This webinar is Part 1 of a 2-part series on cybersecurity and nonprofits. In this webinar, Imran Ahmad of Miller Thomson, LLP provides an overview of cybersecurity and explains the cyber risks and legislation affecting nonprofits. Ahmad also explains how nonprofits can implement best practices from a pre-breach standpoint that go a long way to mitigate the negative consequences of a cyber-attack.
This webinar answers the following questions:
- What are the types of data at risk?
- What does the landscape of cyber threats look like?
- What are the key risks to nonprofits?
- What are the best practices to prevent a cyber threat?
- In the case of a breach, how do you contain the breach, preserve the evidence, and move forward?
Below is a summary of the webinar, the full recording, and the presentation slide deck.
Summary of the webinar
Introduction (0:00 - 4:47)
What is Cybersecurity?(4:48 - 6:17)
Provides an overview of cybersecurity and the types of cyber threats that nonprofit organizations are facing.
Types of information clients have (6:18 - 12:42)
Explains the various types of data that clients and organizations should be protecting. This includes customer information, the nonprofit's confidential and proprietary information, and personal information.
Common types of cyber threats (12:43 - 21:18)
Discusses the typical threats such as malware as well as the lesser known threats such as DDoS attack (Denial of Service Attacks). Lists the types of data breaches and statistics on cybercrime.
Recent cyber attacks in the news (21:19 - 24:51)
Provides Canadian examples of cyber attacks and the main types of cyber adversaries. Also discusses the questions arising from these data breaches.
Legal landscape (24:52 - 40:29)
Discusses the legal landscape in Canada (privacy requirements and cyber legislation), as well as the impact of American legislation and European (General Data Protection Regulation (GDPR)) legislation. Mentions recent developments in the Canadian landscape, including the Minister of Public Safety’s launch of a public consultation in August 2016 and the Digital Privacy Act most recently.
Best practices before, during, and after the breach (40:30 - 53:27)
Examines the trends in governance structures in how they engage with cyber risks and how risk is managed within the organization's highest levels. Surveys the best practices of cyber risks. In the pre-attack stages, this ranges from reviewing the type of data you have, how you store it, and where you store it, as well as training staff in cybersecurity and purchasing cyber insurance.
Question and answer period (53:28 - 57:50)