Data breaches are an ongoing threat for Canadian consumers and new reports say there are finally going to be regulations to protect them put in place.
The new law is effective as on November 1, 2018. Under this new legislation, all Canadian companies will be mandated to tell consumers when a data breach has put their personal information at risk. A little research shows that the original Digital Privacy Act was in fact enacted in 2015 to accomplish the same goal.
Under this new law, Canadian organizations will need to provide the following:
• A full description of the data breach that will include the type of data that is at risk.
• How any consumers that have been affected by the breach can take steps to reduce their risk going forward.
• A full accounting of how the company involved has taken steps to reduce any of the consequences.
• A full detailed accounting of how each individual who is affected can use the company’s complaint procedure.
There’s more information about the Digital Privacy Act available through the Office of the Privacy Commissioner of Canada.
What to Do If our Business is Hacked or Has a Data Breach
Unfortunately, in today’s business world data breaches are a fact of life. Cyber criminals are constantly evolving their tactics and plans of attack. Here’s a few quick things you can do when you find out there’s been a data breach.
Getting any affected devices off-line as quickly as possible can minimize damage. It’s important not to shut anything off right away because you might make the situation worse. Wherever possible, it’s a good idea to take a print screen so you can check for any clues after the attack is over.
Keep in mind that many data breaches rely on compromised passwords. That’s why it’s a good idea to change them as soon as possible. This is a great way to stop the data breach in its tracks if it’s ongoing.
Access the Damage
Once everything is stabilized, it’s time to find out what systems and other parts of your network have been compromised and/or damaged. This is the time where you want to find out what information has been accessed and how many of the systems in your network have been utilized in the attack.
Keep in mind the only way you’ll be able to prevent another attack this by carefully going through this process.
Find Out How the Attack Happened
It’s essential to find out not only what happened, but how it happened. At this stage you should be looking at several variables like an employee giving out a password to another person. If you take a look through your system should be to see any areas where you are missing an updated patch.
It’s also a good idea to take a look at your supply chain. It’s often the case that a company being targeted can be attacked from several different areas at once.
Find the Fix
Once you’ve gone through all the other steps, you’ll be able to find the fix to make sure the problem doesn’t happen again. The changes you might need to make can include updating firewall rules, running more antivirus and malware scans or maybe just update the existing software you have.
Keep in mind that every data breach occurs because of some gap in your security. Sometimes, all that’s needed is to bring in a two-tiered authentication process. Staying on top of all the latest viruses with a subscription to an appropriate service is another great idea.
Cyber Security Assurance
Do you want to know how secure your systems are?
As us about a network security audit for your business network systems.