Real estate agencies and mortgage firms may be leaving themselves exposed to cyber attacks by not taking some simple steps.
A new report from the Canadian Internet Registration Authority says that 71% of more than 500 individuals with responsibility for IT security decisions across multiple Canadian business sectors said their organization had been impacted by at least once cyber incident last year.
The impact includes time and resources, out of pocket expenses, and even paying ransoms.
“Now more than ever, Canadians need trust in the internet. We believe that security is the foundation of that trust which is why we have leveraged our experience safeguarding the .CA domain to help Canadian organizations protect themselves and their users,” said Byron Holland, president and CEO, CIRA, which is running its Cybersecurity Awareness Month throughout October.
The report found that 96% of respondents said that cybersecurity awareness training was at least somewhat effective in reducing incidents, but only 22% conducted the training monthly or better; and just 41% of respondents have mandatory cybersecurity awareness training for all employees.
Many of the respondents (43%) were unaware of their responsibilities regarding reporting of cyber incidents as part of PIPEDA.
Of those businesses that were subject to a data breach, only 58% reported it to a regulatory body; 48% to their customers; 40% to their management and 21% to their board of directors.
“While technical solutions are important, the best layer of security for any organization are cyber-aware employees,” said Jacques Latour, chief security officer, CIRA. “We are happy to see more organizations embracing cybersecurity awareness training as a critical element of their defense. However, there is more work to be done to ensure the quality and rigor of the training offered keeps pace with the ever-changing world of cybersecurity.”