Breach Response Planning
Are you prepared for a breach?
Do you have a communications plan in place?
Could you recover quickly and be back in business?
The Government of Canada introduced legislation referred to as the Digital Privacy Act, which amends the current Personal Information Protection and Electronic Documents Act (PIPEDA), and requires mandatory reporting of breaches of privacy information.
As of November 1, 2018, businesses that collect and retain customer privacy information for the purposes of conducting business must track breaches of security safeguards and report breaches of personal information to the Office of the Privacy Commissioner (OPC) and impacted individuals and entities. Failure to report may result in fines up to $100,000 per infraction.
A “Breach” is considered as a successful Cyber-Attack, where the malicious threat actor has successfully penetrated the security controls, and gained access to a system or systems for their own purposes.
How Does a Breach happen?
- Pronounced "fishing“, the word has its origin from two words “Password Harvesting” or fishing for Passwords
- Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim
- Also known as "brand spoofing“
- Malicious software (malware) is any software created and distributed to cause harm or steal information.
- Malware is designed to hide within the operating system and avoid security safeguards. It may be impossible to detect or remove without specialized tools or expertise.
- Malware exists for all of the information processing systems that are in use in our business, including desktop computers, laptops, smartphones and tablets
- Hackers are people who are skilled in the craft of breaking into computer systems.
- Hackers may be motivated by anything from simple vandalism to extortion, or theft of personal or corporate sensitive information.
- Hackers may work on their own, belong to a criminal syndicate, or be state sponsored.
How can TeamCISO help?
We can assist you in identifying and classifying your Personally Identifiable client and employee Information, creating an appropriate Breach/Incident Response Plan, develop Breach Communications templates, and conduct an executive level table-top walk through of a Breach event.
This engagement aims to ensure that you are compliant with the notification and reporting requirements set forth in the Digital Privacy Act, and that governance processes and required changes to existing policies are made in order to meet the minimum specifications of that act.
If you want to discuss how we can help you create a Breach Readiness Plan , please feel free to contact us for an appointment.