It is no longer uncommon to see the names of large companies in the media dealing with privacy incidents. With the increase in electronic sharing of personal information on different computer platforms, cybersecurity threats will become more frequent. Their consequences will be more serious. Privacy incidents are no longer isolated events. It is important to be ready to deal with them and limit their risks and impact.
These incidents occur when there is a breach of privacy. Whether through unauthorized access, use or disclosure. This also includes the loss of confidential data that can identify a natural person. The intrusion of hackers into a database containing personal information is one of the most serious incidents. This is called a data leak. The purpose of this operation is to use this information or sell it on the Dark Web to usurp the identity of these people.
Although cyberattacks are often associated with large enterprises, small and medium-sized businesses must also be on the lookout for these threats. In fact, these companies are targeted by 43% of cyberattacks. Thus, it is important that every organization holding sensitive information is well prepared. Some initiatives can already be taken internally as a preventive measure.
It is important to educate your employees as well as your customers on the subject of cybersecurity. They must be informed about the precautions to be taken to avoid such incidents. They must be equipped to protect their data against unauthorized access or theft.
Privacy incidents put the privacy of your customers, employees and/or business partners at risk. This indirectly harms your business. Indeed, these incidents have a financial impact on your organization and they risk to impact your sustainability.
One of the most worrying cybersecurity threats today is Ransomware. With this strategy, hackers gain access to company computer files and they can block access to data until a ransom is paid. The annual share of ransomware attacks experienced by organizations worldwide has been on the rise since 2018, peaking at 68.5% in 2021 (Statista). This threat is largely the result of phishing attacks.
Some recognized cybersecurity management practices include, but are not limited to:
It is important to have sufficient cybersecurity resources and to have trusted business partners. Especially for data hosting. At Dialog Insight, the security of your data is a priority. As a result, we implement the best practices in the industry. Moreover, we comply with the requirements of legislation in Quebec (Law 25), Canada and Europe (GDPR). In addition, we hold ISO 27001 and SOC2 certifications.
In the event that the worst happens and your business is the victim of a cyberattack, certain actions are required by the various levels of government.
In Quebec, Law 25 (Bill 64) aims to improve the protection of personal information by public bodies and private companies. It sets out the various obligations that must be respected in the management of confidential data. Its main objective is to better control confidentiality incidents and limit their impact.
Law 25 requires that a person who operates a business must take reasonable measures to reduce the risk of harm being caused and to prevent new incidents of the same nature from occurring. When there is reason to believe that there has been a confidentiality incident involving personal information that it holds.
Here are the steps to follow in the event of a theft of personal information:
When a privacy incident poses a risk of serious harm being caused, Law 25 requires companies to take the following actions, starting September 22, 2022:
For more information on Law 25 and the various obligations arising from it, see our latest article Preparing for the implementation of Law 25
This article does not represent legal advice. You should consult your legal advisors for an opinion with respect to Law 25 or its implication.
