When one looks at cybersecurity or data protection and privacy regulations, one jurisdiction that imposes a regulation has worldwide effect. If Ontario imposes a data breach rule, for instance, any company that does business in Ontario has to comply – no matter where in the world that company is located. The reverse is true – Canadian companies have to comply with the cyber security regulations that exist in any jurisdiction in which they do business. Therefore, all cybersecurity regulations worldwide apply to the Canadian businesses. Canadian businesses need to be more concerned with the rules surrounding major issues like data privacy and worry less about where cyber regulation originates from. As the Internet of things expands to include devices like medical equipment and driverless cars, life and limb are at stake – not just our credit card numbers. So even though today there are few cyber regulations implemented today, I expect this to change quickly in the next few years.
Developing a cybersecurity program is crucial to limiting the adverse effects of a cybersecurity attack. We are seeing just the beginning of this in the consumer products space. There are few product compliance standards that that guide company on how to maintain effective cyber security standards to protect consumer products that connect to the Internet.
There are simple measures that manufacturers can take regarding safety and privacy, especially in terms of DDOS/IoT attacks, to protect devices that are connected to the Internet. For example, attackers have taken advantage of standard default passwords. Manufacturers are shipping baby monitors, toys and more that can connect to the web with a password like 0000 and a user name like admin. A simple approach to protecting products is to have a different password for each device shipped. This can be as simple as the serial number on the product, however, it needs to be different for each item. That way, there’s no default password that’s easily guessable for hackers to accomplish their mission.
If you’re a company that provides information services, you should have standard reports on your security and data protection controls. Make sure that you have those reports available for your customers as well as third party assessments and audits to show that you have effective security, privacy and business continuity and that you can share that with customers.
If you don’t take these common sense steps, then you leave yourself open to liability and lawsuits.
No one knows just yet the impact that the Trump administration will have on data privacy and compliance for Canadian business, but frankly, this is not a question of any ideological or political persuasion.
It’s just a fact that Donald Trump will be President and Justin Trudeau will be Prime Minister at the time when driverless cars, connected drones, and other IoT devices emerge, and therefore cyber security moves from a data protection to a public safety issue.
French Caldwell is Chief Evangelist at MetricStream and has been decisively shaping the governance, risk and compliance market for the last 15 years. He is a former fellow and vice president of Gartner where he led their GRC research, including the influential Gartner Magic Quadrant on GRC, as well as research into public policy and disruptive technology. French also worked with the White House and U.S. Naval War college in 2002 to develop the Digital Pearl Harbor war game, the first ever strategic assessment of cyber war strategies. French is a retired naval officer and a nuclear submariner. Post-retirement, French served as a diplomatic liaison to NATO for the post-Cold War Congressional Commission on Roles and Missions of the Armed Forces.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…