by Brian Mills
October 28, 2016
To all entities regulated by the Financial Services Commission of Ontario (FSCO)
Over the past few years, a growing number of cyber security breaches in the financial services sector have resulted in the theft of consumers’ identities, assets and confidential information. Increased reliance on information technology, coupled with new types of products and services, has made proprietary data and consumers’ personal information more vulnerable to such attacks. Although many attacks have targeted larger, high-profile companies, all licensed businesses and individuals should be prepared for such events, regardless of their size or complexity.
Given that October is Cyber Security Awareness Month, it is a good time to remind all FSCO-regulated sectors that you have a responsibility to protect information and provide a safe online environment for consumers. This includes implementing policies and processes that not only help to prevent cyber crime, but include important steps to take if a cyber attack takes place.
What is a cyber attack?
A cyber attack is an attempt by an individual or group to obtain unauthorized access to a computer network or system. It may be executed for financial gain, to obtain data, or to damage the reputation of an individual or entity.
What should I do to prevent a cyber attack?
Policies and practices should be in accordance with applicable legislation, and relative to the nature, size and complexity of your business. Cyber security prevention procedures and practices should be reviewed regularly to ensure they remain relevant and effective.
FSCO also recommends consulting a professional technical service provider for advice on implementing cyber security measures into your daily business activities.
Additional resources
It is important to consider best practices when implementing policies and procedures. Some helpful resources include:
- Office of the Privacy Commissioner of Canada – Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities;
- G7 – G7 Fundamental Elements of Cybersecurity in the Financial Sector;
- Office of the Superintendent of Financial Services (OSFI) – Cyber Security Self-Assessment Guidance;
- Autorité des marchés financiers (AMF) – Publication of IOSCO Report on Cyber Security;
- International Association of Insurance Supervisors (IAIS) – Issues Paper on Cyber Risk to the Insurance Sector; and
- Canadian Securities Administrators – CSA Staff Notice 11-326 Cyber Security.
Cyber security is an area of growing importance, and those responsible for cyber security breaches have become increasingly sophisticated in their attempts to access information and cause disruption. That is why we all have a responsibility to work together to protect consumers.
Brian Mills is Chief Executive Officer and Superintendent of Financial Services (Interim)