Cybersecurity Blog Series: Security Legislation

It’s no secret that new cybersecurity threats are emerging every day, while familiar ones wreak new kinds of havoc for businesses and individual web users. In response, governments from across the globe have been implementing regulations, such as the far-reaching European Union General Data Protection Regulation (GDPR), that prescribe uniform cybersecurity standards for organizations across all sectors. In short, the future of cybersecurity defense has arrived, and legislation is proving to be one of its key components.

One sector that has received special attention in this capacity is financial services, which is 65% more likely to be targeted by attacks than other industries. This is because cybercriminals can easily access vast financial resources and a trove of consumer data if they successfully breach a banking system. In recognition of this precarious reality and the risk it poses for customer privacy, New York State has begun implementing 23 NYCRR 500, which stipulates that all businesses in the financial services industry must have (among other things):

In Canada specifically, The Digital Privacy Act has introduced new amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). These legislative changes are expected to be in full force by the end of 2017, at which point Canadian businesses will be legally required to report cybersecurity breaches to the Office of the Privacy Commissioner of Canada. Importantly, they must also inform consumers if their information has been compromised, and those that fail to comply with these standards will be subject to a fine of up to $100,000.

As new threats and breaches come to light with each passing day, Canadian companies across all sectors can expect legislative bodies to develop increasingly comprehensive cybersecurity regulations that impact all aspects of their business operations. While these measures are necessary to ensure that Canadian companies have the proper controls and procedures in place to safeguard sensitive consumer data, they ultimately pose a challenge for small and medium-sized businesses (SMBs), who may not have the budgetary and technical resources needed to align their business practices with up-to-date cybersecurity standards. SMBs are less likely to have their own in-house IT department to proactively manage their technical infrastructure. Likewise, businesses from across the globe are learning that cybersecurity professionals who are qualified to fill the crucial CISO role are hard to find and costly to keep.

As such, SMBs are increasingly turning to Managed Service Providers with the expertise to design and implement a cybsersecurity program that meets their unique organizational needs. This is why our “total care” approach to IT support for SMBs prioritizes security. The CarefreeIT Cybersecurity Centre delivers the technologies, procedures, and controls needed to safeguard business networks and protect sensitive data. Our comprehensive security service package also provides our clients with their very own virtual CISO (vCISO), who works in partnership with businesses to ensure they are operating in compliance with the most current and industry-specific cybersecurity regulations. We recognize that business owners have enough on their plates without having to worry if their IT systems are properly shielded from cyberthreats. This is why our team of experts is dedicated to making your protection our priority.