October is Cyber Security Awareness Month (CSAM).
CSAM is an internationally recognized campaign to help the public learn more about the importance of cyber security.
Over the last couple of years construction companies all over the world, including Bird Construction here in Canada, have been the target of ransomware attacks. Ransomware attacks use malware that encrypts an organization’s data so that it cannot be accessed.
Ransomware attacks may also involve the theft of data, resulting in a data breach. A data breach is particularly critical when it involves the theft of confidential business or personally identifiable information.
In Canada, the law requires that organizations report any data breaches involving personal information if it is reasonable to believe that the data breach creates a real risk of significant harm to an individual. In previous articles we have discussed tools that can help mitigate the risks and more quickly identify the seriousness of any successful data breach.
The first tool is the records retention policy. A policy that limits the duration and types of records that contain personal and confidential business information that is retained by the organization will mitigate the risks associated with a data breach. If records containing such information are routinely deleted by an organization, they will not be vulnerable to theft.
The second tool is a data map. An up-to-date, or recent, data map can assist the organization in assessing what sort of information may have been stolen.
For example, knowing that the server that was breached contains payroll or other employee records will be critical to assessing reporting requirements. Conversely, knowing that the server that was breached contains no personal information or confidential business records, for example press releases or marketing materials, significantly reduces the likelihood of having to report the data breach.
Regardless of what data is thought to have been compromised because of a data breach, it is necessary to undertake an investigation to confirm.
Once the records that were stolen have been identified, eDiscovery review technology can assist in assessing the information contained within the records.
Today’s eDiscovery technology recognizes standard data patterns (regular expressions) that are typically associated with personally identifiable information such as social insurance numbers, bank accounts, credit card numbers, etc.
Skilled use of regular expressions and other advanced search methods can make the investigation process less time consuming, less expensive and more accurate than putting eyes on each individual record.
While a robust document retention policy and an up-to-date data map will not prevent a data breach, they can assist your organization in mitigating the risks associated with such breaches.
T. James Cass is manager, review services and senior counsel at Heuristica Discovery Counsel LLP. Heuristica has offices in Toronto and Calgary and is the sole national law firm whose practice is limited to eDiscovery and electronic evidence.