skip to main content
Back to all blog posts

Posted in: Data Protection | Data Security/Privacy

Jun 6, 2017

Report Indicates that Most Small Businesses Are Not Prepared for a Cyber Incident

According to a May 2017 report by U.S. data firms Advisen and Experian, “seventy-five percent of insurance brokers and legal experts noted that their small business clients were either ‘not prepared at all’ or ‘not very well prepared’ to respond to a cyber incident.” The report highlights the “misconception that small businesses are too small to be targeted by hackers, when in reality they are often the lowest hanging fruit.” The report also states that less than a quarter of experts’ small business clients “were confident in their team’s ability to manage a cyber incident.”

Phishing and social engineering remain top concerns of risk managers and experts. As Aird & Berlis lawyers Paige Backman, Donald Johnston and Meghan Cowan noted in a February 2017 webinar, 60 to 90 percent of threats of IT systems are caused by “insiders” — people who have authorized access to hard and soft technology assets, including employees, contractors, business partners, suppliers, service providers/subcontractors and technology escrow providers. Please access the webinar archive and PDF presentation for more information, including steps to mitigate threats to your IT system.

Data security risk increases in the context of employee turnover. Please see lawyer Aaron Baer’s recent post on how to protect sensitive and confidential corporate data when an employee leaves.

Related Blogs

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Notifying Consumers of Data Breaches: New Regulations By Stephen Crawford Apr 24, 2018 The federal government has introduced new regulations setting out what information must be disclosed to consumers and to the Privacy Commissioner after a data breach. These regulations will take effect on November 1, 2018.

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
New Notification Requirements for Data Breaches By Stephen Crawford Apr 13, 2018 As of November 1, 2018, if your organization suffers a data breach, new reporting requirements will be in place that may require you to notify consumers and the Privacy Commissioner of the breach – or else face a fine of up to $100,000.

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...