Data breaches are big business for cybercriminals. Organizations collect a wide range of personal data on their employees and customers – data that is of great interest to hackers. A survey conducted by Statistics Canada found that about half the cybersecurity incidents reported by companies in 2017 involved perpetrators attempting to access unauthorized or privileged areas or attempts to steal personal or financial information.1
Cybercriminals are searching for personal information – such as names, passwords, social security numbers, emails, addresses, account numbers, IP addresses and more – that can be used then be sold on the dark web and/or used to gain access to other sites, such as financial or e-commerce sites.
Siva Ram, HSBC’s Head of Business Security and Fraud, Global Liquidity and Cash Management suggests the following approaches to minimize the risk of a data breach:
As an individual, you can also take steps to protect yourself from the consequences of a potential data breach. At the very least:
All businesses are required by the Personal Information Protection and Electronic Documents Act (PIPEDA) to safeguard personal data in their possession and alert their customers and the office of the Privacy Commissioner of Canada if there has been a breach. Penalties for failing to follow the law include fines of up to $100,000 per violation.
If your business operates internationally, you’ll also need to stay abreast of applicable foreign regulations. For example, if you do business in the European Union, you must comply with the General Data Protection Regulation (GDPR) and its rules for how organizations can collect, use and store personal data – including data held offsite or with vendors. Failure to comply can result in high financial penalties.
While legislation is one way of forcing companies to protect personal data, the cost – both financial and reputational – of a major data breach is often far higher than any penalty.
A global study of 10,000 consumers found that 70 per cent of respondents would no longer do business with a company if their data had been breached and 93 per cent would consider taking legal action.1
Protecting against data breaches is a shared responsibility. Individual error – such as falling prey to increasingly sophisticated phishing attempts – still remains one of the top reasons for a breach. Make education a priority within your organization so that all employees maintain a healthy vigilance when it comes to cybersecurity and know how to recognize text and phone scams, phishing and business email compromise scams.
The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice. Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract.
Issued by HSBC Bank Canada (“HSBC”) © Copyright HSBC Bank Canada 2019. ALL RIGHTS RESERVED.