Cyber Security information for Canadian businesses
Why cyber security is an issue for Canadian business
A breach of security of sensitive corporate and personal information is an increasing concern for businesses in Canada and globally. Cyber thieves are expanding their activities beyond stealing credit card and personal credentials. An emerging target is intellectual property: a single breach or loss of intellectual property or personal information can impact a company’s bottom line, share price and customer confidence virtually overnight.
Canadian publicly traded companies experience an estimated nine breaches per year according to a 2009 study conducted by TELUS and the University of Toronto. This translates into an average loss of more than $675,000 annually for a publicly traded company.
It has been estimated that in 2008, companies worldwide lost more than $1 trillion in intellectual property due to data theft and cyber crime according to a global study of 1,000 large organizations.
Steps you can take to enhance your cyber security
Follow Communications Security Establishment Canada’s Ten Information Technology (IT) Security “Commandments”
- Know who owns and operates your IT system and its operating framework
- Map your network – include all internal/external connections, configuration control, etc.
- Develop a security policy structure and implement compliance monitoring
- Apply as much security and hardening as appropriate
- Accredit your system and follow a risk management approach
- Know your vulnerabilities
- Patch your system in a timely manner – the longer you wait, the longer you are vulnerable
- Reduce Internet access points
- Reduce or eliminate potential sources of infection – USB flash drives (thumb drives, USB keys, etc.), flash media, etc.
- Communicate, train and educate staff and users
Source: 10 IT Security "Commandments" - Communications Security Establishment Canada
Monitor current cyber security threats
The Canadian Cyber Incident Response Centre (CCIRC) works with national and international counterparts to collect, analyze and disseminate data on cyber threats. The Centre provides analytical releases, as well as a variety of information products and services specifically for IT professionals and managers of critical infrastructure and other related industries.
Report cyber incidents
Reporting Economic Crime Online (RECOL) provides support for education, prevention and awareness of economic crime. RECOL directs legitimate fraud complaints to the appropriate law enforcement and regulatory agencies. The data collected is a valuable tool in evaluating the effects of various types of fraud on the public. It also helps to prevent future similar crimes from taking place.
Cyber incidents involving critical infrastructure sectors such as finance, energy, transportation and health should be reported to the Canadian Cyber Incident Response Centre (CCIRC) Cyber Duty Officer.
Steps that the Government is taking to enhance cyber security
The Government of Canada has introduced two pieces of legislation to ensure that law enforcement and national security agencies have the tools they need to fight crime and terrorism in today’s high-tech environment. The Bill C-46, Investigative Powers for the 21st Century Act updates certain existing offences as well as creating new investigative powers to effectively deal with crime in today’s computer and telecommunications environment. In addition, Bill C-47 the Technical Assistance for Law Enforcement in the 21st Century Act will require service providers to include interception capability in their networks.
Critical infrastructure protection refers to safeguarding the processes, assets and services which are essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Public Safety Canada exercises national leadership by collaborating with other federal departments and agencies, other governments, and critical infrastructure owners and operators to enhance the resiliency of critical infrastructure against all hazards, ranging from natural hazards through to cyber incidents.
The Government of Canada also works closely with domestic and international partners as part of the global effort to combat cyber crime and protect critical assets and information. To strengthen these efforts, the Government of Canada is developing a National Cyber Security Strategy to enhance overall cyber security in Canada.
Resources
The following websites provide additional information about cyber security, the nature of threats, and how to protect yourself.