Strengthening data protection practices through educationJanuary 26, 2021
Data Privacy Day is an international effort held annually on Jan. 28. The purpose is to create awareness about the importance of privacy and protecting personal information and encourages dialogue for organizations about which best practices should be implemented.
The COVID-19 pandemic has brought about many changes for the Canadian sport sector including a shift to remote work and working from home. Unfortunately, this digital response to the COVID-19 crisis has also created new security vulnerabilities. Many sectors are seeing an increase in cybercrime and cyber attacks, not only in frequency but in size, sophistication, and cost to victims. A recent survey of Canadian organizations found an increase in both cyberattack volume and breaches during the past 12 months in Canada. It is a mistake to think that hackers are only interested in the large databases of big companies – work-from-home systems can be ripe targets for cyber criminals simply because they are often much easier to infiltrate.
As modern society leans into an era of revolutionary technological advancement, awareness of the inherent risk of our devices and networks falls short. A lack of understanding around online tools, apps, and technology could lead to catastrophic results for your teams, organization, and public reputation. During a cyber attack, all types of data – employees’ personal information, corporate data, customer information, intellectual property, and key infrastructure – are at risk.
Human error is the leading cause of data and security breaches. For cyber criminals, people are the most exploited vulnerability or “vector of compromise.” A 2019 study by the UK’s Information Commissioner’s Office revealed that human error caused 90% of data breaches. These come from weak password management; using old, non-updated software; careless handling of data; and, as previously mentioned, lack of knowledge in the cyber security field.
So how can sport organizations take a proactive approach to mitigating their data risks before the unthinkable occurs? The answer is building a culture of security centered around digital security awareness training.
How to protect your data
Security awareness training is a fundamental step in the process of modernizing your organization and better enabling it to deal with cyber threats. However, despite its growing importance, keeping employees engaged in these programs remains a major challenge for management teams. To encourage developing a “security-first” culture amongst staff:
- Make data security a priority for everyone, from staff to volunteers.
- Develop policies and training opportunities to educate your team about the best practices to minimize data-related risk.
- Ensure staff have a clear understanding of what actions to take in the event your organization’s data is compromised.
Choosing to invest in a security awareness training program will yield immediate benefits for your organization. These benefits include strengthening organizational resilience against cyber threat risks, developing a “security-first” culture amongst staff, generating buy-in towards greater data security initiatives, and reducing the odds of human error – all contributing factors to mitigating the modern cyber risk.
Read about Ringette Canada’s experience with a ransomware attack, and their management tips if your computer network is compromised.
About the Author(s)
George Y. Al Koura is the Director of Advanced Cyber, Intelligence and Security at ADGA Group Inc., an organization delivering strategic consulting and expertise in service delivery of advanced technology solutions for clients in the Defence, Security, and Enterprise Computing markets across Canada. A lifelong competitive athlete, George is a former OUA football and rugby player, and a former provincial boxing champion. He currently competes in multiple combat sport disciplines, from Muay Thai to Brazilian Jiu-Jitsu.