What's the most ridiculous regulation in Canada?
Meet the top offenders and choose the worst!
As concerns over the environment grow ever stronger, it’s only natural that businesses turn to technology for storing information. But much like hard copies of personal information should be kept under literal lock and key, so must digital data be protected.
Businesses most commonly store personnel records, customer details, loyalty program details, financial information, and payment details. Being proactive and taking steps to secure this information can help protect your company, its customers, and reduce the risk of liability. The following are 10-elements you may wish to consider when taking steps to increase your company’s security position;
If possible, have the members of your executive team involved to show commitment to staff. If you run a small company, you may think you do not need a dedicated individual for information security however smaller companies are equally as vulnerable to security breaches as larger ones. If you already have an IT team, it may be overwhelmed with other responsibilities leaving them with no time to devote to this area. A dedicated individual or better yet, a team can support all staff and raise awareness throughout your company.
Knowing what your business houses for equipment as well as the software and systems your employees use can help you determine the safeguards that may be needed to protect your company’s data.
A PIA is a process used in identifying and mitigating any data protection related risks which may affect your organization or clients you engage with and can help you implement solutions to overcome those risks. Keep in mind that not all risks can be eliminated. Start by asking yourself the question, “What would happen if?” Would your business be prepared for the outcome?
Get to know your vulnerabilities and use online tools to scan systems for threats and information related to browser versions. Complete any needed updates as oftentimes they include security updates which can help protect your system.
It’s important to develop a company-wide policy on data security. Your policy and procedures can include such things such as;
Password managers can allow you to save passwords securely either on a cloud or on your computer. They allow you to create random combinations of passwords making it extremely hard for fraudsters to figure out.
Train staff on phishing and how to protect themselves online. Phishing is a term used for the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by someone disguised as a trustworthy source in an electronic communication.
Ensure that the companies you are dealing with are taking all necessary measures to protect you and your customers. Complete a risk assessment and request to speak with their security team if needed.
Implement an action plan that addresses necessary steps to take in the event of a security breach. The plan should include a strategy to ensure that all critical information is backed up as well as a list of all important software applications and the hardware required for them to run.
It’s important to review your policies and procedures with your staff on a regular basis, updating them on any changes. Practicing your incident response and disaster recovery plans can help mitigate any unnecessary surprises during an actual emergency situation and allow you to proactively correct any issues in advance of what may be a stressful situation.
More information on protecting information can be found on our web-post Privacy laws in Canada: How do the rules affect your business? You can also contact your CFIB Business Counsellor at 1-888-234-2232 or by e-mail at [email protected]