Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/970863
MAY/JUNE 2018 32 INHOUSE require a comprehensive cybersecurity strat- egy and meaningful training of employees. This includes a number of measures, notes Backman. "Insiders who used to work with you may want access to information. Make sure once the relationship is terminated, all avenues of communication [access] are ter- minated. Ensure your security protocols re- quire two-factor identification. Look at how data is handled and separate the information that can identify individuals," which will re- duce the potential liability if there has been a security breach, Backman explains. Employees at all levels within a company must also receive proper training about po- tential breaches, which can happen as easily as clicking on an email that appears genu- ine. "Training is not a once-a-year lunch. It needs to be done regularly, it should be very specific and the results of the training should be audited," says Backman. Tobok agrees that companies must ap- proach this type of training for employees very differently than the ways they may have in other areas. "It should not be like the eth- ics course where you click away while eat- ing a cheeseburger at your desk. That won't work. You have to make it real," he stresses. Law firms, for example, have been suscep- tible to cyberattacks, says Tobok, because lawyers are used to accessing documents online, yet often without first checking to see if they are authentic. Smartphones, with screens much smaller than computers, are an even greater risk when it comes to confirm- ing the identity of the sender's address. "Mo- bile has been great for the bad guys," he says. Maryann Besharat, vice president, cor- porate legal & compliance at Intact Fi- nancial Corporation, agrees it is vital that employees not only undergo training but understand that the risks of a breach are not just from the stereotypical image of a teen- aged, hoodie-wearing hacker operating out of his parents' basement. "It can be regular things employees do that expose us to mal- feasance," she says. As well, the way training is conducted im- pacts on its effectiveness and using humour is sometimes a good device. "You want the employees to be engaged and for the mes- sage to sink in," says Besharat. A purported hack that only a small num- ber of very senior employees know is fake is also more effective than a tabletop simula- tion exercise to assess the effectiveness of a company's incident response plan, she notes. The training must also extend up to se- nior employees and the board of directors in larger companies, so they know what to ask, says Ahmad. "The questions they should be asking are what kind of data do you hold, what implementation processes do you have for compliance? It is not just about having a training protocol. You have to have a strat- egy," he states. Sean Boyle, a partner at Blake Cassels & Graydon LLP in Vancouver, agrees that as- sessing the type of data that should be stored — either about the company or its custom- ers — is a necessary part of any cybersecu- rity plan. "Some companies are looking at © 2018 Thomson Reuters Canada Limited 00250BJ-A91334-CM What can you do about cyberfraud? Eliminate the element of surprise. Order # L7798-7799-65203 $103 Softcover approx. 250 pages August 2017 978-0-7798-7799-7 Shipping and handling are extra. Price(s) subject to change without notice and subject to applicable taxes. Recognizing scams and attacks is the first step in raising a barrier against cyberfraud at work and at home. But how do you keep up with the ever-evolving schemes of online fraudsters? Benefit from the insights of an industry veteran, a trusted cybercrime expert and corporate security advisor to Canadian organizations. The Canadian Cyberfraud Handbook: A Professional Reference classifies a technique, describes the outcome, suggests avenues for avoiding this type of event, and offers potential options for reducing its impact. In this first Canadian guide, you get a clear and concise look at cyberfraud − what it is and what your role is in identifying abuses and reporting breaches. The Canadian Cyberfraud Handbook: A Professional Reference Claudiu Popa AVAILABLE RISK-FREE FOR 30 DAYS Online: store.thomsonreuters.ca | Call Toll-Free: 1-800-387-5164 | In Toronto: 416-609-3800