not be surprised to hear that many business owners to this day, and potentially yourself, spend far less on IT and data security than they have been recommended to. Data security alone should make up a healthy portion of your business expenses. When these risks don’t feel like they effect the business, it’s assumed “that won’t happen to me, that will only happen to the other guy!. We hear these stories all the time.
It’s not willful ignorance, it’s simply ignorance, plain and simple. It’s difficult to understand the complexities of data, how it’s created, how it’s stored and how it’s accessed. Even more importantly, it’s not difficult to understand how business-critical your data is, until it’s gone. You can think of data security as insurance, you can think of it as good planning, you can think of it however you want, so long as you have it in place.
Did you know? Breach of Security Safeguards Regulations in Canada means that all breaches to your network require investigation, documentation and any breach with a threat to any personal information requires reporting to an Office of Privacy Commissioner. Failure to do so is against the law, as of November 2018. With the legislation impacting businesses around the world, ActiveCo invested significant time to understand how the (then) incoming legislation impact every industry we serve. We were then able to develop a custom, in-depth compliance assessment service, over and above the government-posted requirements. We consulted directly with a senior policy analyst at the Innovation, Science and Economic Office of Canada to develop these programs. Further, we now help clients create a compliance-needs report exclusive to their company based on current status (results) and provide them with a step-by-step guidebook on how to properly pursue their individual compliance targets. To help them achieve this, we offer consulting services to help reach the milestones needed to meet compliance requirements in a reasonable time frame.
At ActiveCo, we understand that it can be challenging for a business to keep up with all of this while simultaneously attending to their regular operations. That’s why we believe in putting our client’s needs first and handling these solutions for you.
Does this story make you wonder about your own security environment and requirements, and if you’ve been able to make informed technology investments to protect your data? Reach out to ActiveCo to see how we approach these delicate needs for business owners. Start 2020 off right, so you can sleep at night knowing you’ve made the right investments for your business.