Cybersecurity in the Workplace
- At a glance: Turn on the television and we are learning about more cybersecurity incidents which are having devasting impacts on organizations. Recently, Ritesh Kotak, a lawyer at our firm, was interviewed on mainstream media about the CrowdStrike update which caused a global outage. This was a technical issue and not a cyberbreach but the incident revealed a few key learning opportunities which we will discuss in the article.
- Don’t put all your eggs in one basket: There are several software offerings that amalgamate many business processes from inventory, sales, customer management to accounting. This clearly has many benefits and can create efficiencies but may also produce risk if the system was to become inoperable.
- Build redundancies: What is your plan for business continuity when the systems suffer an outage? Do you have the appropriate policies, training and systems to deal with the technical issues but also have business continuity?
Is Artificial Intelligence the answer to my problems?
- A.I, is a tool that can definitely assist your organization in thinking through the potential issues. AI driven applications are growing at a rapid rate and are offering cybersecurity solutions that can do the following:
- Threat Intelligence
- Vulnerability Management
- Phishing Detection
- However, it is important to do your due diligence before deploying any AI based system. You must ask questions of the vendor and read through the contract. Here are a few questions you should ask:
- Where is my data located?
- What happens when I delete my data from the system?
- Is my data used for training purposes?
- Who has access to my data?
- Can I export my data? This is a very important question to ask to ensure you are not stuck within a particular ecosystem.
- Ask if you can audit their data security practices.
- Ask about their disaster recovery processes.
A.I can be a Sword or a Shield:
A quick note that A.I is also being used for malicious purposes. These purposes include but are not limited to the following:
- Social Engineering. This is when hackers use A.I tools to trick you that they are someone else. We have seen voice cloning to creating convincing deep fake videos.
- Data Poisoning. This is where hackers attempt to corrupt your data sets with malicious data.
- Adaptive Malware. This is an evolving area of risk where A.I tools can auto- write code to bypass security measures.
Why is this Important:
- You are accountable to your stakeholders. Customers, suppliers and employees trust that you will keep their data safe and in the event of an incident, there are processes in place to ensure business continuity.
- There is also a new federal privacy bill which would have requirements for reporting cyber incidents that meet a particular threshold. If a company is found in contravention, then they may be subject to significant fines. Currently, the Bill is not law and we will update you with specific upon it becoming law in Canada.
How to get ahead of cybercriminals?
There is no easy solution. We recommend that you start with a third-party audit of your technical systems, business continuity processes and policies. A third-party can assist in identifying gaps and recommending solutions to address the issue.
Media Links:
Tech outage 'a wake up call' for companies (ctvnews.ca)
How the CrowdStrike- Microsoft global tech outage unfolded
Written by Ritesh Kotak
For specific questions, please feel free to reach out to us directly at ritesh@leclairandassociates.ca
