It's been one week since the Canadian Mandatory Breach Notification took effect. Has your business made changes to adapt to the new requirements? Could you show your due diligence?
- Report to the Privacy Commissioner’s office any breach of security safeguards where it creates a real risk of significant harm individuals;
- Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm; and
- Keep records of all breaches of security safeguards that affect the personal information under their control and keep those records for two years.
Get the full details on the Office of Privacy Commissioner of Canada.
BREACHES – KNOW THE FACTS
With cyber attacks growing continuously in number and sophistication, it’s not a question of if but when your organization – regardless of industry – will fall into a hackers’ crosshairs.
Breaches can occur in a number of ways – both through malicious means and also by accident (accidentally emailing client info to an external address via autocomplete error). However, The vast majority are due to credential theft.
Top ways credentials are stolen:
- “Complex” passwords that are easily guessed: People tend to choose passwords they think are “strong” but in reality are easily guessable passwords such as September2018! or Fall2018!
- Password reuse: People tend to re-use old passwords or re-use passwords from other accounts, but this can make you vulnerable. Always try to make a new password; try using Passphrases, a simpler way to create and remember strong passwords
- Phishing: E-mails are designed to look like genuine communications from your organization or other trusted entities such as banks, governments or online services; currently the most prevalent method used by hackers. Always check links before clicking, attachments before opening, check sender “From” field before opening and call to confirm before sending any confidential information.
|Prevent Phishing By Enhancing Your Email Security|
In this blog post, learn about:
• Types of phishing, including spear-phishing and whaling
• Defense mechanisms available to help organizations including SPF, DKIM, and DMARC
HAVE I BEEN BREACHED?
|Subtle Signs of a System Compromise||Not so Subtle Signs of a System Compromise|