Canada Breach Disclosure Regulation – Secure your organization
We’re sure you’ve heard. The new Canadian Digital Privacy Act (PIPEDA) effective as of November 1st, 2018, has a new rule surrounding data breaches. If your organization has been impacted by a data breach, then your organization will need to promptly notify the affected individuals, third parties, as well as, the Privacy Commissioner of a data breach that can harm any individual known as ‘significant harm’ that includes bodily harm, reputation, humiliation, financial loss etc.
Of course, we all understand that these rules are important. They are meant to protect our data from cybercriminals that have historically shown a relentless pursuit to harm individuals and corporations online. There’s no escaping the fact that the threat is real. Your organization’s ability to protect itself is highly contingent on the steps you take proactively to strengthen your security posture. Of course, everyone’s goal is prevention, but do you also have any plans in place for remediation?
Your first line of defence:
As the first line of defence, you would be looking at a multi-layered security strategy. It’s critical that your strategy leverages an internet infrastructure to prevent malicious destinations. Consider using a cloud-based security solution to block any dangerous connections from reaching your network and endpoints. A great tool that we use at Cloud Managed Networks is Cisco Umbrella. The best thing about this solution is that is required no hardware, and no software – it can be deployed across an enterprise quickly to fortify your first line of defence. Another point of distinction is that Umbrella works for users while they are on your network and off your network, so you’re pretty much covered no matter what. This solution is rock solid in blocking data exfiltration and ransomware encryption.
Don’t forget about email:
Many IT professionals don’t know that email is the primary way that organizations become breached. It’s the primary tool used to disseminate malware. A staggering 90% of ALL breaches start with email. We’re sure you get the message, email is an important piece of the puzzle, and needs to be protected as well. Another solution we use internally is Cisco’s email security that integrates with our Office 365 accounts. What we like best about this solution is that it’s a seamless integration that anyone can easily manage for an enterprise.
Your last line of defence:
In a perfect world, your first line of defence would be enough to protect your organization. However, what happens if it doesn’t? Well, as a contingency, you need some way to deal with these threats. Traditional anti-virus technologies are simply not enough anymore, as time and time again we see threats go undetected and present on networks for months. Most security solutions will block 99% of threats, believe it or not, the 1% is still a large number of threats and can be detrimental to your organization. Think of it this way: if the 1% were able to surpass your ultra-secure first line of defence, then perhaps the 1% is a SERIOUS threat that can cause a lot more damage.
Again, real-life example here, the solution we use is called Cisco AMP for endpoints. What this software does is it continuously monitors and analyses files in your network to uncover the 1% of threats that other solutions miss. If a file that appeared clean upon initial inspection suddenly exhibits malicious behaviour, AMP for Endpoint will detect the change, contain and remediate the threat and will include a full history of the file activity for forensic purposes. It’s pretty cool if you ask us!
If you would like to learn more about how you can fortify your organization (digitally of course), then check out our library which houses a bunch of information about security and some of the best solutions on the market today!