Scared of the increasing rate at which SMBs and Start-Ups are getting hacked? Now more than ever, it’s paramount that you build the necessary firewalls to protect not only your client’s data, but also your employees and personal data from external breaches.  

What’s going on in the Data privacy world?

Data breaches go unnoticed for up to 280 days before being detected, and a further 35 days to contain them. In 2020, 37 Billion records were accessed and comprised by unauthorized third parties. These statistics might sound alarming but operating a business in Canada means you're safer than most. Canada is one the most advanced in data security legislation and regulation. Due partly to the rapid adoption of PIPEDA and various other regulatory standards in the light of significant data breaches that have affected millions of Canadians.  

Desjardin’s data breach comes to mind, affecting 2.7 million accounts, with many Canadians having been affected by identity theft and personal hacks through this data breach. Staying ahead of increasingly complex hackers isn’t complicated, as 90% of data breaches occur because of human error. Consequently, businesses should start taking a more proactive approach to training their staff about security risks and best practices for keeping the data of their operations secure, especially if you’re in the financial services business, one of the most targeted industries. Businesses can also avoid a good amount of data breaches through a straightforward safeguard we'll look at later in this article.  

How much has the Canadian Government done?

Canada’s first legislation on data privacy, PIPEDA, came into effect in 2004. It was the second of its kind after the Data Protection Directive (DPD) in Europe, implemented in 1998.

PIPEDA states that a data breach is “loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization's security safeguards […]." Under PIPEDA, corporations are obligated to report data breaches that can pose serious harm to a person's well-being and livelihood, with fines up to $100,000 for failing to comply.  

With the adoption of GDPR (General Data Protection Regulation) in 2018, replacing DPD in Europe, Canada had to move forward with new legislation of its kind. As a result, in November 2020, the Canadian Government introduced Bill C-11, officially known as the Consumer Privacy Protection Act. This bill will levy some of the harshest fines in the world, equalling those seen in Europe, one of the harshest jurisdictions around the globe, on data privacy. Under CPPA, Canadian businesses will have increased compliance obligations with penalties going up to $25 Million or 5% of global revenues for the most severe non-compliance actions. The CPPA, when implemented, will replace PIPEDA and again assert Canada’s position as one of the global leaders in data privacy legislation.  

Impact on Corporations and their Social Responsibilities

Roughly 75% of businesses across Canada expect cybersecurity attacks to continue increasing in the coming years, with the cost of cybercrime projected to hit $458.6B by 2025. Yet, despite knowing this and being aware of the fines that are a part of PIPEDA and incoming legislation bill C-11, fewer than half of these businesses plan to increase their security spending.  

In 2010, Corporate Social Responsibility (CSR) and Data privacy were not interconnected facets of a business's operation. Fast forward ten years, and they’re topics that often come together in the frame of a corporation’s responsibilities to society. The earliest example of CSR and data privacy is the Heartland Payment System data breach in 2008. Instead of fulfilling basic compliance obligations and keeping the data leak quiet, they went public about it and even helped competitors protect against similar leaks moving forward.  

“By seeing through the potential reputational risk of this course of action to the potential upside on the other end, Heartland both generated goodwill and helped to make payments processing a safer industry.”

• Ashley Bill, Lead Solution Consultant at Micro Focus

Any business believing it can succeed without augmented data security measures faces unwanted risks. According to Gemalto's survey of 10,500 consumers, 70% of consumers would stop using a service or business if it experienced a data breach. However, as we saw in the case of Heartland, the proper response to a data breach can also serve as a springboard for positive change. For businesses taking the right initiatives moving forward, good, but for those who aren't, maybe it's time to rethink the strategy. Let’s look at a simple solution you can apply to your business that will help.  

A simple strategy for a more secure business

According to a study by Security Today, approximately 80% of workers have never worked from home pre-pandemic, and 61% are using personal computers for work-related matters. This is a risk as your home and personal computer lacks the firewalls to protect sensitive data. This poses a security threat to the business's data. Should personal computers be accessed, company data could be collateral damage. Employees are not entirely at complete fault. 66% have not received any new training on password management.  

Password Manager

Password managers are one of the ways you can increase the security of your employees and your business's data. Their simple, easy-to-use functionality offers an additional way for you to use new technology while at the same time increasing your security.  

With the use of a master password and security key, your password manager will hold all your passwords and detect any data breaches where your password may have been compromised. In addition, password managers will tell you whether your current password is weak and needs to be changed. Should it need to be changed, the password generator will give you a password of varying length and complexity, making it stronger. Pete Matheson, an IT expert, has a video on YouTube discussing the top password managers and the pros and cons of each platform, most of which offer competitive business pricing.

Conclusion

Although cyber security firms provide a hard wall of additional security, providing a simple layer of added security to your business processes by starting with a password manager is simple and cost-effective. Additionally, as you begin to delve deeper into additional firewalls, client trust will increase and marketing this additional security will be an added benefit for your business.