Cybersecurity threats are becoming more common across all industries and businesses of every size. As more business activities are conducted online, the risk of a cyber attack or breach keeps rising. At this point, getting attacked is likely a question of when, not if for most firms.
That’s why understanding your responsibilities, knowing what information you possess, and preparing for potential breaches is critical to protect yourself and your clients.
Sometimes, all it takes is one click on a wrong link or opening a compromised PDF document to expose your clients’ data. And even companies with strong defences can be caught off guard. Therefore, everyone at your office must be alert and aware all the time.
Why cybersecurity matters
Cybersecurity is much more than an IT issue. In fact, a breach can damage your reputation and erode your clients’ trust in your ability to protect them. Showing that you understand the risks and that you’ve taken steps to reduce them is absolutely essential with increasing global connectivity.
Where do I start?
A good first step is to map out the client information you collect and store. This includes borrower and lender records, identification documents, financial details, and communication logs. Once you know what you have, you can determine what protections are required under the Personal Information Protection and Electronic Documents Act (PIPEDA).
From there, you should review your systems, identify gaps, and install stronger safeguards and have response plans in place. Having a clear playbook makes the situation easier to manage in case of a breach.
Be sure to also update your policies and train your staff regularly.
Resources
If you’re not sure where to start, be sure to consult existing guidance that’s here to support you. The Mortgage Broker Regulators’ Council of Canada’s Principles for Cybersecurity Preparedness and FSRA’s IT risk management guidance outline practical steps you can take.
FSRA also provides an online IT Incident Reporting tool, which you must use to report sector IT risk incidents.