Source: Data Center Dynamic
Switching between work and personal devices: Remote work can sometimes blur the line between business and personal life. Employees sometimes start using personal devices to search or do other work tasks. A survey by IBM found that over half of remote workers use a personal device to carry out their work.
Personal devices don't have secure systems or IT supervision. They may also have unknowingly installed malware or bloatware.
Ensure employees use work devices only for work, but implementing cloud-based solutions for communication and file storage can ensure they're protected too.
Clicking on dangerous links: Cyber criminals are well aware of the remote work situation, and are targeting emails to phish employees. Many of the emails are taking advantage of COVID-19 information and trying to get people to click on it. Cyber education is so vital to train employees how to look out for fake emails and links, and only to trust and click on legit sources.
Employees not installing vital security updates: A study found that 20 per cent of remote workers aren't regularly installing security updates. Many people see software updates as a nuisance which is why education is vital to helping your team understand their importance.
Employees don't have multi-factor authentication enabled: In addition to strong passwords, which can be compromised, the use of multi-factor authentication (MFA) is needed. If there is suspicious activity, such as an employee receiving an approval request despite not logging into their account, they can send this to your IT team to investigate and stop potential hackers in their tracks.
Source: Silicon Republic
Cloud systems are very common and popular, especially in the remote workforce. Since the rapid digital shift to remote work, discussions around creating proper cloud strategies and solutions have arised.
Stanley Huang, co-founder and CTO of cloud-based software company, Moxtra says security cannot just be bought from a vendor.
Businesses need to have a set security strategy before migrating to cloud technology in order to mitigate the risks that come along with it.
Huang suggested to hire a security task force at the company level rather than third-party vendors.
Education is key for cloud technology and cybersecurity as a whole. Workers should be better educated and equipped with knowledge to reduce the risks they may face on a daily.
“I believe the most critical part of education is working in collaboration with other parties to determine the target of the desired cloud computing security, and then defining the strategy and executing it properly. This is more of a high-level sort of education, but without this, not much else matters.”
Source: Lexology
Here are five considerations for U.S.-based organizations faced with responding to a cybersecurity breach impacting Canadian operations, employees or customers:
Consider Canadian privacy legislations. There is a patchwork of federal, provincial and territorial privacy legislation and sector-specific requirements in Canada that could apply to a breach depending on the circumstances. In addition, engage local counsel to support the incident-response process.
Breach-reporting deadlines and thresholds in Canada may be different. Unlike state-level breach-reporting obligations, Canadian privacy legislation generally does not impose a specific breach-reporting deadline. However, most acts for federal and provincial say to report as soon as possible without delay.
Ransomware attacks in Canada are on the rise. Based on an upcoming 2021 Canadian Cybersecurity Trends Study, ransomware attacks represented 67 per cent of cybersecurity incidents in 2020, almost double the 35 per cent seen in 2019.
The vast majority of Canadian privacy class actions are certified. Canada has seen an increase of privacy-based class actions. The threshold for certification is lower in Canada, resulting in approximately 80 per cent of such cases being certified.
Canadian privacy law reform is on the horizon. The federal government proposed Bill C-11 that would impose an obligation on service providers that handle personal information to report breaches to the organization that controls the personal information. Further, Quebec’s Bill 64 would introduce mandatory breach reporting in that province under its private-sector privacy legislation. There are changes to fines for failing to report a privacy breach that under the federal proposal could increase from C$100,000 to the greater of C$25-million or five per cent of gross global revenues.