This webinar is Part 2 of a two part series on cybersecurity and nonprofits. In this webinar, Imran Ahmad of Miller Thomson, LLP provides an overview of how to create your own cybersecurity plan and implement best practices. Ahmad also explains the upcoming mandatory breach notification requirements in case of a breach.
This webinar answers the following questions:
- What are the best practices a nonprofit should implement to prepare for a breach?
- What are the risks to consider when working with third party vendors?
- How does the Digital Privacy Act affect your nonprofit?
Below is a summary of the webinar, the full recording, and the presentation slide deck.
Summary of the Webinar
Introduction (0:00 - 2:18)
Summarizes Part 1 and presents agenda for Part 2
Best Practices Pre-attack (2:19 - 4:40)
Provides an overview of the steps typically implemented before a cyber incident occurs.
Know Where You Stand (4:41 - 9:10)
Examines how to assess your risk profile by reviewing the following: the type of data you hold, where you hold it, and how it is kept. This includes the three key phases of data mapping, data classification, and periodic revisions.
Data Map (9:11 - 15:20)
Provides key questions you should ask when constructing a data map.
Supply Chain Risk Management (15:21 - 20:19)
Provides four broad categories of contractual clauses you should have in place when dealing with a third party vendor who has access to your data and intellectual property.
Cyber Incident Response Plan (20:20 - 29:29)
Outlines steps on how to develop a plan and key factors to include in a response plan.
Cyber Insurance (29:30 - 34:18)
Examines the coverage types (including First Party Coverage and Third Party Coverage) and items that would be useful to organizations in case of a cyber attack.
Breach Notification and Reporting (34:19 - 38:52)
Defines breach notification and outlines breach safeguards. Also references breach notification laws in the United States in comparison with Canadian laws.
Reporting Requirements and Record Keeping (38:53 - 41:46)
Checklist of key elements that must go into a ‘Report to Commissioner’ when you notify individuals. Also includes a Sample Notice.
Questions and answers period (41:47 - 56:45)