When the Canadian Federal Government recently tabled its budget, many were intrigued by the $500M line item dedicated to cybersecurity. There had been rumblings about an even larger amount prior to the official budget, and many had been speculating about what this money would be earmarked for.
We now have a clearer picture.
As outlined in the budget, the government will spend half a billion dollars over the next five years to battle cybercrime, aimed at strengthening the country’s otherwise antiquated digital security strategy. This includes computer systems, improving government collaboration on cybercrime, which were previously described as “disconnected strands,” and establishing an expert centre for digital security over the government’s operational cyber expertise. This $155.2M over five years will be provided to create a Canadian Centre for Cyber Security.
The budget announcement brought the cybersecurity discussion into the public realm, but for companies and enterprises this shouldn’t be a new topic. We’ve been stressing the importance of a coherent, collective, well-communicated company-wide information security strategy for a long time. With recent public examples of hacking and tampering (WannaCry, Uber, and others,) increased security measures are wise and there are some basic practices that can be easily replicated in every sector.
It’s important for the conversation on data, app, and information security be part of an ongoing discussion between IT and employees. As we’ve seen, it’s not an issue that companies can establish and then neglect. In a recent nationwide Citrix survey, The Citrix Cloud and Security Survey, many Canadians are confused about who is ultimately responsible for security over the apps, data and devices they access daily as part of their work. Forty per cent of employees believe that “as an employee” they bear zero responsibility for securing information. This high figure points to the need for a more comprehensive security strategy to reinforce that security is the business of everyone and not just the employer or IT department.
Companies can work to mitigate risks in the following ways:
- Fostering a firm corporate culture around security: updating policies and procedures, implementing an overall risk strategy to account for mobile devices and remote access, and having a process for managing the use and security of employee-owned devices.
- Equipping employees with security training and education, highlighting the human factor to ensure security protocols are followed and avoiding threats such as phishing or malware.
- Implementing secure technology that limits opportunities for breaches from the outset and allows for quick resolutions.
The federal government’s budget announcement raises a good reminder to all companies that a comprehensive security strategy must be in place. It is not the first nor should it be the last time we discuss this topic. Educating and re-educating staff at every level is imperative to any sound security strategy. As hacking and breaches become more sophisticated and as technology continues to rapidly advance, companies must consistently reassess their security strategy. Citrix will continue to emphasize security measures as part of our core offering, ensuring every industry understands the importance of these policies.