Succeed in your Microsoft 365 journey

Law 25 and cybersecurity: are you ready?

La Loi 25 et la cybersécurité : êtes-vous prêt

If your organization stores sensitive personal data such as credit card numbers, social insurance numbers, or other confidential information about your customers or partners, you are covered by Bill 25. Indeed, from September 22, in Quebec, all companies storing sensitive data will have to apply the directives of Law 25. If your company has done everything necessary to comply with the new requirements, has it put in place all the necessary cybersecurity protections to ensure that no intruder can come and steal this precious data? 

Through this article, let’s see together why and how it is important to strengthen your security posture against cyberattacks, before the next one occurs! 

The consequences of a cyberattack  

There are several types of cyberattacks: cybercrime (ransomware, phishing, etc.), destabilization (denial of service attack, or disfiguration, etc.), espionage (water point attack, targeted phishing), and finally sabotage. (cmentreprise.fr) 

Even if the techniques are varied, the consequences remain the same for an organization victim of a cyberattack: heavy financial and legal consequences, but also a negative impact on the public image. 

As proof, it is estimated that following a cyberattack involving a massive loss of data, 80% of companies go bankrupt within the following twelve months! (Hiscox Insurance, 2021) 

Indeed, when a cyberattack occurs, in addition to the direct costs of the cyberattack, it will be necessary to take into account the time spent to restore the computer network, and the loss of turnover that will result. 

In addition, once the case is made public (which is provided for by Law 25), there is a good chance that your company will lose trust and credibility in the eyes of public opinion. This is what happened during the data leak of 2.9 million Desjardins members in 2019 (L’actualité, 2019). 

Fortunately, there are ways to minimize the risk of this happening to you. The goal is to strengthen your security barriers to entry (for external threats), but also to control access to data internally (for internal threats). Let’s take a look at the different options available to you. 

How to protect yourself from a cyberattack 

To protect yourself against a cyberattack, prevention will be much less costly and laborious than remediation. 

To do this, we advise you to be accompanied by cybersecurity professionals to help you strengthen your security posture by setting up adequate systems. 

At MS Solutions, we have identified 6 major steps for optimal cybersecurity. 

  •  Prevention, through active monitoring, recurring scans and intrusion tests; 
  •  Preparation by anticipating risk through appropriate insurance coverage and a recovery plan following an incident; 
  •  Optimization by adopting tools for management, detection and active response to cybersecurity incidents. 

These 6 steps can be addressed independently depending on your progress in this process. For more details, do not hesitate to download our white paper: The 6 main steps for optimal cybersecurity.

In short

As we have seen through this article, “data privacy” and “cybersecurity practices” go hand in hand. Make your cybersecurity your priority to ensure your organization is ready the day you face a cyberattack. Even if zero risk does not exist, the more you anticipate the risk by approaching it from different angles, the more chances you will put on your side to avoid the worst. 

Do you want to improve your security posture and would you like to be accompanied? Do not hesitate to contact our team for more information. Our experts will be able to support you in your process towards optimal cybersecurity. 

Share article:

This might interest you...

Subscribe to our newsletter

Soyez informé des prochains webinaires, des nouveaux services et des contenus d’intérêt.

Follow us