Historically, the field of cybersecurity has been largely unregulated, with little to no requirements needed to be met by corporations. Recently, health centers, municipalities, universities, and other Canadian businesses and organizations have been targeted by electronic espionage and ransomware. In many instances, the attacks go unreported because the corporations fear their reputation may be damaged if word spreads that their existing security was incompetent. Often corporations decide it is in their best interest to pay the ransom fee in order to dismiss the problem, rather than to reach out for external assistance. Recently, the Government of Canada has introduced a new Canadian cybersecurity bill forcing corporations to prioritize mandatory reporting of cyber attacks and the meeting of new security standards.
After growing cyberattack concerns, Marco Mendicino, the Minister of Public Safety, announced on June 14th 2022 that initiatives are being undertaken to ensure Canada’s cybersecurity is strengthened. The initiatives referred to come in the form of Bill C-26. This bill amends the Telecommunications Act to add security as a policy objective. It provides the government with the authority to mandate necessary actions to secure Canada’s telecommunication system. Currently, ensuring corporations better prepare, prevent, and respond to cyber threats is the main focus of this legislature. This includes prohibiting Canadian corporations from using products and services from suppliers which exhibit poor integrity. Furthermore, it will now be mandatory for corporations to report cyber attacks to the government, regardless of how well-prepared the corporation was for the attack. Audits will be conducted under the authority of this bill, allowing regulators to verify whether or not security standards are being upheld. Penalties ranging from $1 million to $15 million can be warranted for failure to comply with industry standards. Summary convictions or convictions on indictment for non-compliance also may face those who try to avoid the government’s criteria.
The bill has yet to pass into law however, as it remains tabled. Currently, the first reading has been completed and now the bill resides at the second reading in the house of commons before continuing its journey. You can check the status of the bill by visiting the Parliament of Canada’s website.
What This Means Moving Forward
It looks promising that the bill will soon take the necessary steps to become a law. Even if it falls short, the takeaway here is that the Canadian Government is making serious advancements towards ensuring a high degree of cybersecurity in a variety of industries. It will soon be the case that a high level of cybersecurity will be not only expected, but required. Corporations should take the time before this occurs to plan ahead, and develop strategies to ensure their own security. Failure to do so may result in harsh repercussions, not only because of the vulnerability to cyber criminals, but also through disciplinary actions taken by the government to address ignorance.
It is now in the best interest of corporations to prioritize service providers which specialize in maintaining a high quality of security and integrity. Although this may mean shifting the focus away from cost savings, the Canadian Government is now incentivising corporations to finance security through implementing penalties for being rash in this area. Making the decision to cheap out on an unsecure product or service could actually end up costing the corporation more money than the more expensive, secure, option because of the cost of the repercussions they could be subject to face. Once again these repercussions could be the government’s disciplinary penalties, the corporation’s exploitation by a cyber criminal, or both.
Many companies already choose Server Cloud Canada as their infrastructure provider. Due to the recent movements in the cybersecurity space, now more than ever, businesses and organizations should consider turning to the security and support that Server Cloud Canada has to offer. Considering the Government of Canada is mandating that corporations prioritize cybersecurity it makes sense to work with the security professionals sooner rather than later. Here are some of the security and privacy law compliance features that Server Cloud Canada has to offer: