By Frank Di Palma, Chief Information Officer, City of Vaughan
Member of the Vaughan Chamber of Commerce Technology and Innovation Committee
Has your computer ever been attacked by a virus? If you’re the technical go-to person in your circle of family and friends like I am, you’ve spent hours upon hours troubleshooting and rebuilding personal computers because of some “urgent” or “innocent” email from a “friend” or perhaps a tempting link on a website.
When your computer is impacted by a virus, naturally you feel violated. I imagine it must feel like being mugged. Let’s continue to use the threat of a mugging to explain how we should approach the threat of a cybersecurity attack.
Like being mugged, you have no control over whether you will become a cyber target or not–but there are things you can do (best practices) to limit exposure like only walking on streets that are well lit or walking with a friend. In cybersecurity, there are preventative measures such as: patching for vulnerabilities, threat detection, employee awareness training, risk and identity management. Just like being a victim of a mugging, good practices and preventative measures don’t mean you still won’t get mugged, therefore you should prepare yourself by knowing how to respond when it does happen. By taking a self-defense class, only carrying a nominal amount of cash in your wallet and knowing the number so that you may freeze your credit quickly are some things you can do to minimize the impact or injury of being mugged. The equivalency in cybersecurity are things like incident response plans and disaster recovery plans to minimize impact to operations.
I would equate our current environment for cyber hackers to be equivalent to a pre-Batman Gotham City. Corporations getting breached are on the rise. In 2018, Facebook, Adidas, Best Buy, Hudson’s Bay, GameStop etc. are just a few of the corporations that have been victims. Recent changes to Personal Information Protection and Electronic Documents Act (PIPEDA) requires businesses of all sizes to report all privacy breaches that pose a real risk of significant harm to individuals. It applies to breaches as little as one record. Hackers are getting more creative and have better tools. It’s tough for cybersecurity programs to keep up and because of this – it is best to approach cybersecurity not as an “if” but as a “when.” Have good practices in place and be ready to respond when it happens.
In this atmosphere of fear, uncertainty, and doubt, it may be tempting to deploy a large number of advanced security controls to protect your business. Just recognize that more layers of prevention can come at a cost of administration efficiency and the customer experience. The first step is to determine the fine line of maximum security with minimal impact to your corporate objectives, depending on your appetite for risk.
There is no such thing as perfect protection–it’s a balancing act. I believe that Gartner, a premier research and advisory firm, said it best, “The purpose of the Security program is to build a sustainable set of controls that balances the needs to protect with the needs to run our business.”
If you are feeling a little overwhelmed, don’t be. There are a lot of great service and open source tools out there that can help.
- Let the Vaughan Chamber of Commerce know whether you want to come to Cybersecurity seminars or events – contact us!
- Consider conducting cybersecurity assessment using an independent, reputable vendor.
- Consider using multi-factor authentication for the critical services that you use – Find out more.
- Consider offering Multi-Factor authentication in your IT products.
- Consider regular cybersecurity awareness training for employees.
- Finally, you can continue hearing from us on Cybersecurity, best practices, etc on social media and by joining our e-newsletter list.